Effective: January 8, 2026
Welcome to Ryze and all services offered through our website or mobile application (the “Platform”), owned and operated by Ryze Money Inc. (together with all corporate parents, subsidiaries, and affiliates, “Ryze,” “we,” “our,” or “us”). Ryze respects the privacy of our Platform users, customers, employees, and business partners. This Privacy Policy ("Privacy Policy") describes our policies and procedures for collecting and processing personal information associated with a specific person (“Personal Data”) as well as information that, cannot, on its own, be directly linked to a specific person or entity.
Your personal privacy is important to us. In furtherance of our commitment to this Privacy Policy, our Privacy Program has focused on compliance with applicable privacy laws including but not limited to the California Consumer Privacy Act as amended ("CCPA"), the Illinois Biometric Information Privacy Act (“BIPA”), the Gramm-Leach-Bliley Act (“GLBA”), and the California Financial Information Privacy Act (“CFIPA”).
By using or accessing our Platform or the services offered through the Platform (the “Services”), you agree to this Privacy Policy. If you do not agree, please do not access our Platform or use our Services. This Privacy Policy is subject to our Terms of Use and is an integral part of the same.
Ryze collects a range of Personal Data from and about Platform users, customers, and business partners such as name, address, email, phone number, government-issued identifier (e.g., Social Security Number (“SSN”), tax ID number, driver’s license, or other government ID), date of birth, income, occupation, employment status, username, password, preferences, feedback, and survey responses. With your consent, we may also obtain financial information, including information from your bank(s), including but not limited to details regarding your checking account(s), savings account(s), balances, transactions, loans, cash flows, ACH/routing numbers, and bank identification numbers. With your consent, we may collect credit report information, such as your credit score, credit history, and other information that we receive from credit reporting agencies. In addition, we may collect payment information (debit card, credit card or other payment details), device and browsing data (cookies, IP addresses, geolocation information, device information, in-Platform activity, or session data), and biometric and mobile data (including images obtained from your camera, microphone, photo library, contacts, biometric authentication, or device advertising IDs (IDFA/GAID)). We also maintain digital communication logs that track information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
Much of the Personal Data collected by Ryze about users is information provided by users themselves. Personal Data is also collected in connection with your visit to this Platform or your use of the Services. We also obtain Personal Data about you from our affiliates, business partners, and service providers, based on information that has already been shared with or made available to them. For example, during onboarding our identity-verification provider may supply prefilled identity information about you, such as your name, email address, residential address, and SSN; and we receive linked external-account data from open banking providers, credit report information from consumer reporting agencies, and marketing, attribution, and analytics data from our analytics and attribution partners.
Further, our online service providers or business partners may implement technologies that allow for the collection of Personal Data over time and across Platforms. We recommend that you review each privacy policy posted on the Platforms that you visit to better understand privacy practices on those Platforms.
We also collect certain Personal Data before you create an account. This includes information you provide on our landing pages or during prequalification, information from incomplete or abandoned applications, and web analytics and marketing attribution data associated with your visit. If your application is declined or you do not complete identity verification, we retain the information collected in connection with your application for the periods required by applicable law (Please refer to the Section on Data Retention below).
If you choose to use features of our Services that involve biometric identifiers or biometric information (collectively, “Biometric Data”)—such as facial recognition, fingerprint authentication, or voice recognition—we will collect and process this information solely for the purposes of verifying your identity, enhancing account security, or enabling specific product features.
Before collecting Biometric Data, we will provide you with written notice and obtain your explicit written consent, as required under the BIPA and other applicable laws. You may decline to provide Biometric Data, though certain features of the Services may not be available without it.
Biometric Data will not be sold, leased, traded, or otherwise profited from. We will not disclose Biometric Data to third parties unless required to provide the Services, with your consent, or as required by law.
We will retain Biometric Data only until the initial purpose for collecting it has been satisfied or within five (5) years of your last interaction with the Services, whichever occurs first. Thereafter, Biometric Data will be permanently destroyed.
Ryze processes your Personal Data to ensure the efficiency and effectiveness of our business relationships, commercial transactions, and marketing practices. Processing will always be based on legitimate grounds or your consent. Specifically, we use your Personal Data to:
We use automated systems, including artificial intelligence (“AI”) and machine learning technologies, to help us deliver and improve our Services. These systems may:
These processes enable us to provide faster and more consistent decisions, enhance user experience, and tailor the Services to your needs. Human review of automated decisions is generally not available, unless required by applicable law. Where such rights apply, you may request an explanation of the logic involved in the decision-making process and, if applicable, request human intervention.
Ryze collects information that web browsers make available, depending on their settings. That information includes (a) "cookies" and similar technologies, including software development kits (SDKs), local storage, pixels, tags, device identifiers, and other technologies used by websites and mobile applications to recognize devices, remember preferences, analyze usage, and support functionality; (b) the user's Internet Protocol ("IP") address and Media Access Control ("MAC") address, mobile advertising identifiers, device identifiers, which may be considered Personal Data in certain countries or regions, including the European Union (“EU”); (c) the number of times a user visits the Platform, the pages or screens accessed, and the operating system used; and (d) browser type, device type, screen resolution, mobile device model, operating system version, application version, language settings, and the web pages the user views immediately before, during, and immediately after a visit to the Platform.
Ryze and its service providers use current industry methods, including cookies and tracking technology ("clear gifs", "pixels", "web beacons", "log files", etc.), to enable it to track unique visitors and pages that a user visits during each Platform session, both to help improve users' experiences and to help Ryze understand how the Platform is being used. For example, cookies are tags sent to reside on the visitor's computer or mobile devices, to enhance a visitor's experience at our Platform, to allow repeat visitors to be served more quickly and efficiently, or to tell us where our visitors go and how our visitors use our Platform and related Platforms. Ryze uses cookies to obtain Personal Data about a user that was not previously provided.
We analyze Personal Data gathered from users of the Platform to help us better understand how the Platform is being used. By identifying patterns and trends in usage, Ryze is able to better design the Platform to improve users' experiences, both in terms of content and ease of use. From time to time, Ryze may also release the Non–Personal Data gathered from Platform users in the aggregate, such as by publishing a report on trends in the usage of the Platform.
Pulse Credit Monitoring: By enrolling in Pulse, you authorize Ryze and its service providers (including TransUnion) to obtain your credit score and credit report information on a recurring basis under the Fair Credit Reporting Act (“FCRA”). You may review the Terms of Use and applicable Product Terms to understand your rights under FCRA. All Pulse inquiries are soft inquiries and will not affect your credit score. Pulse data is not used for underwriting decisions on other Ryze products without your separate authorization. Ryze is not a consumer reporting agency and is not a credit repair organization.
Booster Card: When you apply for the Booster Card, Ryze uses your bank account data (via Plaid) for cashflow-based underwriting. No traditional credit report is pulled. ACH repayment data is retained for account management, credit reporting, and fraud prevention. Your Booster Card account information, including account status (current or delinquent, with days past due), credit limit, highest amount of credit utilized, account type, and portfolio type is furnished to TransUnion, Experian, and Equifax monthly by our technology service provider on behalf of First National Bank of Lacon (FNBL), our banking partner. If your account is closed, account history may continue to be furnished to the credit bureaus in accordance with the FCRA.
Vault Checking Account: Your Vault Account is a demand deposit account held at FNBL. Account information is processed by FNBL and our affiliates, including Zeta, our technology service provider. Card transactions are processed through Tabapay, and ACH and real-time payments are processed through The Clearing House (TCH). ATM transactions are processed by Mastercard, Shazam, and Allpoint. Data is maintained to support FNBL's FDIC deposit insurance determination obligations. When you send money to another person through the Platform, we collect the recipient information you provide (such as the recipient's name and contact details) to process the transfer. Recipients may be required to register for a Ryze account to claim funds, and this Privacy Policy applies to the information they provide when they do. If you provide us with Personal Data about another person (such as a transfer recipient), you represent that you have that person's authority to share it with us for the purposes described in this Privacy Policy.
Ryze discloses Personal Data as described in this Privacy Policy. We do not sell or rent your Personal Data for third parties’ independent marketing purposes. We may, however, share your information in the following circumstances:
Open Banking Aggregators: With your consent, we share information with open banking service providers (e.g., Plaid) to retrieve your financial account data. You agree to provide consents required under applicable law to enable Plaid to process End User data in accordance with Plaid’s privacy policy (currently available at https://plaid.com/legal/#end-user-privacy-policy).
You have choices regarding how your Personal Data is used and shared.
Data Requests: You may request access to, correction of, or deletion of your Personal Data through an in-app request or by emailing our support team at support@ryze.com.
We take the protection of your Personal Data seriously and use industry-standard safeguards to help ensure its confidentiality, integrity, and availability. These measures include:
While we strive to use commercially reasonable safeguards, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You should take all precautions to safeguard your passwords and any account information that you may have or provide and to employ current virus-scanning or firewall software and other security safeguards. You should also log out of your account and close your browser window.
Your Personal Data is stored in the United States, on cloud infrastructure located in U.S. regions. To the extent any of our affiliates or service providers access Personal Data from outside the United States in connection with providing the Services, we rely on contractual safeguards or equivalent protections in connection with that access.
We retain Personal Data for as long as necessary to fulfill the business purposes for which it was collected, including providing our Services, meeting our contractual obligations, complying with legal and regulatory requirements, resolving disputes, and enforcing our agreements. Set out below is the period for which we retain your Personal Data. Where multiple retention requirements apply, we retain information for the longest applicable period. At the end of the applicable retention period, we securely delete or de-identify your Personal Data in accordance with applicable law.
Users may request deletion of certain data elements—such as linked financial accounts or marketing communication preferences — either through the Platform or by contacting our support team. We will honor such requests in accordance with applicable law and subject to necessary verification requirements.
We comply with all applicable data retention and destruction laws and ensure that Personal Data is not kept longer than necessary for the purposes described in this Privacy Policy. We will store and maintain data in a manner consistent with the record retention requirements of applicable law.
Our Platform includes links to other websites whose privacy practices may differ from those of Ryze. We have no control over such third party links present on the Platform, which are provided by persons or companies other than us. You acknowledge and agree that we are not responsible for any collection or disclosure of your information by any external sites, applications, companies or persons thereof. The presence of any third party links on our Platform, cannot be construed as a recommendation, endorsement or solicitation for the same, or any other material on or available via such links.
If you submit personal information to any of those websites, their privacy policies govern your information. We encourage you to carefully read the privacy policies of any website you visit.
You further acknowledge and agree that we are not liable for any loss or damage which may be incurred by you as a result of the collection and/or disclosure of your information via such third party links, as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products services, or other materials on, or available via such third party link. This will include all transactions, and information transmitted therein, between you and any such third party sites or applications or resources, such transactions are strictly bi-partite. We shall not be liable for any disputes arising from or in connection with such transactions between you and the aforementioned third parties.
Shine the Light Act: Ryze does not sell, rent, or lease your Personal Information (as defined below). We do not disclose your Personal Information to third parties for their direct marketing purposes.
To the extent Ryze is subject to the California Financial Information Privacy Act ("CFIPA"), California residents receive the privacy protections described below. CFIPA gives California residents financial privacy protections that are in addition to, and in certain respects more protective than, those under the GLBA, and it applies to the nonpublic personal information (“NPI”) we collect about you in connection with the Services.
Sharing with nonaffiliated third parties. Except as permitted by CFIPA, we will not disclose your NPI to nonaffiliated third parties without your affirmative consent (opt-in). CFIPA permits a number of disclosures without your consent, including disclosures that are necessary to effect, administer, or enforce a transaction you request or authorize; to process or service a financial product or service you request; to our service providers and vendors that perform services for us under contractual confidentiality obligations; pursuant to a written joint marketing agreement with another financial institution; to consumer reporting agencies as permitted by the FCRA; to protect against or prevent fraud or unauthorized transactions; and as otherwise required or specifically permitted by law. Where applicable, disclosures described in the 'Disclosing Your Personal Data' section above are made in reliance on one or more of these CFIPA exceptions.
Sharing with affiliates. Where required by CFIPA, you may direct us not to share your NPI with our affiliates for their own marketing purposes. Certain sharing among affiliates is permitted under CFIPA or governed by the FCRA, which preempts certain state-law restrictions on affiliate information sharing.
Your choices. Where applicable, California residents may provide or withhold consent to our sharing of NPI with nonaffiliated third parties and exercise any applicable rights regarding affiliate sharing by contacting us at legal@ryze.money or through the in-app request process. These rights are in addition to any other privacy rights described in this Privacy Policy and any separate privacy notices provided by FNBL with respect to financial products or accounts offered by FNBL.
If you are a Consumer (as defined below) residing in California, Maryland, Nebraska, or Texas, the following provisions may apply to our processing of information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information") subject to the CCPA, the Maryland Online Data Privacy Act, the Nebraska Data Privacy Act, or the Texas Data Privacy and Security Act (collectively the "Privacy Laws").
For Consumers, the provisions of this section prevail over any conflicting provisions of this Privacy Policy. We adopt this section of our Privacy Policy to comply with the Privacy Laws and any terms defined in the Privacy Laws have the meaning set forth in the law of your state of residence when used in this section.
Important exemptions: Much of the information we collect and process is subject to federal financial privacy laws, including the GLBA and the FCRA. Personal Information collected, processed, or disclosed subject to the GLBA or the FCRA is generally exempt from the Privacy Laws, and the rights described in this section may not apply to that information. The rights in this section apply to Personal Information we process outside the scope of those federal laws (for example, information collected through our marketing websites).
Verified California, Maryland, Nebraska, and Texas residents have the following rights:
Information Access Rights:
Information Correction Rights:
Opt Out Rights:
Deletion Rights:
We will not discriminate against you as a result of your exercise of any of these rights.
In order to make a request to exercise any of these rights, California, Maryland, Nebraska, and Texas Consumers may make a request online on the Platform. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected Personal Information) and will use the information you submit only for that purpose. If you do not have a registered account with us, we may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm that the Personal Information relates to you. We will acknowledge receipt of your request within 10 (ten) days and will endeavor to respond within 45 (forty-five) days of receipt of your request, but if we require more time (up to an additional 45 (forty-five) days) we will notify you of our need for additional time.
For requests for a copy of the Personal Information we have collected, we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
If you request that we delete your Personal Information, Privacy Laws permit us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations.
Do Not Profile: We may use solely automated processing performed on Personal Information to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements in order for us to make decisions resulting in the provision or denial of credit, including automated cashflow-based underwriting for certain Ryze products as described in this Privacy Policy. Where required by applicable law, you may opt out of such profiling, request an explanation of the decision, or request human review by contacting us at legal@ryze.money.
Sale of Information: Processing of Personal Information for analytics and advertising purposes is limited to interactions on our Platform only. We do not sell Personal Information of individuals whom we know or have reason to believe are California, Maryland, Nebraska, or Texas Consumers, whether for monetary or other valuable consideration. We may share a site visitor's online identifier information, which may constitute Personal Information of California, Maryland, Nebraska, or Texas Consumers, with third parties for advertising and analytics purposes. However, we use technology on our Platform to detect whether your browser originates from within the State of California, Maryland, Nebraska, or Texas. If your browser originates from the aforementioned states, we do not, by default, share your online identifier for these purposes. When visitors whose browsers originate from within California, Maryland, Nebraska, or Texas access our Platform, they are given a choice to allow us to share their online identifier for analytics and advertising purposes or to continue without such sharing. To continue in the default mode where we do not share your information for these purposes, you may select the "Do Not Sell or Share My Personal Information" option and we will place a "preference cookie" on your browser indicating that your online identifier should not be shared and that the choice message should not be displayed when you revisit our Platform. If you agree to the sharing of your online identifier for advertising and analytics purposes by selecting "Manage My Preferences" and opting in, we will place a "preference cookie" on your browser indicating that we are permitted to share your online identifier. Our Platform will remember your preference until you delete or clear the "preference cookie" from your device, in which case you may see the choice message again in the future. If your "preference cookie" is deleted or cleared, you will return to the default mode and your online identifier will not be shared until you opt in again. You may change this preference at any time by emailing support@ryze.com.
You may also opt out by activating user-enabled global privacy control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicates or signals your choice to opt-out of the sale and sharing of Personal Information. When we receive such a signal we will stop setting third party, analytics, or advertising partner cookies on your browser. This will prevent the sale or sharing of information relating to that specific device through cookies to our advertising or analytics partners. This option does not stop all sales or sharing of your information because we cannot match your device's identification or internet protocol address with your personally identifiable information like your name, phone number, email address or ZIP code. If you delete cookies on your browser, any prior do not sell or do not share signal is also deleted and you should make sure that your user-enabled setting is always activated.
Using an Authorized Agent. You may submit a request through someone holding a formal power of attorney. Otherwise, you may submit a request using an authorized agent only if: (1) you provide the authorized agent with written permission to make a request; and (2) you verify your own identity directly with us. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.
Appealing denied requests (Maryland, Nebraska, and Texas Consumers). If we have denied your Consumer request, you have the ability to file an appeal with us. To file an appeal with us, you must submit your request to legal@ryze.money.
We will respond to you in writing within 60 (sixty) days of any action taken or not taken in response to the appeal, including an explanation of the reasons for our decisions. If we deny your appeal, you can contact your state’s Attorney General at:
Office of Maryland Attorney General 200 St. Paul Place, Baltimore, MD 21202; (410) 528-8662; Maryland Attorney General - Consumer Protection Division (Online Portal).
Office of Nebraska Attorney General 2115 State Capitol, Lincoln, NE 68509; (402) 471-2682; Nebraska Attorney General – Consumer Protection Division (Online Portal).
Office of Texas Attorney General PO Box 12548, Austin, TX 78711-2548; Texas Attorney General - Consumer Protection Division (Online Portal).
California Privacy Protection Agency 400 R Street Suite 330, Sacramento, CA 95811; California Privacy Protection Agency - Online Portal for filing complaint.
During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and disclosed it for a business purpose to the listed categories of third parties. The categories of information include information we collect from our Platform visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.
| Category of information collected | Source | Business purposes* for collection/use | Categories of third parties receiving information for a business purpose |
|---|---|---|---|
| A. Identifiers. (name, alias, postal address, email address, phone number, fax number, account name, SSNs, driver's license number, passport number, unique personal identifier, online identifier, IP address) | Individuals submitting information to us; information we automatically collect from Platform visitors; information we may receive from third-party service providers, marketing and data partners. | Auditing relating to transactions; security detection, protection and enforcement; advertisement and marketing customization; performing Services for you; compliance with law; internal research and development; quality control. | Service providers (such as credit reporting agencies, open banking service providers, data hosting service providers, payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies; government regulators; law enforcement; strategically aligned businesses. |
| B. Personal information categories Protected under the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). (A name, signature, SSNs, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, bank account number, medical information. Some personal information included in this category may overlap with other categories) | Individuals submitting information; employment applications; employees. | Auditing relating to transactions; security detection, protection and enforcement; performing Services for you; compliance with law; advertisement and marketing customization; quality control. | Service providers (such as credit reporting agencies, open banking service providers, cloud storage service providers, payment processors, mail houses, marketing partners, shipping partners, employee benefits partners); affiliated companies; government regulators; law enforcement. |
| C. Protected anti-discrimination classification characteristics under California or federal law. (Age (40 years or older), race, color, ancestry, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), veteran or military status.) | Individuals submitting information; employees. | Auditing relating to transactions; performing Services for you; compliance with law; advertisement and marketing customization; internal research and development. | Service providers (such as employee benefits partners, cloud storage service providers); government regulators; law enforcement. |
| D. Commercial information. (Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.) | Individuals submitting information; information we automatically collect from site visitors; information we may receive from third-party marketing or data partners. | Auditing relating to transactions; advertisement and marketing customization; performing Services for you; compliance with law; internal research and development; quality control. | Service providers (such as cloud storage service providers, payment processors, mail houses, marketing partners, shipping partners); affiliated companies; law enforcement; strategically aligned businesses. |
| E. Biometric information. | Individuals submitting information. | Providing Services to you; security detection, protection and enforcement; compliance with law; quality control. | Service providers (such as credit reporting agencies, open banking service providers, cloud storage service providers, payment processors, mail houses, marketing partners, shipping partners). |
| F. Internet or other similar network activity. (Browsing history, search history, information on your interaction with company systems, Platforms, applications, etc.) | Information automatically collected from site visitors. | Auditing relating to transactions; security detection, protection and enforcement; compliance with law; functionality debugging/error repair; advertisement and marketing customization; internal research and development; quality control. | Service providers (such as cloud storage service providers, marketing partners); affiliated companies; strategically aligned businesses. |
| G. Geolocation. (Physical location or movements.) | Information we automatically collect from site visitors. | Auditing relating to transactions; security detection, protection and enforcement; performing Services for you; compliance with law; functionality debugging/error repair; advertisement and marketing customization. | Service providers (such as cloud storage service providers, marketing partners); law enforcement. |
| H. Sensory data. (Audio, electronic, visual, thermal, olfactory, or similar information.) | Individuals submitting information; information we collect for security purposes. | Security detection, protection and enforcement; performing Services for you; compliance with law; quality control. | Law enforcement. |
| I. Professional, educational or employment related information. (Current or past job history or performance evaluations.) | Information submitted by individuals; information received from third parties in connection with vendor or employment status or applications; information we observe in connection with vendor or employment oversight. | Performing Services for you; compliance with law; internal research and development; advertisement and marketing customization; quality control. | Service providers (such as payment processors, employee benefits partners); government regulators. |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Not Collected | Not Collected | Not provided |
| K. Sensitive Personal Information (SSNs, driver's license, state identification card, or passport number, account log-in in combination with any required security or access code, password, or credentials allowing access to an account.) | Information submitted by individuals; information received from third parties in connection with vendor or employment status or applications; information we observe in connection with vendor or employment oversight. | Identity verification; performing services for you; employment and benefits administration; vendor oversight; security detection, protection and enforcement; compliance with law. | Service providers (such as credit reporting agencies, open banking service providers, payroll or payment processors, employee benefits partners, auditors and other professional advisors); government regulators. |
| L. Inference from other personal information (Preferences, characteristics, behavior, attitudes, abilities, etc.) | Internal analytics. | Compliance with law; advertisement and marketing customization; internal research and development. | Service providers (such as marketing partners, shipping partners); affiliated companies; strategically aligned businesses. |
More specifically, the business purposes include:
1. Performing Services for you:
2. Advertising customization:
3. Auditing relating to transactions, internal research and development:
4. Security detection, protection and enforcement; functionality debugging, error repair:
5. Quality control.
Disclosing Personal Information To Third Parties: We may disclose certain categories of Personal Information to third parties (described above). Note that for purposes of the Privacy Laws, we only “share” information as that term is specifically defined in the Privacy Laws (including the CCPA) as described below. When we provide information to third parties, the type of, business model of, or processing conducted by each third party is consistent with the purposes for which we collect and use such information as permitted by law and as disclosed above or at the time we collect the information unless otherwise required by law. The following are permitted purposes under the Privacy Laws:
Processing Sensitive Personal Information: We collect limited sensitive personal information (described above). For the avoidance of doubt, the sensitive personal information we collect does not include any (1) data revealing racial or ethnic origin, religious beliefs, consumer health data (as defined under the Privacy Laws), sex life, sexual orientation, status as transgender or nonbinary, national origin, or citizenship or immigration status; (2) genetic data; (3) Personal Information of any person that we know or have reason to know is under the age of 18; or (4) precise geolocation data. If you choose to use features that involve biometric identifiers (such as facial recognition or fingerprint authentication), we collect and process that Biometric Data as described in the "Notice About Biometric Information" section above, and only for the purposes permitted by law. We process and disclose the limited sensitive personal information that we do collect only for the purposes permitted by law and as disclosed above or at the time we collect this information unless otherwise required by law.
We do not transfer Personal Information for monetary consideration. If you are a Nevada resident and would like to tell us not to sell your information in the future (in case we change our no-sell policy) you may make a request by emailing support@ryze.com with your name, postal address, telephone number and email address with "Nevada do not sell" in the subject section.
Residents of certain U.S. states may have additional privacy rights under applicable state laws, including the Colorado Privacy Act, the Connecticut Data Privacy Act, the Delaware Personal Data Privacy Act, the Florida Digital Bill of Rights, the Iowa Consumer Data Protection Act, the Indiana Consumer Data Protection Act, the Minnesota Consumer Data Privacy Act, the Kentucky Consumer Data Protection Act, the Montana Consumer Data Privacy Act, the New Hampshire Expectation of Privacy Act, the New Jersey Data Privacy Act, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Virginia Consumer Data Protection Act, and the Utah Consumer Privacy Act (collectively, the “Other State Privacy Laws”).
If you are a resident of one of these states, subject to certain exceptions, you may have the following rights:
To exercise these rights, you may contact us at legal@ryze.money. We may need to verify your identity before responding to your request. We will respond within the timeframes required by applicable law.
We do not process sensitive personal information for purposes other than those permitted under the Other State Privacy Laws. We also do not sell Personal Data as defined under these state laws.
Changes to the Privacy Policy. Technology and the internet are rapidly changing. Ryze, therefore, is likely to make changes to the Platform in the future and as a consequence will need to revise this Privacy Policy to reflect those changes. When we revise the Privacy Policy, Ryze will alert all users for whom it maintains email information of such modifications by means of an email to their most recently provided email address, or at our option, by means of a notice on this Platform prior to the change becoming effective. It is important that you review this Privacy Policy periodically for an up-to-date understanding of Ryze's policies and practices.
Annual Privacy Notice. In addition to notifying you when we make changes to this Privacy Policy, Ryze is required by federal law to provide you with a privacy notice at least once each year for as long as you remain our customer. We will deliver the annual privacy notice electronically through the Platform or by email, consistent with your E-SIGN consent. If our information-sharing practices change in a material way, we will give you advance written notice and a reasonable opportunity to opt out before any such new sharing begins.
Do Not Track "DNT" Signals. Except as stated in this Privacy Policy, we have not implemented the necessary program changes to honor "Do Not Track" or "DNT" browser signals for users in the U.S. As our online applications programming is refined, we will take all reasonable steps to honor such requests in the future. Please return to this privacy policy for further updates on this topic.
Children and Data Collection. Ryze's Platforms are general audience Platforms. Ryze's Platform content is not directed toward children or minors who are under the age of 18. We do not knowingly collect Personal Data from children. If Ryze or its internet service providers become aware that a minor has provided us with Personal Data, that information will be deleted from our databases. If you have questions about Personal Data that may have been submitted by a child or minor, you may inquire at support@ryze.com.
Contacting Ryze. To communicate with Ryze about this Privacy Policy or to update your Individual Rights Data, please contact: legal@ryze.money or support@ryze.com.
Effective Date: January 7, 2026
FACTS
WHAT DOES FNBL DO WITH YOUR PERSONAL INFORMATION?
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
When you are no longer our customer, we continue to share your information, as described in this notice.
How? All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons FNBL chooses to share; and whether you can limit this sharing.
| Reasons we can share your personal information | Does FNBL share this? | Can you limit this sharing? |
|---|---|---|
| For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
| For our marketing purposes— to offer our products and services to you | Yes | No |
| For joint marketing with other financial companies | No | We don’t share this information |
| For our affiliates’ everyday business purposes— information about your transactions and experience | Yes | No |
| For our affiliates’ everyday business purposes — Information about your creditworthiness | No | We don’t share this information |
| For our affiliates to market to you | Yes | |
| For nonaffiliates to market to you | Yes |
Submit an Opt-Out through the Platform or by emailing support@ryze.com.
Please Note: If you are a new customer, we can begin sharing your information 30 (thirty) days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.
Who is providing this notice? This notice is provided by First National Bank of Lacon.
How does FNBL protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. We also limit access to information to those employees for whom access is necessary. FNBL will never sell your personal information.
How does FNBL collect my personal information? We collect your personal information, for example, when you:
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to everyone on your account.
Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies. We share the data with Ryze Money Inc.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies. Nonaffiliates we share with may include companies such as service providers and marketing partners, when the sharing of data is not for our everyday business purposes.
Joint marketing A formal agreement between non-affiliated financial companies that together market financial products or services to you.
Vermont Residents In accordance with Vermont law, we will not share personal information about you, other than transaction experience information, with affiliates, nor will we share any personal financial information about you for marketing purposes.
California Residents For financial information, we will not share information we collect about you with companies outside of FNBL unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We may also share your information with third party financial institutions with which we have a joint marketing agreement to offer financial products and services to you.
California residents can opt-out of joint marketing through the Platform or by emailing support@ryze.com.
Nevada Residents We are providing you this notice pursuant to state law. You may be placed on our internal Do Not Call List by following the directions in the To Limit Our Sharing section above. Nevada law requires that we provide you with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington Ave., Suite 3900, Las Vegas, NV 89101; Phone number: 702-486-3132; email: agInfo@ag.nv.gov.
North Dakota Residents In accordance with North Dakota law, we will not share information we collect about you with companies outside of our corporate structure, except as permitted by law, including, for example, with your consent, to service your account (through Ryze). Residents of North Dakota are opted out from nonaffiliate marketing by default. We will limit sharing among our companies to the extent required by North Dakota law.
Other State Residents. You may have additional rights regarding your personal information. Because FNBL is a bank, most of the information we collect is subject to federal laws such as the Gramm Leach Bliley Act and may be exempt from state privacy laws. You can view this Privacy Policy for additional information and email legal@ryze.money to make a request regarding your personal information.
Annual Notice We will send you a new privacy notice each year as long as you are our customer, as required by applicable law.