Privacy Policy
Last updated: March 9, 2026
Topheritage Finance is committed to protecting your personal and financial information. This Privacy Policy explains what we collect, why we collect it, how we use it, and your rights regarding your data.
1Information We Collect
Topheritage Finance collects several categories of information when you apply for, open, and use our banking products and services. We collect information directly from you during account registration and ongoing use, automatically through your interaction with our digital platforms, and from trusted third-party sources as necessary to verify your identity and comply with our regulatory obligations.
Personal Identification Information: This includes your full legal name, date of birth, Social Security Number or government-issued tax identification number, passport or driver's license number, physical address, email address, and phone number. This information is required to open your account, verify your identity under our KYC program, and comply with applicable AML regulations.
Financial Information: We collect your account numbers, routing numbers, transaction history, account balances, credit and debit card information, loan and credit application data, and payment preferences.
Device and Technical Information: When you access our website or mobile application, we automatically collect information about the device you use, including IP address, browser type and version, operating system, device identifiers, and session duration.
- Biometric Data: If you use fingerprint or facial recognition to authenticate with the Topheritage Finance mobile app, we collect and process biometric identifiers. Biometric data is processed locally on your device and is never stored on Topheritage Finance's servers without your explicit consent.
- Location Data: With your prior consent, we may collect precise geolocation data from your mobile device to verify the legitimacy of transactions and detect fraud.
- Communications: We retain records of your communications with Topheritage Finance customer support, including emails, chat transcripts, and call recordings (where permitted by law), for quality assurance and regulatory compliance.
2How We Use Your Information
Topheritage Finance uses the information we collect for a variety of purposes that are fundamental to delivering safe, compliant, and high-quality banking services.
- Account Management and Service Delivery: To open and maintain your accounts, process transactions, send account statements and notifications, respond to your inquiries, and provide customer support.
- Transaction Processing: To execute payment instructions, including ACH transfers, wire transfers, card payments, bill payments, and peer-to-peer transfers.
- Fraud Detection and Prevention: To monitor transactions in real time for suspicious patterns, verify the identity of users attempting to access accounts, and block unauthorized transactions.
- Regulatory Compliance (AML/KYC): To comply with legal obligations under the Bank Secrecy Act, USA PATRIOT Act, OFAC regulations, FinCEN requirements, and other applicable anti-money laundering laws.
- Personalized Financial Insights: To analyze your transaction history and provide personalized budgeting tips, savings recommendations, and spending analytics.
- Marketing and Communications (with consent): To send you promotional emails and offers about Topheritage Finance products and services where you have provided consent. You may opt out of marketing communications at any time.
- Credit Risk Assessment: To evaluate applications for credit products including loans, credit cards, and overdraft facilities.
3Information Sharing and Disclosure
We do not sell your personal information to third parties. Topheritage Finance will never sell, rent, or license your personal data to advertisers, data brokers, or any third party for commercial purposes. Period.
Topheritage Finance shares your information only in the limited circumstances described below, and only to the extent necessary for the stated purpose.
- Regulatory and Law Enforcement Authorities: We are required by law to share information with federal and state regulatory agencies when required by subpoena, court order, warrant, or other legal process, or when we are required to file Suspicious Activity Reports (SARs) under the Bank Secrecy Act.
- Credit Bureaus: We report account performance information to major credit bureaus (Equifax, Experian, TransUnion) as required for credit products and as permitted by the Fair Credit Reporting Act (FCRA).
- Payment Processors and Banking Partners: We share transaction data with payment networks (Visa, Mastercard), ACH operators, correspondent banks, and our FDIC-insured bank partners to facilitate the processing of your transactions.
- Cloud Service Providers: We use cloud infrastructure providers to host our platform. These providers are bound by Data Processing Agreements that restrict their use of your data.
- Fraud Prevention Networks: We participate in shared fraud intelligence networks and may share anonymized transaction patterns with partner financial institutions.
- Professional Advisors: We may share information with our attorneys, accountants, auditors, and other professional advisors who are bound by confidentiality obligations.
4Data Security
Protecting your financial information is our highest operational priority. Topheritage Finance employs a comprehensive, defense-in-depth security architecture that incorporates industry-leading technologies, rigorous processes, and continuous monitoring to safeguard your data.
All data stored in Topheritage Finance's systems is encrypted using 256-bit AES encryption with regularly rotated encryption keys. All data transmitted between your device and Topheritage Finance's servers is protected using TLS 1.3 encryption. Topheritage Finance's infrastructure undergoes quarterly penetration testing by independent third-party security researchers, and we maintain an active bug bounty program.
Multi-factor authentication (MFA) is required for all customer accounts and mandatory for all employee and administrator access to production systems. In the event of a data breach affecting your information, we will notify you and applicable regulators within the timeframes required by applicable law.
5Cookies and Tracking Technologies
Topheritage Finance uses cookies and similar tracking technologies on our website and mobile application to provide and improve our Services, authenticate users, remember your preferences, and analyze usage patterns.
- Essential Cookies (Always Active): These cookies are strictly necessary for the operation of our Services and cannot be disabled. They include session authentication cookies that keep you logged in and security cookies that help us detect and prevent fraud.
- Analytics Cookies (Opt-Out Available): We use analytics services to understand how users interact with our Services, which pages are most popular, and where users encounter difficulties. You can opt out of analytics cookies through our Cookie Preferences center.
- Marketing Cookies (Opt-In Only): We use marketing cookies only with your explicit consent to deliver relevant advertisements about Topheritage Finance products and services. You can withdraw your consent at any time through our Cookie Preferences center.
To manage your cookie preferences, visit the Cookie Preferences center in your account settings or at the footer of our website.
6Your Rights and Choices
Topheritage Finance respects your rights over your personal data. Depending on your location and applicable law, you may have some or all of the following rights regarding the personal information we hold about you. We will respond within thirty (30) days.
Right to Access
Request a copy of the personal data we hold about you, including how it is used and shared.
Right to Rectify
Correct inaccurate or incomplete personal data we hold about you through your account settings.
Right to Erasure
Request deletion of your personal data, subject to our legal obligations to retain certain records.
Data Portability
Receive your data in a structured, machine-readable format (JSON or CSV) for transfer to another service.
Right to Object
Object to processing of your data for direct marketing or where we rely on legitimate interests.
Withdraw Consent
Withdraw consent at any time where we rely on consent to process your data.
To submit a privacy rights request: (1) log in to your Topheritage Finance account and navigate to Settings → Privacy & Data; (2) email us at privacy@nexabank.com; or (3) call our Privacy Helpline at 1-800-NEXA-BANK.
7Data Retention
Topheritage Finance retains your personal information for as long as necessary to provide the Services, comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and for other legitimate business purposes.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account & Profile Data | 7 years after account closure | Banking Secrecy Act, State Law |
| Transaction Records | 10 years from transaction date | Federal financial recordkeeping |
| KYC / Identity Documents | 5 years after relationship ends | 31 CFR § 1020.220 |
| Loan Application Data | 3 years after final decision | Equal Credit Opportunity Act |
| Marketing Data | Until opt-out or account closure | Consent / Legitimate interests |
| Support & Chat Logs | 3 years from interaction date | Dispute resolution |
| Security & Audit Logs | 2 years from creation | Security monitoring obligations |
| Biometric Data | Stored locally only; deleted on opt-out | Explicit consent |
Upon the expiration of the applicable retention period, we securely delete or anonymize your personal data in accordance with our data destruction procedures.
8Children's Privacy
Topheritage Finance's Services are designed for and directed to adults who are at least eighteen (18) years of age. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18. If we become aware that we have collected personal information from an individual under 18 without verifiable parental consent, we will take immediate steps to delete such information from our systems.
Topheritage Finance offers custodial accounts for minors, which allow a parent or legal guardian to open and manage a banking account on behalf of a child under 18. These custodial accounts are opened and controlled by the adult custodian, who is the account holder of record.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@nexabank.com.
9International Data Transfers
Topheritage Finance is headquartered in the United States and primarily processes personal data on servers located in the United States. If you are accessing our Services from outside the United States — particularly if you are located in the European Economic Area (EEA), United Kingdom, or Switzerland — your personal data will be transferred to and processed in the United States.
For transfers of personal data from the EEA, UK, and Switzerland to the United States and other third countries, Topheritage Finance relies on Standard Contractual Clauses ("SCCs") approved by the European Commission and the UK International Data Transfer Agreement (IDTA) for transfers from the United Kingdom.
If you have questions about our international data transfer practices or wish to receive a copy of the relevant transfer mechanisms we use, please contact our Data Protection Officer at dpo@nexabank.com.
10California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") provides you with specific rights regarding your personal information.
- Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of information, the sources from which it was collected, and the categories of third parties with whom we shared it.
- Right to Delete: You have the right to request deletion of the personal information we have collected from you, subject to certain exceptions permitted by law.
- Right to Opt-Out of Sale or Sharing: Topheritage Finance does not sell your personal information and does not share it for cross-context behavioral advertising. However, if you wish to formally opt out, you may do so by emailing privacy@nexabank.com.
- Right to Limit Use of Sensitive Personal Information: Under the CPRA, you have the right to limit our use of sensitive personal information to uses necessary to provide the Services you request.
- Right to Non-Discrimination: Topheritage Finance will not discriminate against you for exercising any of your CCPA rights.
We will respond to verifiable consumer requests within forty-five (45) days, with an extension of up to ninety (90) days where necessary.
11European Privacy Rights (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") and equivalent national implementing legislation provide you with enhanced privacy rights.
Legal Bases for Processing: We rely on the following legal bases: (i) Performance of a Contract — processing necessary to open and maintain your account and provide the banking services you have requested; (ii) Legal Obligation — processing required to comply with AML/KYC regulations and other legal requirements; (iii) Legitimate Interests — processing for fraud prevention, security monitoring, and internal analytics; and (iv) Consent — processing for optional analytics cookies, marketing communications, and biometric authentication.
- Data Protection Officer (DPO): You can contact our DPO at: dpo@nexabank.com or by post at Topheritage Finance DPO, 1600 Penn Avenue Suite 400, Wilmington, DE 19801, USA.
- Right to Lodge a Complaint: If you believe that Topheritage Finance has processed your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority in your EU member state of residence.
- Automated Decision-Making: Topheritage Finance uses automated decision-making for certain processes, including initial fraud scoring and loan pre-approval assessments. You have the right to request human review of such decisions by contacting privacy@nexabank.com.
12Changes to This Policy
Topheritage Finance periodically reviews and updates this Privacy Policy to reflect changes in our data practices, applicable laws, and evolving industry standards. For material changes, we will provide at least thirty (30) days' advance written notice via email to your registered email address and via a prominent banner on our website and in the mobile application.
Topheritage Finance maintains a version history of this Privacy Policy, and previous versions are available upon request by contacting privacy@nexabank.com. Your continued use of our Services following the effective date of a revised Privacy Policy constitutes your acceptance of the changes.
13Contact Us
We take your privacy seriously and want to make it easy for you to reach the right team with any questions, concerns, or requests. We will acknowledge your inquiry within two (2) business days and provide a substantive response within thirty (30) days.
Privacy Team
privacy@nexabank.com
General privacy inquiries, rights requests, consent management
Data Protection Officer
dpo@nexabank.com
GDPR compliance, EU/UK data transfers, supervisory authority liaison
Privacy Helpline
1-800-NEXA-BANK
Mon–Fri 8AM–8PM EST · Say "Privacy" to reach our team
Mailing Address
Topheritage Finance, Inc. — Privacy
1600 Penn Avenue, Suite 400
Wilmington, DE 19801
United States
This Privacy Policy is effective as of March 9, 2026.
At Topheritage Finance, protecting your privacy is not just a legal obligation — it is a core part of who we are. We believe that trustworthy banking requires trustworthy data stewardship.