CHILDREN’S ONLINE PRIVACY POLICY

CHILDREN’S ONLINE PRIVACY POLICY

EFFECTIVE DATE: May 1, 2026

AmeriCU Credit Union (“AmeriCU”, “we,” “us,” or “our”) is committed to protecting the privacy and security of children under the age of 13. This “Children’s Online Privacy Policy” describes how we collect, use, disclose, and protect personal information obtained online from children under the age of 13 in connection with AmeriCU’s digital account opening processes and related online banking services for Youth Share Savings Accounts, Youth Share Certificates, Youth Money Market Accounts, and Youth Freedom Checking Accounts (each, an “Online Service”). This Children’s Online Privacy Policy only applies where we have actual knowledge that we are collecting personal information online from a child under the age of 13 through our websites, mobile applications, and online services (collectively, the “Sites”) and is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”). All references to “child” means an individual under the age of 13 and references to “you” or “your” means a parent or legal guardian.

INFORMATION WE COLLECT ABOUT CHILDREN
Before a child may use an Online Service, a parent or legal guardian must create the account and provide verifiable parental consent.
During account creation, we may collect the following personal information about a child:

• Name
• Birth month and year
• Mailing address
• Social Security Number
• Telephone Number (or parent’s number)
• Email address (or parent’s email address)
• Username and password

A child’s Social Security number is reasonably necessary to open and maintain a federally regulated financial account and is collected solely for identity verification, fraud prevention, and compliance with applicable banking, tax, and financial laws. All personal information is collected directly from the parent or legal guardian during account setup, or from the child only after verifiable parental consent has been obtained.

If verifiable parental consent is not provided, we will not collect, use, or disclose a child’s personal information, and the child will not be permitted to use the Online Service. Any personal information submitted during the consent process will be promptly deleted if verifiable parental consent is not obtained in a reasonable period of time.

We may also collect limited technical information such as IP address, device type, operating system, and browser information solely to support internal operations permitted under COPPA. We do not collect precise geolocation information from children.

VERIFIABLE PARENTAL CONSENT
When required by COPPA, we obtain verifiable parental consent before collecting, using, or disclosing a child’s personal information. We obtain consent through methods such as government-issued identification verification or signed consent returned by mail or electronic signature.
If we materially change how we collect, use, or disclose children’s personal information in a manner that requires consent under COPPA, we will obtain new verifiable parental consent before applying such changes.

DIRECT NOTICE TO PARENTS
Parents will receive a separate COPPA Direct Notice prior to the collection of a child’s personal information, as required by COPPA. This Children’s Online Privacy Policy is not a substitute for the Direct Notice, which explains our information practices, parental rights, and how to provide consent.

USE AND DISCLOSURE OF INFORMATION
We use children’s personal information solely to support our internal operations and to provide Online Services, including:

• Opening and maintaining accounts
• Processing transactions and online banking services
• Authenticating users
• Security and fraud prevention
• Customer support
• Aggregated and de-identified analytics

We may disclose children’s personal information to trusted service providers solely to perform and support internal operations on our behalf such as:

• Website and mobile hosting
• Check ordering and E-statements
• Personal financial management (PFM)
• Core banking, transfers, processing and payments
• Security and fraud prevention
• Customer support

Our service providers are contractually required to maintain the confidentiality and security of the information and are prohibited from using it for any other purpose, including for their own purposes.

NO TARGETED OR BEHAVIORAL ADVERTISING
We do not engage in targeted, behavioral, or interest-based advertising, or profiling directed at children. We do not sell, rent, or share children’s personal information for advertising or marketing purposes.

ANALYTICS AND PERSISTENT IDENTIFIERS
We may use limited analytic tools solely for internal operations such as performance measurement, security, debugging, and fraud prevention. Any persistent identifiers collected are used only as permitted under COPPA and are not used to recognize children across websites, mobile applications, online services or for advertising purposes.

DATA SECURITY AND RETENTION
We maintain reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, security, and integrity of personal information collected from children against unauthorized access, disclosure, alteration, or destruction.
We retain personal information only as long as reasonably necessary to fulfill the purpose for which it was collected or as required by law, based on applicable banking, tax, and record-retention requirements. When personal information is no longer required to be retained for legal or regulatory purposes, it will be securely deleted or de-identified.

RIGHTS AS A PARENT OR LEGAL GUARDIAN
Parents and legal guardians have the following rights:

• Right to Review: You may request to review the personal information we have collected from your child.
• Right to Delete: You may request that we delete your child’s personal information from our records, subject to applicable legal and regulatory record retention requirements.
• Right to Refuse Further Collection or Use: You may refuse to permit further collection or use of your child’s personal information, and we will honor that request going forward.
• Right to Withdraw Consent: You may withdraw your consent at any time, without charge, and without affecting your child’s ability to participate in activities that do not require the collection of personal information.

HOW TO CONTACT US
If you have any questions about this Children’ Online Privacy Policy or if you wish to exercise any of the parental and legal guardian rights above, please contact us using the information provided below.
AmeriCU Credit Union
1916 Black River Blvd
Rome, NY 13440
Attention: Legal Department
Email: [email protected]
Phone: (800) 388-2000

CHANGES TO THIS CHILDREN’S ONLINE PRIVACY POLICY
We may update this Policy from time to time and post a new effective date reflecting when a change takes effect. If we make a material change affecting how children’s personal information is handled, we will provide notice and obtain applicable consent from a parent or legal guardian as required by law.