Privacy Notice

Catalyst Corporate Federal Credit Union and its related companies (collectively, “CCFCU”), along with CCFCU’s member credit unions, operate in a heavily regulated industry in which they are obligated to implement security programs to protect any confidential customer information and personally identifiable information that they have in their possession.  CCFCU takes those obligations very seriously.  As part of our mission to be a premier innovative corporate credit union that provides exceptional member value in an efficient, safe, and sound manner, CCFCU has implemented programs and controls designed to protect the information of our members and their customers, and we provide more details about those efforts in Section I below.

Also, merely by using and interacting with CCFCU websites you provide information about yourself.  Section II below discusses the various types of information about you that might be collected when you use any of our websites, how that information might be used, with whom it might be shared, and how it will be protected.  By accessing or using CCFCU websites, you consent to our use of your information as described below, and you agree to this Privacy Policy and to CCFCU’s Terms of Use, as well as any subsequent updates of those documents.  You should read both of these documents carefully before continuing to access or use any of our websites, and you should review both documents regularly because they can change at any time, without notice to you, in our sole discretion.  If you are not willing to agree to our Terms of Use or this Privacy Policy, you should not access any CCFCU websites.


    CCFCU places a high priority on security, confidentiality, integrity, and the reliability of its information systems.  In compliance with federal and state regulations, we use both physical and technological security measures to protect all types of information we receive from our member credit unions, including consumer personal and account information, loan participation documents, member and owner records, and all other sensitive data.  To assure business continuity, we have implemented redundant mirrored data storage, a continuously maintained hot site replicating our systems for immediate disaster recovery, cybersecurity defense technology coupled with a complete incident response plan, and a variety of other systems, policies, and procedures designed to protect all data and ensure uninterrupted operation of our business and systems.  All such measures are routinely tested and updated.

    Regulations require our member credit unions to confirm that “Service Providers” like CCFCU conduct their activities in accordance with reasonable policies and procedures designed to mitigate the risk of identity theft, safeguard consumer personal and account information, protect against threats or hazards to the security of such information, prevent unauthorized access, and establish plans for addressing any breach, crime, disaster, or other incident.  In addition to the obligations we have to our member credit unions, Federal Trade Commission regulations in 16 C.F.R. Part 314 impose a direct obligation on CCFCU to implement such policies and procedures.  We take those obligations very seriously. CCFCU’s Vice President- Operations Risk Management has been appointed to coordinate our information security program and can be contacted at CCFCU Operations Compliance, 6801 Parkwood Blvd, Plano TX 75024.

    The disclosures below are provided to assist member credit unions with their due diligence and compliance with NCUA Rules and Regulations Parts 717 and 748, CFPB Regulation P (Part 1016) and the Payment Card Industry Data Security Standards.

    1. Disclosure Regarding Part 717.

      Under Part 717 of the NCUA’s Regulations, CCFCU is deemed to be a “service provider” to its member credit unions.  CCFCU utilizes policies and procedures that are designed to prevent, detect and mitigate the risk of security breaches that could result in a member of a credit union, or any other person, being exposed to identity theft. Those policies and procedures apply to all circumstances in which CCFCU processes or otherwise has access to confidential information, whether in connection with providing services for a “covered account” held at a credit union or otherwise.

      Other than as expressly disclosed in this Privacy Policy, CCFCU does not use nonpublic personal information about any credit union’s members, or about any other person, for any purpose other than those purposes for which the credit union disclosed the information to CCFCU, including servicing and processing of transactions in the ordinary course of business.

      CCFCU utilizes security measures that CCFCU deems to be appropriate for the protection of nonpublic personal information about credit union members and other persons, with particular attention to protection against unauthorized access to or unauthorized use of such information that could result in substantial harm or inconvenience to any credit union’s members or to any other person.

    2. Disclosure Regarding Part 1016 (Regulation P) and Part 748.

      Under Part 1016 (Regulation P) of the Consumer Financial Protection Bureau’s Regulations and Part 748 of the NCUA’s Regulations, CCFCU is deemed to be a “service provider” to its member credit unions.  CCFCU’s security program establishes standards for the protection of information assets. These standards are intended to be compliant with Part 748 of the NCUA rules and regulations. The program includes a data classification to protect information assets. In addition, CCFCU has a risk assessment process in place to evaluate risks, including security related risks. 

    3. Disclosure Regarding PCI Data Security Standards

      CCFCU has achieved full compliance with Payment Card Industry Data Security Standards. PCI DSS is a set of multifaceted security standards established by the major card brands (including Visa and MasterCard) to protect cardholder account information. These best practices include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.  Click here to access the PCI DSS on PCI Security Council’s website.  CCFCU’s security program establishes standards for the protection of information assets, including card data. Also, CCFCU has a risk assessment process in place to evaluate risks, including security-related risks.

    4. SSAE18 Statement.

      CCFCU has implemented and continues to develop internal controls. To demonstrate compliance with these controls, CCFCU engages a firm to perform an SSAE18 review every two years. The Service Organization Controls (SOC1) report covers controls placed in operation and tests of operating effectiveness. The SSAE18/SOC1 review is available to credit unions who contact Member Services or call 800.442.5763, option 1. The report also may be downloaded from TranZact by authorized users. 

    5. Incident Response.

      CCFCU has an incident response plan in place that provides guidance for our response if a security breach occurs. If an incident occurs that involves unauthorized access to or unauthorized use of nonpublic personal information, confidential account or transaction data, card data, or any other sensitive information, CCFCU will take actions that CCFCU deems to be appropriate, including notification to the affected credit union as soon as possible of any such incident.

    6. Data Disposal.

      CCFCU will utilize security measures designed to accomplish the proper disposal of sensitive data held by CCFCU. If immediate deletion or disposal of the data held by CCFCU is not lawful, feasible, or appropriate, then until the date when deletion or disposal of the data occurs, CCFCU will continue to utilize security measures designed to protect the data against unauthorized access and unauthorized use.

    1. Types of Information.

      Online Forms.  Our “Contact Catalyst” page and our “Sign Up Now” page each contains an online form where you can submit your information for purposes of asking questions, subscribing to one or more of our newsletters, or providing comments.  Also, access to our loan participation materials requires the initial submission of an indication of interest form.  When you submit information through any of those pages or forms, you provide us with personally identifiable information about yourself, including at a minimum your name and email address, along with other information specific to the particular page or form.  Submission of your personally identifiable information, or any other information, through one of our website pages is purely voluntary and by your action and consent—you are not required to submit such information in order to visit and use our websites, nor will you be signed up for any mailing list simply by visiting and using our websites. 

      Cookies.  Cookies are small text files that a website transfers to the visitor’s hard drive or web browser, and they are used to improve the visitor’s experience when using our websites, such as retaining user preferences between sessions.  Cookies cannot be used to deliver viruses to your computer, and they can only be read by our web servers.  Most web browsers give you the option to decline cookies selectively or completely. 

      Web Beacons.  A web beacon is an often-transparent graphic image, usually no larger than one-pixel square, that is placed on a website to monitor the activity of a visitor while using the website, often used in combination with cookies.  Like cookies, web beacons cannot be used to deliver viruses to your computer.  Web beacons help us learn which pages of our websites are visited, how often, and for how long. 

      Technical Information.  When you visit any website, including any of our websites, certain information is collected automatically, including your internet protocol or IP addresses, unique device identifiers, the type of browser you are using, and other technical data about your computing environment (collectively, “Technical Information”).  CCFCU may use Technical Information to identify you, monitor your activity on our site, or as part of collecting and processing anonymous metrics.

      Links.  Our websites might contain links to other websites not under our control.  You should carefully review the privacy policies and terms of use of any linked websites before using them.  We can’t control those third-party websites, and we are not responsible for how they use your information when you visit them. 

      There may be other locations on our websites where we provide you with email links or other opportunities to communicate with us, and of course your use of those methods is purely voluntary and by your action and consent.  When you use them, we receive information about you such as your name and email address.

    2. No Collection of Information about Children.

      Our websites are not designed or intended to collect information from or about children under the age of 13.  Children under 13 should not use our websites or provide any information to us through any of our online forms.  If you believe information about a child under 13 has been collected or provided through our websites, please contact us and we will delete that information. 

    3. How We Use and Share Your Information.

      CCFCU does not sell your information to third parties.  We use a third-party information technology vendor to maintain our websites (the “Web Vendor”) under a written contract, but we do not permit the Web Vendor to use your information for any purpose other than our websites.  Other than our Web Vendor, no third party collects or receives any of your personally identifiable information that we obtain through our websites except as expressly disclosed below.

      When you submit information to us through one of our web pages, you are providing your personally identifiable information, and you are consenting to our use of that information for the purposes described on the relevant form page and for our marketing and promotional activities.  Your information may be used to send you CCFCU press releases or other emails.  But, except as disclosed herein, your personally identifiable information will not be shared with third parties other than our Web Vendor.

      We use cookies, web beacons, and the Technical Information described above as part of developing anonymous statistical reporting on aggregate website-usage data, and that anonymous information might be shared with third parties (such as providers of web analytics services), but we do not use that information to discover personally identifiable information about you.

      The CCFCU family of companies, including our subsidiaries and affiliates, share your information internally for a variety of purposes, including marketing and promotion of our products and services. 

      CCFCU is based in the United States.  No matter where you are, you should expect that your information will be processed and viewed in the United States.  Your use of our websites constitutes your consent for any cross-border data transfer resulting from such use. 

      Where permitted or required by applicable law, CCFCU will provide your personally identifying information in its possession, custody, or control, to third parties without your consent to comply with court orders, subpoenas, or other legal or regulatory requirements.

    4. How We Protect Your Information.

      As discussed more fully in Section I above, CCFCU uses industry standard computer security measures and industrial security practices as part of our commitment to protect the information on our networks and servers, including your information.  We also use reasonable physical, electronic, and managerial procedures to protect your information against unauthorized access, loss, misuse, or improper destruction, regardless of the form in which that information is stored.