SinglePoint Privacy Policy
Last updated: 2026-04-18. This SinglePoint Privacy Policy describes how SinglePoint collects, uses, shares, retains and protects information connected with the SinglePoint commercial banking portal at singlepoint.at. SinglePoint is a product of U.S. Bank, the American national bank supervised by the Office of the Comptroller of the Currency (OCC) and federally chartered by U.S. Bancorp.
This notice is written to comply with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the New York SHIELD Act, Massachusetts 201 CMR 17.00, and the Dodd-Frank Wall Street Reform and Consumer Protection Act consumer-protection provisions administered by the Consumer Financial Protection Bureau (CFPB).
Your Rights Privacy Officer
1. Information SinglePoint Collects
SinglePoint collects categories of information appropriate to providing commercial banking services. Every collection is scoped to a specific lawful purpose.
Personal identifiers. Name, business email, business phone, business address and government-issued identifiers where required by Bank Secrecy Act (BSA) Customer Identification Program rules. SinglePoint collects identifiers only for named users on a Company ID.
Account information. Company ID, User ID, role assignments, dual-control thresholds, token serial numbers, account numbers (masked to authorised users), permissions, audit log entries and saved report definitions. Account information supports delivery of the SinglePoint service.
Transaction information. Wire, ACH, bill payment, international payment, FX trade and transfer data originated by or routed through SinglePoint on behalf of the client's operating accounts. Transaction information is collected as part of the U.S. Bank commercial banking service and retained per OCC recordkeeping rules.
Device and technical information. IP address, browser fingerprint, device type, operating system, language preference, time zone, session identifiers and interaction telemetry limited to security, fraud detection and service quality. Device telemetry is not used for advertising.
2. Purposes of Processing
SinglePoint processes information only for purposes declared in this Privacy Policy or required by law.
Banking Service Delivery
Authentication, authorisation, transaction execution, reporting, balance presentation and user administration. Without this processing, SinglePoint cannot deliver the commercial banking portal.
Fraud Prevention
Pattern detection, anomaly flagging, positive pay validation, OFAC screening and account-takeover defence. SinglePoint uses device telemetry and transaction context to protect client funds.
Regulatory Reporting
Currency Transaction Reports (CTR), Suspicious Activity Reports (SAR), BSA recordkeeping, OFAC sanctions screening, FinCEN filings and IRS tax reporting where applicable. SinglePoint complies with federal reporting obligations at U.S. Bank.
Service Improvement
Aggregate usage analysis, performance monitoring, defect diagnosis and roadmap planning. Service improvement uses de-identified or aggregated data where practical.
3. Data Categories, Purposes, Retention and Sharing
The SinglePoint data retention matrix for seven principal categories.
| Data Category | Purpose | Retention | Shared With |
|---|---|---|---|
| Personal identifiers | KYC, BSA CIP, access control | 7 years after account closure | Regulators, U.S. Bancorp affiliates |
| Account information | Service delivery, audit | 7 years per OCC | U.S. Bancorp affiliates |
| Transaction records | Execution, reporting, tax | 7 years per OCC, IRS | Regulators, correspondents, IRS |
| Authentication logs | Security, audit, dispute | 7 years | Regulators on subpoena |
| Device telemetry | Fraud, service quality | 24 months | Fraud-detection processors |
| Communication records | Support, compliance | 5 years per FINRA-adjacent rules | Internal teams only |
| Analytics (aggregate) | Service improvement | 36 months | Internal teams only |
4. Third-Party Disclosure
SinglePoint discloses information only where permitted or required by law and only to parties below.
Regulators. The OCC, Federal Reserve, CFPB, FDIC, IRS, FinCEN, OFAC and state banking regulators with supervisory jurisdiction over U.S. Bank. Disclosure occurs in regulated examinations, compulsory process and mandatory reporting.
Service providers. Cloud hosting (U.S. data centres only), fraud-detection processors, identity-verification services, document management and cheque imaging vendors operating under written data-processing agreements aligned with the GLBA Safeguards Rule and NY SHIELD Act safeguards.
Affiliates within the U.S. Bancorp group. Information is shared with affiliated entities for product fulfilment, joint marketing (subject to GLBA opt-out) and consolidated risk management. Within-affiliate sharing is permitted by GLBA exceptions.
Cross-border transfers. SinglePoint data is processed and stored in U.S. data centres. Cross-border transfers occur only for SWIFT international wire messaging, which is governed by SWIFT's own privacy framework and limited to the information needed to route the wire to its beneficiary jurisdiction.
5. Security Safeguards
SinglePoint applies administrative, technical and physical safeguards aligned with SOC 2, NIST 800-53, the GLBA Safeguards Rule and the Massachusetts 201 CMR 17.00 written information security program.
Encryption
TLS 1.3 in transit. AES-256 at rest. Hardware security modules for cryptographic key custody. End-to-end integrity on every SinglePoint session.
Access Control
Role-based access, dual-control thresholds, token-based MFA, 15-minute idle timeout and 7-year audit trail on every administrative action.
Incident Response
24/7 security operations centre, documented incident-response runbook, regulator notification under NY SHIELD and state breach laws, and client notification where required.
6. Consumer and Business Rights
SinglePoint honours rights granted by GLBA, CCPA/CPRA, NY SHIELD and related state statutes. Employees of commercial clients qualify as consumers in California and several other states.
Right to know and access. Request a copy of personal data SinglePoint holds about you. SinglePoint verifies identity, then responds within 45 calendar days (extendable to 90 days for complex requests per CCPA).
Right to delete and correct. Request deletion or correction of personal data. Deletion may be denied where retention is required by OCC, IRS, BSA or other federal recordkeeping rules, in which case SinglePoint explains the legal basis.
Right to opt out of sale or sharing. SinglePoint does not sell personal data. SinglePoint does not share personal data for cross-context behavioural advertising. Opt-out requests are still honoured for defensiveness within 15 business days.
GLBA opt-out of affiliate sharing. Email privacy@singlepoint.at to opt out of certain GLBA-permitted sharing with non-affiliated third parties for marketing. Statutory exceptions (service providers, fraud, compliance) remain unaffected.
7. Cookies and Similar Technologies
SinglePoint uses three cookie categories. No advertising cookies. No cross-site tracking.
Strictly Necessary
Session authentication, CSRF protection, security posture. Cannot be disabled without breaking SinglePoint sign-in.
Analytics
First-party, aggregated usage measurement. No individual-user tracking. Opt-out available in the cookie preference centre.
Preferences
Language, accessibility theme, time zone. Retained locally on the device; synced to server only on explicit sign-in.
Compliance Snapshot
SinglePoint Privacy Policy at a glance.
SinglePoint Privacy Policy Compliance Snapshot
- Written to comply with GLBA, CCPA/CPRA, NY SHIELD Act, Massachusetts 201 CMR 17.00 and Dodd-Frank consumer provisions.
- Data stored and processed in U.S. data centres; cross-border transfer limited to SWIFT wire messaging.
- Retention 7 years on transactional and account data per OCC and IRS; 24 months on device telemetry.
- SOC 2 and NIST 800-53 aligned safeguards with TLS 1.3, AES-256 and hardware security modules.
- Consumer rights (access, delete, correct, opt-out) honoured under CCPA/CPRA and GLBA opt-out framework.
8. Children's Privacy
SinglePoint is not directed to children. SinglePoint does not knowingly collect personal data from individuals under 18. Commercial banking services provided through SinglePoint are for business users only and carry no expectation that minors will use the portal.
9. Privacy Officer Contact and Complaint Mechanism
The SinglePoint Privacy Officer handles privacy requests, complaints and escalations.
Email: privacy@singlepoint.at. Postal: SinglePoint Privacy Officer, U.S. Bank, 800 Nicollet Mall, Minneapolis, MN 55402. Phone: 1-800-377-3404, Monday to Friday 7:00am to 7:00pm Central Time.
External complaint mechanisms. California residents may contact the California Office of the Attorney General privacy portal. Federal consumer complaints may be filed with the Federal Trade Commission. CFPB complaints are available at consumerfinance.gov. New York residents may contact the NY Attorney General's Bureau of Internet and Technology.
10. Changes to This SinglePoint Privacy Policy
Material changes to this SinglePoint Privacy Policy are communicated by email to Company Administrators at least 30 calendar days before effect and posted at singlepoint.at/privacy-policy with a visible dateModified stamp. Continued use of SinglePoint after the effective date constitutes acknowledgement of the revised notice.