CorporateConnect Privacy Policy
Last updated: 14 April 2026
Privacy Summary
- Who: CorporateConnect collects personal data from authorised users of commercial client organisations.
- Why: to deliver banking services, prevent fraud, and meet Bank Secrecy Act and FFIEC obligations.
- Sharing: payment networks, regulated service providers and supervisory authorities only — never sold.
- Retention: 7 years for transaction records; 24 months for authentication logs.
- Rights: access, correction, deletion and opt-out via privacy@corporate-connect.gr.com subject to regulatory retention.
This policy governs how CorporateConnect ("we", "us") collects, uses, shares and retains personal information through the corporate-connect.gr.com commercial banking portal and associated mobile applications. It is written for two audiences: commercial client administrators evaluating the platform's privacy posture, and individual authorised users exercising rights under the Gramm-Leach-Bliley Act (GLBA), California Consumer Privacy Act (CCPA/CPRA) and the EU and UK General Data Protection Regulations.
1. Information We Collect
We collect five categories of information during account onboarding, ongoing service delivery and security monitoring.
| Category | Examples | Legal Basis | Retention |
|---|---|---|---|
| Identity & contact | Name, title, business email, business phone, work address | Contract performance; legitimate interest | Duration of relationship + 7 years |
| Authentication metadata | Company ID, User ID, hashed password, MFA device ID, login IP | Security (GLBA Safeguards Rule) | 24 months rolling |
| Transactional data | Wires, ACH, transfers, beneficiary data, amounts, memo lines | Contract performance; BSA/AML | 7 years |
| Technical & device | IP address, user agent, session IDs, device fingerprint, geolocation at sign-in | Fraud prevention | 24 months |
| Communication | Support tickets, chat transcripts, recorded calls to Treasury Ops | Service improvement; dispute resolution | 5 years |
2. How We Use Your Information
We process personal information to deliver contracted banking services, meet regulatory obligations, and detect and prevent fraud. Principal purposes include: executing payment instructions, operating the treasury workbench, generating reports, administering user access, meeting BSA/AML and OFAC-screening obligations, responding to subpoenas and supervisory requests, and improving the platform without using personal data for targeted advertising.
3. How We Share Your Information
CorporateConnect does not sell personal information. We share data with four categories of recipients, each under contractual privacy and security obligations.
- Payment networks: Fedwire, CHIPS, SWIFT, NACHA, CHAPS, SEPA, as required to execute instructions.
- Regulated service providers: KYC verification, OFAC and sanctions screening, anti-money-laundering monitoring, cloud hosting (SOC 2 certified), statement print & mail, electronic signature services.
- Legal & supervisory: the Office of the Comptroller of the Currency, FDIC, FinCEN, IRS (1099 reporting), FFIEC-coordinated examiners, law enforcement under valid process.
- Corporate transactions: advisers assisting with a merger, acquisition or financing, under equivalent confidentiality terms.
4. Cookies & Similar Technologies
The portal uses strictly necessary session cookies for authentication and fraud prevention, plus preference cookies for dashboard layout. No advertising or cross-site tracking cookies are set. Session cookies expire on logout or after 15 minutes of inactivity. You can disable non-essential cookies through browser settings without loss of core functionality.
5. Your Rights
Depending on your jurisdiction, you may exercise the following rights by emailing privacy@corporate-connect.gr.com:
- Access — request a copy of personal data held about you.
- Correction — request rectification of inaccurate data.
- Deletion — request erasure, subject to regulatory retention under GLBA, BSA and CCPA commercial-context carve-outs.
- Portability — request export of your data in a structured, machine-readable format.
- Opt-out of sale — CorporateConnect does not sell personal data; this right is exercised by default.
- Complaint — lodge a complaint with your data protection authority or contact the Federal Trade Commission or Consumer Financial Protection Bureau.
6. Data Security
We follow controls aligned with the FFIEC IT Examination Handbook and SOC 2 Type II criteria: TLS 1.3 in transit, AES-256 at rest, hardware-backed key management, FIDO2 and MFA for privileged access, role-based authorisation, continuous audit logging and quarterly penetration testing. See the Security page for the complete control catalogue.
7. International Transfers
CorporateConnect processes and stores data primarily in the United States. Where EU/UK authorised users access the portal, transfers rely on Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
8. Children's Data
The platform is intended for authorised personnel of commercial clients aged 18 or older. We do not knowingly collect data from children.
9. Changes to This Policy
Material changes are communicated at least 30 days in advance through the portal banner and to the Company Administrator of record. The latest revision date appears at the top of this page.
10. Contact
Privacy enquiries: privacy@corporate-connect.gr.com. Postal: CorporateConnect Privacy Office, 2875 Meridian Corporate Drive, Minneapolis MN 55402. Support phone: 800-462-6583 (Mon–Fri 7am–9pm CT).