Online Privacy Policy

Headwaters State Bank Privacy Policy

Last Updated: 3/23/2026

This Privacy Policy (“Policy”) applies to the Headwaters State Bank website located at https://www.headwatersstatebank.com, and the Headwaters State Bank mobile banking application (collectively, the “Digital Services”). This Policy does not apply to information collected offline or through third‑party websites that are not owned or controlled by Headwaters State Bank.

Headwaters State Bank uses and shares customer information in accordance with this Privacy Policy and its Consumer Privacy Notice, which is provided pursuant to the Gramm‑Leach‑Bliley Act (GLBA) and is available through our Digital Services.

Information We Collect

Information You Provide to Headwaters State Bank

When you use our Digital Services, we may collect personal and sensitive information that you voluntarily provide, including:

  • Personal Identifiers
    First and last name, username, password, Social Security number, date of birth, email address, telephone number, mailing address, and business name.

  • Financial Information
    Bank account numbers, routing numbers, debit card numbers, card expiration dates, card verification values, transaction history, balances, payment and transfer details, bill pay information, and remote deposit information.

  • Transaction and Payment Data
    Deposit transactions, withdrawal transactions, payment instructions, transfer activity, merchant information, and transaction timestamps.

  • Images and Documents
    Photos or images you submit through the mobile app, including check images, receipts, and supporting documentation for mobile/remote deposit capture.

  • Messages and Communications
    Information submitted through secure messages, forms, chat features, or customer service interactions.

  • Location Information (User‑Provided or Device‑Based)
    Location information you provide directly or that is derived from your device, which may be used for fraud prevention, transaction verification, and service functionality.

  • Biometric Information (If Enabled by You)
    If you choose to enable fingerprint or facial recognition login on your device, Headwaters State Bank uses biometric authentication provided by your device’s operating system. We do not collect, store, or retain biometric data.

Information We Collect Automatically

When you access our Digital Services, we may automatically collect:

  • IP address
  • Device identifiers and unique device IDs
  • Device type, operating system, and browser type
  • Date and time of access
  • App usage data and interaction data
  • General location data (such as city or state)
  • Camera and microphone access status (only when features require it)

If you use the Digital Services through a mobile device, we may also collect information about other installed applications only to the extent necessary for security, fraud prevention, and compatibility.

Information We Receive from Third Parties

In the ordinary course of business, Headwaters State Bank may receive information from:

  • Core banking and digital banking service providers
  • Payment processors and mobile deposit providers
  • Identity verification services
  • Consumer reporting agencies and credit bureaus
  • Fraud monitoring and cybersecurity service providers
  • Analytics providers that help improve Digital Services performance

Mobile App Permissions and Data Access

The Headwaters State Bank mobile app may request the following permissions only when required for functionality:

Contacts Access

The app may request access to your device’s contact list solely to enable person‑to‑person payment functionality, such as identifying payees by name or phone number.

  • Headwaters State Bank does not store your full contact list
  • Contact data is not sold or used for marketing

Photos and Camera Access

The app may request access to your device’s camera and photo library to support mobile and remote deposit capture and to allow you to upload images or documents related to your account.

  • Images are used only for the transaction or service you initiate
  • Images are transmitted securely and retained in accordance with banking record‑retention requirements

You may revoke these permissions at any time through your device settings; however, certain app features may no longer function if access is disabled.

How Headwaters State Bank Uses Information

Headwaters State Bank uses collected information to:

  • Provide and operate Digital Services
  • Authenticate users and prevent unauthorized access
  • Process transactions, deposits, and payments
  • Enable mobile banking features and functionality
  • Respond to customer requests and inquiries
  • Provide customer support and account servicing
  • Detect, prevent, and investigate fraud, cybersecurity incidents, and unauthorized activity
  • Improve products, services, and user experience
  • Comply with applicable laws, regulations, and legal processes
  • Protect the rights, property, and safety of Headwaters State Bank and its customers

We may use de‑identified or aggregated information for analytical or business purposes.

Disclosure of Information

Headwaters State Bank may share personal and sensitive information:

  • With service providers and vendors that support banking operations, digital banking, payments, fraud detection, and mobile deposit services
  • With regulatory authorities, law enforcement, or government agencies as required by law
  • With consumer reporting agencies as permitted under applicable law
  • With third parties with your consent
  • As otherwise permitted or required by law

Headwaters State Bank does not sell customer information.

Cookies and Tracking Technologies

Our Digital Services may use cookies, web beacons, and similar technologies to support functionality, security, and analytics. These technologies help us understand how users interact with our Digital Services and improve performance.

You may manage cookie preferences through your browser settings; however, disabling cookies may limit functionality.

Location Information

If you consent to location access, we may use location information to enhance security, prevent fraud, and improve services. You may disable location access at any time through your device settings, though some features may be limited.

Opt‑Out and Communication Preferences

You may opt out of marketing emails by using the unsubscribe link included in communications. Transactional and security‑related communications are required for account servicing and cannot be opted out of.

Children’s Privacy

Headwaters State Bank does not knowingly collect personal information from children under the age of 13 without parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA).

Data Security

Headwaters State Bank maintains administrative, technical, and physical safeguards designed to protect customer information. While we use commercially reasonable measures to secure data, no system is completely secure.

Preventing Identity Theft

Never share your login credentials, PIN, or one‑time passcodes. Headwaters State Bank will never request sensitive information via unsolicited email or text message.

Third‑Party Links

Our Digital Services may contain links to third‑party websites. Headwaters State Bank is not responsible for the privacy practices or content of those sites.

Changes to This Policy

This Privacy Policy may be updated periodically. The most current version will be posted within the Digital Services with the updated “Last Updated” date.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact Headwaters State Bank through the Contact Us options available on headwatersstatebank.com or within the mobile banking app.