Skip to main content
Legal

Privacy Policy

Last updated: May 13, 2026

1. Introduction

BankRegReports LLC ("BankRegReports," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes the information we collect from visitors and registered users of bankregreports.com (the "Website") and any related services (collectively, the "Service"), how we use that information, and the choices available to you.

This policy applies to information collected on the Website and through electronic communications between you and BankRegReports. It does not apply to information collected offline, through any other BankRegReports websites (if any), or by any third party.

By accessing or using the Website, you agree to this Privacy Policy. If you do not agree, please do not use the Service. We may update this policy periodically; continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

2. Children Under 18

The Website is not intended for anyone under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect personal data from children under 18. If we learn that we have collected personal data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, contact us at [email protected].

3. Information We Collect

What Is Personal Data

"Personal Data" means any information that identifies or could reasonably be used to identify you as an individual or your device. It does not include deidentified or aggregated data that cannot be linked back to you.

Information You Provide Directly

When you create an account or use the Service, you may provide:

  • Email address and password (or Google account credentials if you use Google Sign-In)
  • Name and organization (if provided during profile setup)
  • Billing information — collected and processed by Stripe, Inc. on our behalf. We receive a Stripe customer ID and subscription status; we do not store your card number, CVV, or full payment details on our servers.
  • Billing address associated with your subscription
  • Watchlist configurations and email alert preferences
  • Custom peer group definitions and saved screener filters
  • Any information you include in messages sent to us (e.g., via our contact form or email)

Information Collected Automatically

When you use the Website, our servers and analytics tools automatically collect:

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, dashboard tools used, banks viewed, and search queries within the platform
  • Referring URLs and clickstream data
  • Session timestamps and duration
  • Error logs and performance data

Google Sign-In

If you authenticate using Google OAuth, we receive from Google only the information you authorize at sign-in: your Google account email address, display name, and profile picture URL. We do not receive your Google password, contacts, Gmail messages, Google Drive files, calendar, or any other Google account data.

Cookies and Tracking Technologies

Session cookies contain an encrypted identifier that keeps you logged in as you navigate the Website. They expire when you close your browser.

Persistent cookies remember your preferences across visits (e.g., selected view modes, watchlist state). They remain until deleted.

Google Analytics cookies (_ga, _gid) collect anonymized, aggregated traffic data — page views, session counts, referral sources. This data is not linked to your account identity.

Web beacons (pixel tags) embedded in pages and transactional emails help us count recipients, track open rates, and verify email delivery.

You can manage cookies through your browser settings. Disabling essential cookies will impair login and account functionality. You may opt out of Google Analytics collection using the Google Analytics Opt-out Browser Add-on.

4. How We Use Your Information

We use the information we collect to:

  • Authenticate your account and provide access to the Service
  • Process subscription payments and manage billing through Stripe
  • Send transactional emails: account verification, password resets, billing receipts, and watchlist alerts you have enabled
  • Personalize your experience (saved watchlists, peer groups, screener filters)
  • Monitor platform security, detect fraud, enforce rate limits, and prevent unauthorized access
  • Diagnose bugs, measure performance, and improve platform features based on aggregated usage patterns
  • Comply with legal obligations and respond to valid legal process
  • Notify you of material changes to the Service, Terms, or this Privacy Policy
  • Send promotional communications about BankRegReports products and features (you may unsubscribe at any time)

We do not sell your personal information to third parties. We do not use your data to display third-party behavioral advertising.

5. Information Disclosure

We do not share, sell, rent, or otherwise disclose your personal data except in the following circumstances:

  • Service providers: We share data with contractors and vendors who perform services on our behalf (hosting, payment processing, email delivery, error monitoring, analytics), under contractual obligations that restrict their use of your data to the services they provide to us.
  • Business transfers: If BankRegReports is involved in a merger, acquisition, asset sale, or similar transaction, your data may be transferred as part of that transaction. We will notify registered users via email before your data is transferred and becomes subject to a different privacy policy.
  • Legal requirements: We may disclose your information when required by law, court order, or government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of BankRegReports, our users, or the public.
  • Enforcement: We may disclose information to enforce these Terms of Service, collect subscription fees, or investigate potential violations.
  • With your consent: For any other purpose, with your explicit consent.

We may disclose aggregated, deidentified information — which cannot reasonably be used to identify you — without restriction.

6. User Choices

Cookies: You may set your browser to refuse all cookies or to notify you when a cookie is sent. Some parts of the Website (login, watchlists, saved settings) will not function properly without cookies.

Promotional email: Each promotional email we send includes an unsubscribe link. Transactional emails (account verification, billing, watchlist alerts you have enabled) are not affected by unsubscribing from marketing communications.

Watchlist alerts: You can enable or disable individual email alerts at any time through your watchlist settings on the platform.

Google Analytics: Use the Google Analytics opt-out add-on to prevent your visits from being included in aggregated analytics.

7. Accessing, Correcting, and Deleting Your Data

You can review and update your account information through your account settings page. To request access to, correction of, or deletion of your personal data, email us at [email protected]. We will respond within 30 days (or within any shorter period required by applicable law).

Account deletion removes your personal profile, watchlists, and preferences. We cannot delete your personal data without also deleting your user account. Anonymized usage data may be retained after account deletion. We will not accommodate requests that would require us to provide inaccurate information or that are not permitted by applicable law.

8. Jurisdiction-Specific Rights

GDPR (EEA, Switzerland, United Kingdom)

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have additional rights under the General Data Protection Regulation, including: the right to access your data, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object to processing, and the right to withdraw consent. Our legal bases for processing are contract performance, legitimate interests (security, fraud prevention, analytics), legal obligation, and consent where indicated. To exercise any GDPR right, contact us at [email protected].

CCPA / CPRA (California Residents)

California residents have the right to: know what personal information we collect, use, disclose, or sell; request deletion of personal information; correct inaccurate personal information; and opt out of the sale or sharing of personal information. We do not sell your personal information. We will not discriminate against you for exercising your CCPA rights. To submit a request, contact us at [email protected].

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against accidental loss and unauthorized access, use, alteration, and disclosure. These include:

  • HTTPS / TLS encryption for all data in transit
  • Django's PBKDF2+SHA256 secure password hashing
  • CSRF token protection on all state-changing operations
  • HTTP Strict Transport Security (HSTS)
  • Content-Security-Policy headers
  • IP-based rate limiting and automated abuse detection
  • Access to production systems restricted to authorized personnel only

You are responsible for keeping your password confidential. Where you have chosen a password to access the Service, you are responsible for maintaining its confidentiality and for all activity occurring under your account. Internet transmission carries inherent security risks; no transmission method is 100% secure. We are not liable for the circumvention of any privacy settings or security measures.

10. US Data Processing and International Transfers

BankRegReports is based in the United States. If you access the Service from outside the United States, your personal data may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. U.S. federal, state, and local governments, courts, or law enforcement may be able to obtain access to your information as permitted by U.S. law.

Where we transfer data internationally to third-party processors, we enter into Data Processing Agreements requiring them to comply with applicable privacy law and this Policy.

11. Third-Party Services

The following third-party services may process your data as part of operating the Service. Each is governed by its own privacy policy:

  • Stripe, Inc. — subscription billing and payment processing (stripe.com/privacy)
  • Google LLC — OAuth 2.0 sign-in and Google Analytics 4 (policies.google.com/privacy)
  • Railway Corporation — cloud hosting and infrastructure
  • Snowflake Inc. — data warehousing for the bank regulatory dataset that powers the platform. Your personal account data is not stored in Snowflake.
  • Sentry — application error monitoring. Error reports may include truncated request metadata; passwords and payment data are never logged.
  • Gmail / Google SMTP — transactional email delivery

12. Changes to This Policy

We may update this Privacy Policy at any time. When we make material changes, we will update the "Last updated" date at the top of this page and notify registered users via email. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Policy.

13. Contact Us

For questions, concerns, or data-related requests, contact us at:

BankRegReports LLC
PO Box 682704, Marietta, GA 30068, USA
[email protected]