Privacy Policy

Veridiancu operates as a federally insured credit union under the regulatory oversight of the National Credit Union Administration. As a financial institution, Veridiancu is subject to the privacy provisions of the Gramm-Leach-Bliley Act and implementing regulations that govern how financial institutions collect, use, and disclose nonpublic personal information. This privacy policy serves as the required notice to members describing the credit union's information practices and the choices available to members regarding the sharing of their personal data.

The privacy obligations Veridiancu upholds extend beyond statutory minimums. Because the credit union is member-owned, the institution has a structural incentive to handle member data with care — there are no external shareholders to whom data could be monetized, and there is no ad-supported business model that would encourage the collection of behavioral data beyond what is required to operate deposit accounts, process loan applications, and deliver the banking services members have explicitly requested. The privacy policy detailed on this page reflects that member-first orientation, and it applies across all service channels: the Waterloo, Iowa branch at 1405 East San Marnan Drive, the Veridiancu online banking platform and mobile app, the Veridian Credit Union login portal, the Veridian credit card login portal, and any telephone or written communications with the credit union. Additional resources on financial privacy regulations are available at ncua.gov.

Veridiancu collects personal information from several sources, each corresponding to a specific business need. When a member applies for an account, the credit union collects identification information including full legal name, date of birth, Social Security number, physical and mailing addresses, telephone numbers, email addresses, employment information, and income data as relevant to the type of account or loan being requested. This information supports identity verification under the USA PATRIOT Act Customer Identification Program requirements, credit underwriting when applicable, and ongoing account administration including billing statement delivery, tax reporting, and regulatory compliance.

Transaction information is generated whenever a member uses a Veridiancu account — deposits, withdrawals, transfers, debit card purchases, bill payments, wire transactions, and loan payments all create records that the credit union retains for account management, statement generation, and regulatory compliance purposes. Web and mobile application usage data, including IP addresses, browser types, device identifiers, pages visited, and session duration, is collected during interactions with the Veridiancu website and mobile app. This information supports fraud detection, platform performance monitoring, and user experience improvement. Veridiancu does not sell personal information to third parties, does not share personal information with non-affiliated third parties for their own marketing purposes, and does not use member transaction data to target marketing for products unrelated to the member's existing banking relationship.

Veridiancu may share personal information with service providers and business partners that perform essential operational functions on behalf of the credit union. These include check printing and statement processing vendors, payment network operators that process debit and credit card transactions, credit reporting agencies for loan underwriting and account review purposes, regulatory examiners and auditors conducting statutory oversight, and law enforcement agencies when presented with valid legal process such as a subpoena, court order, or search warrant. In each case, the information shared is limited to what is necessary for the specific function being performed, and service providers are contractually bound to maintain confidentiality, use data only for the specified purpose, and return or destroy data when the service engagement concludes.

Veridiancu does not disclose account numbers or access codes to non-affiliated third parties for telemarketing, direct mail marketing, or electronic marketing purposes. The credit union may, with member consent or as permitted by law, share information with affiliated financial service providers for the purpose of offering additional products that may interest the member — for example, sharing deposit account standing with the mortgage lending division to pre-qualify a member for a home equity product. Members who prefer to limit this type of affiliate sharing may submit a written opt-out request to Veridiancu at the Waterloo branch address, which will be honored within thirty days and remain in effect until the member provides written revocation. The Consumer Financial Protection Bureau provides additional guidance on financial privacy rights at consumerfinance.gov.

The security infrastructure protecting member data at Veridiancu operates across multiple layers. At the network perimeter, firewalls, intrusion detection systems, and distributed denial-of-service mitigation protect against external threats targeting the credit union's online banking platform and website. Data in transit between a member's browser or mobile device and Veridiancu servers is encrypted using Transport Layer Security protocols with current cipher suites that resist known attacks. Data at rest within the credit union's systems — account databases, transaction records, member correspondence — is protected by file-level and database-level encryption with access controls that restrict data visibility to employees whose job functions require it.

Employee access to member information follows the principle of least privilege. A teller processing a deposit does not have access to credit report data. A marketing analyst reviewing aggregate product usage does not see individually identifiable transaction records. The information security team conducts periodic access reviews, comparing active user permissions against current job responsibilities and revoking access that is no longer justified. All employee access to member data is logged, and the logs are subject to audit review. Veridiancu also maintains a formal incident response plan that defines procedures for containing, investigating, and notifying affected parties in the event of a data breach, in accordance with applicable state breach notification laws and NCUA reporting requirements.

These privacy principles are embedded in Veridiancu's operational procedures, employee training programs, and vendor management practices. New employees complete privacy and data security training during onboarding, and existing employees complete annual refresher training that covers updates to privacy regulations, emerging threat vectors, and changes to internal data handling procedures. The privacy policy itself is reviewed on an annual cycle and updated as necessary to reflect changes in applicable law, regulatory guidance, or the credit union's operational practices.

The Veridiancu website and associated digital properties use standard internet technologies including cookies, session identifiers, and analytics tools that record technical data about each visit. Session cookies maintain the authenticated state during a Veridian Credit Union login and expire when the browser is closed. Persistent cookies store user preferences such as display language and accessibility settings between visits, with a maximum lifespan of twelve months unless the member clears them earlier. Analytics scripts collect aggregated, de-identified data about page traffic patterns and platform performance — this data does not include account numbers, passwords, or individually identifiable financial transaction details. Members who prefer not to participate in analytics data collection may enable the Do Not Track setting in their browser, which the Veridiancu website respects for analytics purposes while continuing to use session cookies essential to secure online banking functionality.

The Veridiancu mobile app for iOS and Android generates device-level data that includes operating system version, device model, app version, and crash report data for debugging purposes. Location data is accessed only when the member actively uses the ATM locator feature; location is never tracked in the background or stored beyond the duration of the locator session. Push notification tokens are stored to deliver the account alerts that members have explicitly configured. Members can disable push notifications at any time through the app settings or the device operating system notification controls. No information collected through the mobile app is shared with third-party advertising networks, data brokers, or analytics providers — all mobile data processing occurs within systems controlled by Veridiancu or its contracted service providers under the same data protection terms that apply to core banking data.

Veridiancu offers youth savings accounts that parents or legal guardians can open on behalf of minor children. The information collected for a youth account is limited to the child's name, date of birth, and Social Security number, and it is collected through a parent or guardian who acts as the joint account holder and provides the consent required under applicable law. Veridiancu does not use youth account data for marketing purposes directed at children, does not sell youth account data to third parties, and does not collect behavioral or browsing data on child users beyond what is necessary to operate the deposit account and comply with regulatory reporting obligations. Parents or guardians who wish to review, correct, or request deletion of their child's information may contact Veridiancu customer service at (319) 555-0147 or submit a written request to the Waterloo branch. The Federal Trade Commission provides guidance on children's privacy protections that supplements this policy at fdic.gov.

Veridiancu members may exercise the following rights by submitting a written request to the credit union's Waterloo headquarters at 1405 East San Marnan Drive, Waterloo, IA 50701, or by contacting Veridian customer service at (319) 555-0147. Members have the right to request a copy of the personal information Veridiancu maintains about them, subject to reasonable processing fees and identity verification requirements. Members have the right to request correction of inaccurate personal information, which Veridiancu will investigate and, where substantiated, correct within thirty business days of receiving a documented correction request. Members have the right to request deletion of personal information in certain circumstances, though Veridiancu may decline deletion requests where the information is necessary to maintain the member's active accounts, comply with legal record-retention requirements, prevent fraud, or protect the security of the credit union's systems.

Members who have questions about this privacy policy, who believe their privacy rights have been violated, or who wish to file a formal privacy complaint may do so through the channels listed above. Veridiancu is committed to resolving privacy concerns directly with affected members. Members who are not satisfied with the resolution of a privacy complaint may also contact the National Credit Union Administration through its consumer assistance center or the Iowa Division of Banking for matters involving state-chartered credit union operations. This privacy policy was last updated and posted on April 28, 2026, and supersedes all prior versions of the Veridiancu privacy policy.