Privacy Policy

for CU Hawaii

Effective: October 30, 2025

Scope. This Policy explains how CU Hawaii (“CU Hawaii,” “we,” “us”) collects, uses, and shares information on https://www.nicetocuhawaii.com/ and the CU Hawaii mobile apps on Apple App Store and Google Play (together, the “Services”). It also describes choices and rights.

Quick “Notice at Collection.”

We collect: account and profile data; loyalty and purchase data; communications; device and technical data; location data; transaction and payment data; marketing and advertising engagement; analytics; and visit metadata. We use this for: providing and securing the Services, loyalty and rewards, customer support, analytics, personalization, and legal compliance. We keep data as long as needed for these purposes, then delete or de‑identify it. We do not sell personal data. If we start using data for advertising networks or cross‑context behavioral advertising, we will update this Policy and provide required notice and opt‑out. 

1) Information We Collect

1.1 User‑Provided Information

  • Account & Profile: name, email, phone, password or credentials.
  • Loyalty Program: purchase history tied to rewards or points; promo preferences.
  • Customer Service: emails, chats, support tickets, feedback, survey responses.
  • Social Logins (future): public profile data from Google/Apple/Facebook.

1.2 Device & Technical Information

  • Device model, OS version, app version, mobile advertising ID (IDFA/GAID), IP address.
  • Crash logs, error reports, app usage analytics (screens, time in app), push tokens.
  • Cookies and similar technologies on the website.

1.3 Location Information

  • Approximate from IP or network.
  • Precise GPS with your consent for “nearby stores” or location‑based offers. You can disable precise location in your OS settings.

1.4 Transaction & Payment Data

  • In‑app purchases: payment method tokens via App Store, Google Play, or a third‑party processor; purchase amounts and receipts. We do not store full card numbers.
  • Coupon/reward redemptions: time and location.

1.5 Marketing & Advertising Data

  • Email engagement (opens, clicks).
  • Push notification interactions.
  • Promotion click‑throughs.

1.6 Analytics

  • Use of third‑party analytics (for example, Google Firebase) for app performance, crash diagnostics, and usage analytics.

1.7 Automatically Collected Metadata

  • Date/time of access, referring site/app, language and region settings.

2) How We Use Information

  • Provide, operate, and secure the Services.
  • Create and manage accounts; authenticate users.
  • Run the loyalty program, track rewards, and process redemptions.
  • Process purchases and receipts.
  • Send transactional messages and service notices.
  • Provide customer support and respond to requests.
  • Personalize content and in‑app experience.
  • Measure and improve performance and features.
  • Comply with law, enforce terms, and prevent fraud or abuse.

3) How We Share Information

Service Providers and Contractors. We share data with vendors who host, develop, process payments, provide analytics, or support customers. They must follow our instructions and protect the data.

External Third Parties. We do not sell or rent personal data. If we later partner with advertising or marketing networks that use data for their own purposes, we will update this Policy and, where required, provide notice and a way to opt out. For California, that includes a “Do Not Sell or Share” link if applicable. 

Legal and Safety. We may disclose information to comply with law or legal process, or to protect users, staff, the public, or our rights.

Business Transfers. If we engage in a merger, financing, or sale, information may transfer as part of that transaction.

4) Cookies and Similar Technologies

On the website we use cookies or similar technologies for essential functions, analytics, and to remember preferences. You can control cookies in your browser. App SDKs serve similar purposes in mobile apps.

5) Your Choices

  • Precise Location. Enable or disable in your device settings.
  • Push Notifications. Manage in‑app or device settings.
  • Marketing Emails. Unsubscribe via the link in the email or adjust in app.
  • Social Logins. You can disconnect in the app (when available) and with the social provider.

6) Data Retention

  • Account and Profile. Kept while your account is active and for [24] months after inactivity, then deleted or de‑identified unless needed for legal obligations.
  • Loyalty and Purchases. Kept for program administration and records, typically [7] years to meet tax and accounting requirements.
  • Crash/Analytics Logs. Typically [13] months unless aggregated sooner.
  • Support Records. Typically [3] years after resolution.

7) Security

We use administrative, technical, and physical safeguards appropriate to the data. No method of transmission or storage is perfectly secure.

Breach Notice. If a security breach involves personal information, we will provide notices consistent with Hawaii law (HRS Chapter 487N). 

8) Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If we learn we collected information from a child under 13, we will delete it. We follow COPPA requirements. Parents can contact us to request deletion. 

9) State Privacy Rights (U.S.)

Residents of some U.S. states, including California, may have rights such as access, deletion, correction, portability, and the right to opt out of sales/sharing or limit use of sensitive information. We honor applicable rights and will verify requests. California residents can learn more at the California Attorney General and CPPA sites. 

Financial Incentives. Our loyalty program may be a “financial incentive” under some state laws. We explain the categories of data, how to opt in, how to withdraw, and how we calculate the value of the incentive in the Notice of Financial Incentive below. 

How to Exercise Rights. Use the in‑app privacy controls or contact us at [email protected]. You may use an authorized agent as allowed by law. We do not discriminate for exercising rights.

10) International Visitors

The Services are intended for use in the United States. If you use them from outside the U.S., you consent to processing in the U.S. and other countries that may have different data‑protection laws.

11) Third‑Party Services

Our Services may link to third‑party sites or services. Their privacy practices are their own. For Firebase privacy and data processing information, see Google’s documentation. 

12) Do Not Track

We do not respond to browser “Do Not Track” signals due to the lack of an industry standard.

13) Changes to This Policy

We will post updates with a new effective date. Material changes will include additional notice where required.

14) Contact

CU Hawaii

Attn: Privacy

1000 Bishop St Ste 910

Honolulu, HI 96813

Email: [email protected]

Notice of Financial Incentive (Loyalty Program)

Summary. We offer points, rewards, discounts, or promotions when you join our loyalty program.

Material Terms. You provide personal information such as name, contact details, and purchase history. We use it to operate the program, personalize offers, and analyze performance.

Opt‑In/Opt‑Out. You opt in by enrolling. You can opt out at any time in app or by contacting us. If you opt out, you may lose unredeemed points where permitted by program rules.

Value of Data. We estimate the value of the data based on the expense of running the program, expected redemption rates, and revenue impact of the program. The incentives are reasonably related to this value.

No Retaliation. We do not deny goods or services, charge different prices, or provide a different level of quality if you exercise your rights, except as permitted for financial incentives.