Privacy & Data Overview
What data Valley First collects, why we collect it, how we use it, who we share it with, and the rights you have over your information as a member-owner of this credit union.
Our Commitment to Member Privacy
Valley First Credit Union recognizes that the trust our members place in us depends, in significant measure, on how we handle the personal and financial information they entrust to us. As a member-owned financial cooperative — not a for-profit corporation motivated to monetize customer data — Valley First approaches privacy as a fundamental obligation rather than a compliance checkbox. This policy describes our practices regarding the collection, use, disclosure, and protection of member information. It applies to current members, former members, and applicants for membership, and it covers information collected through our branches, website, mobile application, telephone interactions, and any other channel through which you engage with Valley First Credit Union.
This policy is reviewed annually and updated as necessary to reflect changes in our practices, technology, or the regulatory environment. The effective date of the current version appears at the end of this document. If material changes are made, we will notify members through our website, through electronic communication for members enrolled in online banking with a valid email address on file, and through mailed notice for members who have opted out of electronic delivery. Your continued use of Valley First services following any update to this policy constitutes your acknowledgment of the changes. Federal financial privacy regulations, including the Gramm-Leach-Bliley Act and Regulation P, establish the baseline privacy protections that govern our data practices. For additional information about your rights under federal privacy law, the Consumer Financial Protection Bureau publishes educational resources on financial privacy rights and how to exercise them.
Information We Collect
Valley First Credit Union collects information about our members and applicants through several distinct categories, each serving a specific purpose in our ability to provide financial services. The categories of information we collect, and the circumstances under which we collect them, are as follows.
Personal Identification Information — When you apply for membership, open an account, apply for a loan, or otherwise establish a relationship with Valley First, we collect information that identifies you as an individual. This includes your full legal name, date of birth, Social Security number or Individual Taxpayer Identification Number, government-issued identification document numbers, physical and mailing addresses, telephone numbers, email addresses, and employment information. We collect this information at account opening and may update it if you notify us of changes or if verification processes indicate that the information on file requires correction.
Financial Transaction Information — In the course of providing account services, we collect and maintain records of your financial transactions with us. This includes account balances, deposit and withdrawal records, check images, debit card transaction details, ACH and wire transfer records, loan balances and payment histories, and credit card transaction data. This information forms the operational record of your membership and is retained in accordance with federal record-keeping requirements and our own data retention policies.
Credit and Application Information — When you apply for a loan, a credit card, or other credit product, we collect information necessary to evaluate your creditworthiness. This may include your income, employment history, assets, monthly obligations, and credit history obtained from consumer reporting agencies with your authorization. The Fair Credit Reporting Act governs our use of credit report information and your rights with respect to that information.
Digital Interaction Information — When you use Valley First online banking, the Valley First mobile app, or the Valley First website, we automatically collect certain technical information about your device and your interaction with our digital platforms. This includes your IP address, browser type and version, operating system, device identifiers, pages visited, time spent on pages, referring website addresses, and the date and time of your visits. We use cookies, web beacons, and similar technologies to collect some of this information. You may configure your browser to decline cookies, though doing so may limit certain functionality on our website.
Communications Records — When you contact Valley First member support by phone, email, secure message through online banking, or in person at a branch, we may record or document those communications for quality assurance, training, and record-keeping purposes. Telephone calls to our member support line may be recorded with notification provided at the beginning of the call.
Data Collection Categories
| Data Category | Examples | Collection Purpose | Retention Period |
|---|---|---|---|
| Personal Identification | Name, SSN/ITIN, DOB, address, phone | Account opening, identity verification, regulatory compliance | Duration of membership plus 7 years |
| Financial Transactions | Balances, deposits, withdrawals, transfers | Account servicing, statement generation, fraud detection | Duration of membership plus 7 years |
| Credit Information | Credit reports, income, employment, assets | Loan underwriting, credit decisions | Duration of loan plus 7 years |
| Digital Interactions | IP address, browser info, page visits, cookies | Platform operation, security monitoring, analytics | Up to 36 months |
| Communications | Call recordings, emails, secure messages | Quality assurance, training, dispute resolution | Up to 36 months |
How We Use Your Information
Valley First Credit Union uses member information exclusively for purposes related to the provision, administration, and improvement of financial services offered to our members. We do not sell member information to third parties for marketing purposes, and we do not share member information with unaffiliated third parties for their own independent marketing use. The specific purposes for which we use member information include processing transactions and maintaining account records, verifying identity and preventing fraud, underwriting and servicing loans and credit products, communicating with members about their accounts and services, complying with legal and regulatory obligations, and analyzing usage patterns to improve our products and digital platforms.
Our use of information for marketing purposes is limited to communicating directly with members about Valley First products and services that may be relevant to their financial needs. Members may opt out of marketing communications at any time by contacting member support at (509) 555-0185, updating communication preferences through online banking, or following the unsubscribe instructions included in every marketing email. Opting out of marketing communications does not affect our ability to send transactional communications — such as account statements, regulatory notices, and fraud alerts — which we are required or permitted to send regardless of marketing preferences.
Information Sharing and Disclosure
Valley First Credit Union shares member information only under the limited circumstances described below and in compliance with applicable financial privacy laws. We do not disclose nonpublic personal information about our members or former members to anyone except as permitted or required by law.
Service Providers and Business Partners — We may share information with third-party companies that perform services on our behalf, such as check printing, statement production and mailing, debit and credit card processing, online and mobile banking platform hosting, fraud detection and prevention, data processing and storage, and marketing communications distribution. These service providers are contractually bound to use member information only for the specific services we have engaged them to perform, to maintain the confidentiality and security of that information, and to comply with all applicable privacy laws and regulations. They are prohibited from using member information for their own purposes or disclosing it to others.
Legal and Regulatory Disclosures — We may disclose member information when required by law, regulation, legal process, or government request. This includes disclosures to federal and state financial regulatory agencies during examinations, to law enforcement agencies in response to valid subpoenas or court orders, and to the Internal Revenue Service for tax reporting purposes. We may also disclose information to credit reporting agencies in accordance with the Fair Credit Reporting Act, to check verification and fraud prevention services to protect against fraudulent transactions, and in connection with a merger, acquisition, or sale of assets, subject to confidentiality agreements.
Joint Marketing Arrangements — Valley First may enter into joint marketing agreements with other financial institutions to offer products such as insurance or investment services. Under these arrangements, we may share limited member information — such as name, contact information, and transaction experience — with the joint marketing partner. These arrangements are governed by contractual provisions that restrict the partner's use of member information to the joint offering and require them to maintain confidentiality. Members have the right to opt out of information sharing for joint marketing purposes. To exercise this opt-out right, contact member support or submit the opt-out form available through online banking. The Federal Trade Commission provides additional guidance on financial privacy opt-out rights and how to exercise them effectively.
Data Security Practices
Valley First Credit Union maintains a comprehensive information security program designed to protect member data against unauthorized access, alteration, disclosure, or destruction. The program incorporates administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold. Administrative safeguards include employee background checks, ongoing security awareness training, access controls based on job function and need-to-know principles, and regular review of access permissions. Technical safeguards include 256-bit TLS encryption for data in transit, encryption of sensitive data at rest, multi-factor authentication for systems containing member information, network firewalls and intrusion detection systems, automated patch management, and continuous security monitoring. Physical safeguards include secured facilities with access controls, visitor management procedures, surveillance systems, and secure document disposal practices.
Our information security program is tested annually through independent third-party penetration testing and vulnerability assessments. The results of these tests inform ongoing improvements to our security posture. The program is also reviewed as part of the regular NCUA examination cycle, during which examiners evaluate the adequacy of our safeguards against federal information security standards. In the event of a data breach involving member information, Valley First will notify affected members in accordance with applicable state and federal breach notification laws. For resources on protecting your personal information from identity theft and fraud, visit IdentityTheft.gov, the Federal Trade Commission's dedicated identity theft recovery portal.
Member Rights and Choices
As a Valley First Credit Union member, you have certain rights regarding your personal and financial information. You have the right to review and request correction of information we maintain about you by contacting member support or visiting a branch. You have the right to opt out of information sharing with nonaffiliated third parties for joint marketing, as described above. You have the right to limit marketing communications by updating your preferences through online banking or contacting member support. You have the right to receive a copy of this privacy policy at account opening and annually thereafter, as required by federal law. You have the right to place a security freeze on your credit report by contacting the major consumer reporting agencies directly. And you have the right to file a complaint with the NCUA or the CFPB if you believe your privacy rights have been violated.
To exercise any of these rights, or to ask questions about this privacy policy, contact Valley First Credit Union member support at (509) 555-0185 during business hours, send a secure message through online banking, or visit any branch location. Written correspondence may be directed to Valley First Credit Union, Attention: Privacy Officer, 421 W Riverside Ave, Spokane, WA 99201.
Effective Date: January 1, 2026. This policy supersedes all prior versions.