Privacy Policy

Hollywood Vault, Inc. ("Hollywood Vault," "we," "us," or "our") is a financial technology company offering premium credit card products and related banking services. We are committed to protecting the privacy and security of your personal and financial information. This Privacy Policy explains what information we collect, how we use it, the choices you have, and the safeguards we have in place to protect your data.

This Privacy Policy applies to all Hollywood Vault credit card products—including the Gold, Platinum, Diamond, and Black Diamond cards—as well as our website, mobile application, and related services (collectively, the "Services"). By applying for or using any of our Services, you acknowledge that you have read, understood, and agreed to the practices described in this policy.

Hollywood Vault is headquartered at 6801 Hollywood Boulevard, Los Angeles, California 90028. We are a financial institution subject to federal and state privacy laws, including the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), and the European Union General Data Protection Regulation (GDPR) where applicable.

We collect information that you provide directly to us, information we collect automatically when you use our Services, and information we obtain from third parties. The categories of information we collect include:

Information from Third Parties

We may receive information about you from consumer reporting agencies (such as Equifax, Experian, and TransUnion), identity verification services, fraud prevention databases, co-branded partners, and payment networks (including Visa and Mastercard). This information is used to evaluate your application, service your account, detect and prevent fraud, and comply with legal obligations.

We use the information we collect for the following business and commercial purposes:

• Processing and evaluating your credit card application, including creditworthiness assessments and identity verification
• Servicing and administering your credit card account, including billing, payments, statements, and reward redemptions
• Detecting, preventing, and investigating fraud, unauthorized transactions, money laundering, and other financial crimes
• Communicating with you about your account, policy changes, security alerts, and promotional offers (where permitted by law)
• Personalizing your experience, including tailored rewards, merchant offers, and spending insights
• Conducting analytics, research, and product development to improve our Services
• Complying with legal, regulatory, and contractual obligations, including tax reporting and law enforcement requests
• Servicing and collecting on your account, including through third-party collection agencies if necessary

For residents of jurisdictions governed by the GDPR, we process your personal data under the following legal bases:

• Performance of a contract: processing necessary to issue and service your credit card account
• Legal obligation: processing required to comply with banking, anti-money laundering (AML), and tax regulations
• Legitimate interests: processing for fraud prevention, network security, and product improvement, balanced against your privacy rights
• Consent: processing for optional activities such as marketing communications and certain analytics, which you may withdraw at any time

We do not sell your personal information to third parties. We may share your information in the following circumstances:

Service Providers & Processors

We share information with trusted third-party service providers who perform services on our behalf, including payment processing networks, card-issuing partners, cloud hosting providers, customer support platforms, and marketing analytics tools. These providers are contractually bound to protect your information and may only use it to provide services to us.

Affiliates & Partners

We may share information with our corporate affiliates and co-branded partners to offer you complementary financial products and services, subject to your opt-out rights under applicable law.

Legal & Regulatory Disclosures

We may disclose your information when required by law, court order, subpoena, or regulatory authority, or to cooperate with law enforcement investigations. We may also disclose information to protect our rights, property, or safety, or that of our customers or the public.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or part of our business, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We retain your personal and financial information for as long as your account is active or as necessary to provide our Services. We also retain information after account closure for the periods required by law, including:

• Transaction records: 7 years (per federal banking regulations)
• Identity verification records: 5 years after account closure
• Tax-related documents: 7 years
• Fraud investigation records: up to 10 years
• Marketing consent records: until you withdraw consent, plus 3 years

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

We employ industry-standard physical, technical, and administrative safeguards to protect your personal and financial information. Our security measures include:

Despite our efforts, no security system is impenetrable. In the event of a data breach affecting your information, we will notify you and the appropriate authorities in accordance with applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Opt-out of sale: Direct us not to sell or share your personal information (we do not sell your data)
• Limit processing: Restrict or object to certain processing of your data
• Withdraw consent: Withdraw consent for processing based on consent at any time

To exercise any of these rights, contact our Privacy Office using the information in Section 12. We will respond within 30 days (or as required by applicable law).

We use cookies, web beacons, and similar tracking technologies on our website and mobile app to operate and improve our Services, remember your preferences, and analyze usage. For detailed information about the cookies we use and how to manage them, please review our Cookie Policy.

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where required, by email or account message. The "Last Updated" date at the top of this page indicates when the policy was last revised.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Privacy Office: