External link
You are about to leave MainStreet Bank website and view the contents of an external website. MainStreet Bank cannot be held responsible for the contents of external websites.
Continue
Digital Banking Login
Access accounts, online services, and view transaction history.

If you have a direct login for MainStreet Connect for remote deposit check scanning only, Click here

For your security, please review your internet browser's "Help" section

MainStreet Bank Web Privacy Policy

This Privacy Policy (“Web Policy“) applies to all access or use of MainStreet Bank digital properties, including the MainStreet Bank website at mstreetbank.com (the “Website“), any MainStreet Bank iOS or Android mobile application (the “Application“), and the digital services, vendor sites, content, products, and features offered from time to time by MainStreet Bank in connection therewith (collectively, the “Digital Services“). This includes digital services for divisions of MainStreet Bank such as Avenu (avenu.bank), Venu (venu.bank), and MainStreet Community Capital (mstreetbankcc.com).

 

This Web Policy explains how MainStreet Bank collects and uses the information you provide to us to help you make informed decisions when using the Digital Services. It also explains your rights in relation to your Personal Information and how to contact us in the event you have a question, comment, or complaint. Please be sure to read this entire Web Policy before using the Digital Services. If you do not agree with this Web Policy, then you should not use the Digital Services. For further information on policies governing the use of the Digital Services, please visit the Website Agreement.

 

This Web Policy is subject to change and MainStreet Bank may update it at any time. We will notify you of material changes to our Web Policy by posting any updated policies on this page and revising the April 2024 date.

 

1. WEB POLICY SCOPE
 
This Web Policy is specific to the Digital Services and does not supersede the General Privacy Policy. Furthermore, this Web Policy does not apply to consumer financial information subject to state or federal laws, rules, or regulations.

 

Please see our General Privacy Policy for more information concerning consumer financial information.

 

2. KEY TERMS
 
The following key terms used in this Web Policy have the meanings set out below.

Key Term

Definition

“Business Purpose”

The use of Personal Information for operational purposes of a business (or other purposes as notified to you) provided that the use of Personal Information is reasonably necessary and proportionate to achieve such purpose or a different, but compatible, operational purpose.

“MainStreet Bank”, “we”, “us”, or “our”

Refers to MainStreet Bank and its subsidiaries and brands as applicable.

“Personal Information”

Refers to any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual.

“Precise Geolocation Information"

Any information that is derived from a device and that is used or intended to be used to identify the specific location of an individual with precision and accuracy.

“Sale”

Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, an individual's Personal Information by a business to another business or a third party in exchange for monetary or other valuable consideration.

“Sensitive Personal Information”

Personal Information revealing an individual’s social security number, driver's license and passport numbers; an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious beliefs; union membership; Personal Information concerning an individual’s health, sex life, or sexual orientation; contents of a user's mail, email, and text messages where the business is not the intended recipient; genetic information; biometric information; and Personal Information collected from a child.

“Share”

Communicating orally, in writing, or by electronic or other means, an individual's Personal Information to a third party for cross-context behavioral advertising and/or profiling, whether for monetary or other valuable consideration.

“you”, “your”, or “User”

Refers to the individual or entity that visits, accesses, or uses the Digital Services.

3. COLLECTION OF PERSONAL INFORMATION
 
Personal Information We Collect

Although some portions of the Digital Services do not require the collection of Personal Information, we generally collect the following categories and specific types of Personal Information about our Users:

Categories of Personal Information

Specific Types of Personal Information Collected

Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (“IP”) address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers)   Information That Identifies, Relates to, Describes, or Is Capable of Being Associated with, a Particular Individual (e.g., real name, signature, social security number, physical characteristics or description, email and postal address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information)

Account Information: When you create and register an account through an Application or the Website ("Account"), we may collect various kinds of information about you including, but not limited to your name, email address, phone number, postal address, government identification numbers, and other information you provide to us during the creation of your Account.

Financial Information: If you choose to create an Account and use the Digital Services, we may collect financial account information associated with you such as credit and income information, bank account number, and other financial information you provide to us during the creation of your Account.

Precise Geolocation Information: With your permission, we may digitally collect your geographic location to direct you to our physical branch locations or our ATMs.

Sensitive Personal Information

Log-in Information: We collect Account usernames, email addresses, passwords, and other Account log-in information when an Account is created to use and access the Digital Services.

Government Identification Information: We may collect government identification information, such as your Social Security number, in order to verify your identity when you make an Account to use and access the Digital Services.

Financial Information

Precise Geolocation Information

Biometric Information: We collect biometric information, including facial recognition data, to protect against identity theft, prevent fraud, and verify your identity when you make an account to use and access the Digital Service.

Internet or Other Electronic Network Activity Information (e.g., browsing history, search history, and information regarding an individual's interaction with a mobile application)

Technical Information: We automatically collect certain information from you when you use the Digital Services, including, as applicable, your IP address, your reference location and browser information, your saved preferences, and other unique device identifiers and similar information for the overall health and improvement of the Digital Services.

Commercial Information (e.g., records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)

Payment Records: We collect a record of all payment transactions, payment authorizations, payment processes, and similar payment actions made through the Digital Services.

Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information

User Content Information: We may collect the User-generated content information you provide when you interact with the Digital Services. This may include documents, images, and other forms of electronic information uploaded or created by you. User metadata may automatically be uploaded with any User-generated content you provide.

How Your Personal Information is Collected

When you use the Digital Services, we collect the Personal Information you give us directly as well as usage information we collect automatically. The Personal Information we collect falls within the following groups of sources:

 

  • Directly from you. For example: If you create an Account with a Digital Service and provide us with your Personal Information or allow us to collect your Personal Information;
  • From public records. For example: Federal, state, or local government public record sources;
  • From third parties. For example: Our third party service providers and data analytics providers;
  • From third parties with your consent. For example: Credit bureaus; or Your bank;
  • From automated information collecting. For example: The cookies and tracking technologies on the Digital Services—for more information on our use of cookies and tracking technologies, please see the Section “Cookies and Tracking Technology” below;
    Advertising networks.

 

4. USE OF PERSONAL INFORMATION
 

Why We Use Your Personal Information

We may collect your Personal Information for the following purposes:

  • To provide, operate, and maintain the Digital Services and to foster a positive User experience by:
    Verifying your identity (e.g., when you access your Account information);
    Processing User payment transactions;
    Providing User service support; and
    Finding nearby MainStreet Bank physical branch locations and ATMs.
  • To personalize, customize, measure, and improve the Services, and the content, layout, and operation of the Digital Services;
  • To detect and prevent fraud, and identify theft and other risks to you or Mainstreet Bank;
  • To provide advertising and marketing services through our Digital Services;
  • To comply with applicable laws and regulations or otherwise seek to prevent potentially prohibited or illegal activities;
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Users is among the assets transferred; or
  • For other purposes about which we notify you.

 

How and Why We Use Your Sensitive Personal Information

Special forms of Personal Information, if collected, are considered sensitive and receive heightened protection. We may collect and process the following specific types of Sensitive Personal Information when you voluntarily provide them for necessary Business Purposes:

  • Account information;
  • Log-in information;
  • Financial information;
  • Biometric information; and
  • Government Identification Information.

 

We may collect and process the following special categories of Sensitive Personal Information for necessary Business Purposes with your prior consent:

  • Precise Geolocation Information.
    Our collection of your Precise Geolocation Information is not mandatory and is controlled by you through the Digital Services or through your device settings. You may consent to, or opt out of, Precise Geolocation Information tracking at any time. Please note that opting out of Precise Geolocation Information tracking may affect the extent to which MainStreet Bank can offer you certain location services.

 

Sometimes, we may also need to collect Sensitive Personal Information for the sole purpose of verifying your identity (e.g., your privacy right request; your request to remove your child’s Personal Information). For these purposes, we collect the following Sensitive Personal Information when it is given to us directly by you:

  • Account information;
  • Financial information;
  • Biometric information; and
  • Government Identification Information.

 

When we use your Sensitive Personal Information, we will only use it as permitted under applicable data protection laws. For example:

  • We have your explicit consent; or
  • The use of Sensitive Personal Information is necessary to carry out the Digital Services.

 

5. SELLING, SHARING, AND DISCLOSING OF PERSONAL INFORMATION
 

Who We Share Your Personal Information With
In the preceding twelve (12) months, we have not Sold or Shared your Personal Information for money or other valuable consideration—or Shared your Personal Information for targeted advertisement or profiling purposes.

 

Categories of Personal Information We Sold or Shared
In the preceding (12) months, we have not Sold or Shared any category of your Personal Information for money or other valuable consideration—or Shared your Personal Information for targeted advertisement or profiling purposes.

 

Who We Disclose Your Personal Information to for Business Purposes
In the preceding twelve (12) months, we have disclosed your Personal Information to the following parties for necessary Business Purposes:

  • Certain third party companies, service providers, and their employees and representatives that help us run, maintain, and secure the Digital Services (collectively, the “Authorized Third Parties”);
  • Third parties approved by you, including third party banks and payment providers;
  • Credit bureaus and reporting agencies;
  • Government agencies as required by laws and regulations;
  • Our insurers and brokers; and
  • Our affiliates.

 

Categories of Personal Information We Disclosed for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a Business Purpose:

  • Identifiers;
  • Information That Identifies, Relates to, Describes, or Is Capable of Being Associated with, a Particular Individual;
  • Commercial Information;
  • Internet or Other Electronic Network Activity Information;
  • Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information; and
  • Sensitive Personal Information.

 

Our Business Purposes for Disclosing Personal Information

In the preceding twelve (12) months, we have disclosed your Personal Information for the following Business Purposes:

  • To maintain the necessary operations of the Digital Services;
  • To provide Digital Services to you including payment transactions, payment authorizations, payment processes, and similar payment actions;
  • To verify your identity, prevent fraud and authenticate documentation;
  • To fulfill or meet the reason you provided the information;
  • To provide you with support and to respond to your inquiries;
  • To verify the existence and condition of your Account for a third party, such as a credit bureau or merchant;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
  • For other reasons as we will relate them to you before we collect your Personal Information.

 

6. COMMUNICATIONS
 
The communications between you and MainStreet Bank may take place via electronic means, whether you visit the Digital Services or send us emails, or whether we post notices on the Digital Services or communicate with you via email, phone call, text message, mobile push notification, or through the Digital Services (collectively the “Communications”). Message and data rates may apply.

 

You have the right to opt out of receiving promotional Communications at any time. If you would like to discontinue receiving promotional Communications, you may opt out by using the “Unsubscribe” link found in our emails, replying “STOP” to our text messages, or disabling push notifications through your mobile device’s settings. You acknowledge that opting out of receiving all Communications may impact your use of the Digital Services. Notwithstanding the foregoing, if we suspect fraud or unlawful activity on your Account, MainStreet Bank may contact you using any of the contact information you provided in connection with your Account.

 

7. COOKIES AND TRACKING TECHNOLOGIES
 
We, as well as the Authorized Third Parties that provide functionality on the Digital Services, may use cookies, web beacons, or similar technologies to automatically collect or receive Personal Information and anonymized information throughout the Digital Services. This information is used for analytics, advertising, and troubleshooting purposes. As a User of our Digital Services, you can opt-out of the collection and use of your Personal Information for advertisement targeting by visiting Your Ad Choices.

 

Cookies and Similar Tracking Technologies

A cookie is a small data file that we transfer to your device’s system when you access the Digital Services. We use cookies and similar tracking technology to collect additional service usage information and to improve the Digital Services.

 

Analytics

We use Google Analytics to better understand how Users interact with our Digital Services. Google Analytics provides non-personally identifiable information including but not limited to information concerning where Users came from and what actions they took on the Digital Services. We use this information to improve your experience. You can learn more about Google Analytics and how to opt out of its information collection by visiting Google Analytics.

 

What Types of Cookies Do We Use?

We, as well as the Authorized Third Parties that provide functionality on the Digital Services, make use of the following types of cookies:

  • Strictly Necessary Cookies: We use these cookies to maintain our Digital Services. Without them, our Services would not work properly.
  • Performance or Analytical Cookies: We use these cookies to measure the performance of the Digital Services. This information is then used to improve our Digital Services and improve your experience.
  • Security and Authentication Cookies: We use these cookies to help keep our Digital Services secure by managing User sessions and preventing fraud. They ensure that your information is delivered to you by linking your information with a unique cookie identifier string.
  • Personalization Cookies: We use these cookies to remember your preset features and preferences for our Digital Services.
  • Advertising Cookies: Advertising cookies and technologies are used to deliver advertisements that may be relevant to you and your interests.
  • Software Development Kits: A software development kit (“SDK”) is a mobile specific set of tools that provides a developer with the ability to build a custom application which can be added on, or connected, to another program. We use SDK packages to deliver similar technologies like cookies within our Applications.

 

Cookie Duration Period

Cookies have a duration period; some cookies are temporary (session cookies), while others may stay on your browser until you delete them manually or until your browser or device deletes them based on the duration set within the cookie (persistent cookies). We and our Authorized Third Parties make use of both session and persistent cookies.

 

How to Manage Cookies

If you do not want cookies from us, our Authorized Third Parties, or other third parties, you can change your browser or device settings to stop accepting cookies or to prompt you before accepting a cookie from the websites or applications you visit. However, please note that the Digital Services may not function properly if you disable cookies.

 

8. THIRD PARTY WEBSITES, APPLICATIONS, AND WIDGETS
 
The Digital Services may contain links to non-affiliated third party websites, applications, or social media widgets (such as credit bureaus, service providers, or merchants). Mainstreet Bank does not endorse, authorize, represent, or exercise control over any third party website, application, or social media widget. These other websites, applications, or widgets may place their own cookies or other files on your device, collect information, or solicit Personal Information from you. Third party websites, applications, and social media widgets may follow different rules regarding the use or disclosure of the Personal Information you submit to them. We encourage you to read the privacy notices or policies of the other websites, applications, or widgets you visit or click.

 

By visiting a non-affiliated third party website or application or interacting with a social media widget, you acknowledge that you understand and assume these risks.

 

9. OPT OUT INFORMATION
 
The Right to Opt Out: State Specific
Some states provide their residents with the right to opt out of the Sale or Sharing of Personal Information, targeted advertising and/or profiling, and automated decision-making. If you wish to exercise your state right, please complete our Opt Out form and send it to us.

 

Do Not Sell or Share My Personal Information

The state of California provides their residents with the right to opt out of:

  • The Sale or Sharing of Personal Information for money and other value; and/or
  • The Sale or Sharing of Personal Information for the purpose of cross-context behavioral advertising (targeted advertising) or profiling.

MainStreet Bank does not Sell or Share your Personal Information for money or other valuable consideration—or Share your Personal Information for targeted advertisement or profiling purposes.

 

Limit the Use and Disclosure of My Sensitive Personal Information
The state of California also provides their residents with the right to limit the use and disclosure of their Sensitive Personal Information to necessary Business Purposes. MainStreet Bank only uses your Sensitive Personal Information for necessary Business Purposes.

 

Do Not Track
Our Digital Services do not respond to “Do Not Track” or “DNT” signals or similar mechanisms.

 

10. CHILDREN’S INFORMATION
 
Eligibility for Digital Services
The Digital Services are not intended for persons under the age of eighteen (18). We do not knowingly collect information from children under eighteen (18) without parental consent and we specifically prohibit children under eighteen (18) from entering any parts of the Digital Services. You can learn more about the Children’s Online Privacy Protection Act by visiting the Federal Trade Commission.

 

Privacy Rights for California Minors in the Digital World Act
If you are a California resident under the age of eighteen (18) and are a User of the Digital Services, you may request that we remove the Personal Information you have posted on the Digital Services. Please contact us (see the Section “How to Contact Us” below) so we may delete the information collected. Keep in mind, however, that certain California or federal laws may stop us from deleting specific categories of your Personal Information if applicable.

 

11. DATA TRANSFER
 
The Personal Information of Users may be transferred or processed in any jurisdiction where we have facilities or jurisdictions in which we engage service providers or other third parties, including the United States. Any such transfer will be in accordance with applicable laws and regulations.

 

12. SECURING YOUR INFORMATION
 
The security of your Personal Information is extremely important to us. To protect Personal Information from unauthorized access and use, we use security measures that comply with applicable federal and state laws.

 

However, due to the inherent nature of the Internet as an open global communications vehicle, we make no guarantee as to the security of your information or that your information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In the event of a data breach relating to your Personal Information, we will provide timely notification in accordance with applicable laws and regulations.

 

13. DATA RETENTION
 
In general, we will retain Personal Information and other data we collect, obtain, hold, and/or process on behalf of our Users for as long as needed to provide the Digital Services to such Users, and we retain and use this Personal Information and other data as necessary to comply with our legal obligations, resolve disputes, and enforce this Web Policy.

We may delete or anonymize Personal Information and other data at any time in accordance with applicable laws and agreements. However, we will keep your Personal Information for as long as necessary to:

    • Respond to any questions, complaints, or claims made by you or on your behalf;
    • Show that we treated you fairly; or
    • Keep records required by law.

 

14. PRIVACY RIGHTS
 
U.S. State Applicable Privacy Rights
Residents of certain U.S. states may have specific privacy rights, including but not limited to the rights listed below, that they may exercise free of charge:

Privacy Right and Applicable State

Privacy Right Details

The Disclosure of Personal Information We Collect About You

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

You have the right to know how and why we collect, store, use, and disclose your Personal Information.

Right of Access

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

You have the right to be provided with a copy of your Personal Information. You may make a request to us, no more than twice (2) in a twelve (12)-month period, for a disclosure of your Personal Information to you.

Do Not Sell or Share My Personal Information

• California

You have the right to opt out of: (i) the Sale or Sharing of Personal Information for money and other value; and/or (ii) the Sale or Sharing of Personal Information for the purpose of cross-context behavioral advertising (targeted advertising) or profiling.

The Right to Limit the Use and Disclosure of Sensitive Personal Information

• California

You have the right to limit the use and disclosure of your Sensitive Personal Information for any reason other than supplying requested services.

The Right to Opt Out of Targeted Advertising and Profiling

• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

You have the right to opt out of the Sale or Sharing of your Personal Information, targeted advertising, and certain types of profiling.

The Right to Deletion

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

Upon receipt of a verifiable request, you have the right to request that we delete the Personal Information we have collected about you, subject to applicable legal exceptions.

The Right of Correction

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

Upon receipt of a verifiable request, you have the right to request that we correct your inaccurate Personal Information, subject to applicable legal exceptions.

Protection Against Retaliation

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

You have the right to not be retaliated against after exercising any of your privacy rights.

The Right to Appeal

• Virginia
• Colorado
• Connecticut
• Oregon
• Montana
• Texas

You have the right to appeal to our refusal to act on your privacy rights request.

The Right to Opt Out of Certain Automated Decision-Making

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Oregon
• Montana
• Texas

You have the right to opt out of automated decision-making technology in connection with decisions that produce legal or similarly significant effects concerning you.

We respect your control over your Personal Information. You can exercise your privacy rights by:

  • Sending us a privacy request – we will respond within thirty (30) days (see “How to Contact Us” below);
  • Completing our Opt Out Form – we will respond within fifteen (15) business days (see “Opt Out Information” above); or
  • Completing our Privacy Rights Appeal Form – we will respond within forty-five (45) days (see “Appeal Information” below).

 

Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information. We encourage you to first reach out to us, so we have an opportunity to address your concerns directly. Please see “How to Contact Us” below for our contact information.

 

15. APPEAL INFORMATION
 
Some states provide their residents with the right to appeal if we refuse to complete a privacy request.

 

The appeal must be sent within a reasonable time after our refusal. If you submit a privacy right request and we refuse to act on it, we will let you know, within thirty days (30) of receipt of your request, of our reason for declining to act. We will also provide you with a link to our Privacy Rights Appeal Form.

 

Within forty-five (45) days of receipt of your appeal, we will inform you of any actions we took (or did not take) in response to your appeal, along with a written explanation of the reasons for our decision. If your appeal is denied, you may have the right to submit a complaint to the Attorney General of your state, if applicable.

 

16. STATEMENT REGARDING BIOMETRIC INFORMATION
 
When we refer to “biometric information,” we mean information about your physical or biological characteristics (sometimes called biometric identifiers” that identify you. Information like eye, hand, or face scans; fingerprints; and voiceprints may be considered biometric information if they are being used to identify you by technical means.
 
We collect and use biometric information, including facial recognition data, solely for the purpose of protecting against identity theft, preventing fraud, and verifying your identity. We may also collect voiceprints for the same purposes. We only use biometric information for these purposes. All biometric information is not collected or stored by us directly. Instead, it is collected and stored by our third-party vendors, such as IDology, at our direction. We do not share biometric information with any other third parties (other than our aforementioned service providers or as required by law) and will not sell, lease, trade, or otherwise profit from your biometric information.
 
This biometric information is only stored so long as needed. Our Vendors will store facial recognition biometric information for no more than thirty (30) days, and voiceprints, if collected, will be stored and used for the duration of our customer relationship with you or as otherwise permitted by law. In any event, we will only cause our vendors to use and store biometric information until (i) the purpose for collecting the information has been satisfied, or (ii) you no longer utilize our products and services, unless we are legally required to keep information for a different period.
 
In addition, we have contractually required all vendors who handle or store biometric information to comply with all applicable laws and regulations, and we and our vendors have taken reasonable measures to ensure the safety and security of your biometric information, consistent with how we protect and safeguard other personal or sensitive information. We seek to comply with all applicable laws, including those that require us to obtain your consent with respect to biometric information. To that end, to access certain products or services, you may be required to fill out additional forms or otherwise indicate your consent to the collection of biometric information.

 

17. HOW TO CONTACT US
 
Privacy Requests

To send a request about privacy rights, please:

  • Contact us via email;
  • Provide enough information to identify you (e.g., your full name, physical address, email address);
  • Provide proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • Provide a description of what right you want to exercise and the information to which your request relates.

 

We will respond within thirty (30) days. Please note, we will not make any information disclosures to you if we cannot verify your identity and verify that the information requested belongs to you or someone that you are authorized to act for. Any Personal Information we collect from you to verify your identity, in connection with your request, will be used solely for the purposes of verification.

 

Contact Details

If you have any questions, concerns, or requests about our use of your Personal Information, please contact us using our contact details below.

Contact Details

 

Postal Address

22980 Shaw Rd. Sterling, VA 20166

Email Address

privacy@mstreetbank.com

Telephone

703-481-4589
877-924-7360 (Toll Free)

© 2024 MainStreet Bank. All Rights Reserved. NMLS# 416495
Web Privacy Policy     |    Contact us     |    Accessibility
facebook
twitter
linkedin