RSA Privacy Notice
Last Updated: June 26, 2025
This Privacy Notice (“Privacy Notice”) describes how RSA America, together with our subsidiaries and affiliates (hereinafter, variously referred to as “RSA”, “Company”, “we”, “us”, or “our”) may collect information about you through your interactions with our products, services, websites, mobile applications, and software-as-a- service. We operate several websites including https://rsaamerica.com (the “Sites”), as well as several mobile applications on behalf of our retailer customers (“Applications”) (collectively, the “Services”). It is our policy to respect your privacy regarding any information we may collect while operating the Services.
By using any of RSA’s Services, you confirm you have agreed to the Terms of Service located at https://rsaamerica.com/terms/ (“Terms of Service”) and read and understood this Privacy Notice and our Cookie Policy located at https://rsaamerica.com/cookie-policy/ (“Cookie Policy”). We take the privacy of users very seriously, and we will not share personal information of users in any manner other than as described in this Privacy Notice.
Types Of Information We Collect
How We Collect Your Information
How We Protect Personal Information
How we Retain Your Personal Information
End Users’ Personal Information
General Information
In this Privacy Notice, when we refer to “Users”, we mean our customers who use our Services, including without limitation visitors to our Sites. The users, visitors and customers of our Users’ sites or applications are referred to herein as “End Users”. Any other capitalized terms not defined in this Privacy Notice have the meanings given in our Terms of Service.
This Privacy Notice describes what we do with personal information that we collect and use for our own purposes (i.e., where we are a data controller), such as your account information and information about how you use and interact with the Site and our Services, including without limitation information you submit to our customer support as well as certain information relating to your End Users.
We also host and process User Content on behalf of our Users. Our Users tell us what to do with User Content, and we follow their instructions. This Privacy Notice does not describe what we do with User Content on our Users’ instructions (i.e., as their processor or service provider). If you are an End User of one of our User’s Sites and want to know how a User handles your information, you should check their site’s privacy notice, if applicable. If you want to know about what we do for our own purposes, read this Privacy Notice.
If you are a User, see our Data Processing Addendum to learn more about how we process User Content or other personal information on your instructions or with your permission.
Types Of Information We Collect
We collect various information regarding you or your device. This includes the following:
The following provides examples of the type of information that we collect from you and how we use that information.
Context | Types of Data | Primary Purpose for Collection and Use of Data |
Customer Information | We collect the name, username, and contact information, of our customers and their employees with whom we may interact. | We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing. |
Customer User Account information | We collect information you provide to create an account, specifically email address, first name and last name. If you sign up for paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card) and we ask you to select your jurisdiction. | We have a legitimate interest in providing account related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services. |
Cookies and first party tracking | We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. See our Cookie Policy https://rsaamerica.com/cookie-policy/ for more information. | We have a legitimate interest in making our Sites and Services operate efficiently. |
Cookies and Third Party Tracking | We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our Sites and Services so that they can provide advertising about products and services tailored to your interests on our Sites, Services or on other websites. | We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics. |
Demographic Information | We collect personal information, such as your age or location. | We have a legitimate interest in understanding our users and providing tailored services. |
Distance Information | When you use our applications we collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location and your distance from one of our Users retail locations. | We have a legitimate interest in understanding our users and providing tailored services. In some contexts, our use is also based upon your consent to provide us with geo location information. |
Email Interconnectivity | If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. | We have a legitimate interest in understanding how you interact with our communications to you. |
Employment | If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment. | We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and work force operations. |
Feedback/Support | We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script. | We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries. |
Mailing List | When you sign up for one of our mailing lists, we collect your email address, phone number and/or postal address. | We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services. |
Mobile Devices | We collect information from your mobile device such as unique identifying information broadcast from your device when visiting our Sites or using an application or Services. | We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices. |
Order Placement | We collect your name, billing address, e-mail address, phone number when you place an order. | We use your information to perform our contract to provide you with products or services. |
Surveys | When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third-party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. | We have a legitimate interest in understanding your opinions and collecting information relevant to our organization. |
Website & Application Interactions | We use technology to monitor how you interact with our Services. This may include: IP addresses, preferences, web pages you visited prior to coming to our or our Users’ Sites, Services or applications, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ Sites or applications (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors). | We have a legitimate interest in understanding how you interact with our Sites and Services to better improve it, and to understand your preferences and interests to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud. |
Web logs | We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. | We have a legitimate interest in monitoring our networks and the visitors to our Sites. Among other things, it helps us understand which of our services is the most popular. |
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
Our Use of Your Information
In addition to the purposes and uses described above, we use information in the following ways:
- Provision of the Services. Create and manage your account, provide, and personalize our Services, register, or transfer your domain names, process payments and respond to your inquiries.
- Communicating with you. Communicate with you, including by sending you emails, text messages (with your consent where required by law), and push notifications through our mobile applications about your transactions and Service-related announcements.
- Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs, and promotions of RSA and our partners and measure the success of those campaigns including by sending you emails, text messages (with your consent where required by law), and push notifications through our mobile applications. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
- Advertising. Analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for paid Services or we may choose to serve you a particular advertisement based on your subscription plan or what we think may interest you based on other information we hold about you.
- Customizing the Services. Provide you with customized services. For example, we use your location information to determine your language preferences or display accurate date and time information.
- Improving our Services. Analyze and learn about how the Services are accessed and used, evaluate, and improve our Services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most Users of paid Services use a particular integration or feature, we might wish to expand on that integration or feature.
- Security. Ensure the security and integrity of our Services.
- Third party relationships. Manage our vendor and partner relationships.
- Enforcement. Enforce our Terms of Service and other legal terms and policies.
- Protection. Protect our and others’ interests, rights, and property (e.g., to protect our Users from abuse).
- Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts, and law enforcement requests.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information because we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
How We Collect Your Information
We obtain personal information from various sources. We do this in three main ways:
- When you give it us. You provide some of it directly (such as by registering for an account). For instance, we ask you to provide your name and email address to register and manage your account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. You might also provide us with information in other ways, including by responding to surveys, submitting a form or participating in contests or similar promotions. If you do not provide personal information when requested, we may not be able to provide certain Services if that information is necessary to deliver the Service, or if we are legally required to collect it..
- When you use our Services. We record some of your information automatically when you use our Services, Users’ Sites or applications (including with technologies like cookies). we collect information about your activity on and interaction with the Services, such as your IP address(es), your device and browser type, the web page you visited before coming to our Sites, what pages on our Sites you visit and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our applications. If you are an End User of our Users’ Sites, Services or applications, we also get information about your interactions with their sites. However, we use this in anonymous, aggregated, or pseudonymized form that does not directly identify you. We use this data to evaluate, provide, protect or improve our Services (including by developing new products and services). Some of this information is collected automatically using cookies and similar technologies when you use our Services and our Users’ Sites or applications. Our Users can control which cookies and similar technologies are used through their own sites (except for those necessary to provide the Services, such as those required for security or performance). . You can read more about our use of cookies in our Cookie Policy. Some of this information is similarly collected automatically through your browser or from your device.
- From Third Parties. We receive some of it from third parties (like when you register for an account using a Third-Party Service or when you make payments to us using our payment processor or via a mobile app store). If you use a Third-Party Service (such as Google) to register for an account, the Third-Party Service may provide us with your Third-Party Service account information on your behalf, such as your name and email address (we do not collect or store passwords used to access Third-Party Services). Your privacy settings on the Third-Party Service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the Third-Party Service. If you sign up for certain services directly with us and pay via credit card or ACH, we obtain limited information about your payment card and banking information from our payment processor, such as the last four digits of your card or account number, the country of issuance and the expiration date.
Sharing Of Information
In addition to the specific situations discussed elsewhere in this Privacy Notice, we share personal information in the following ways:
- Affiliates. We share personal information with our affiliates when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the services we or they provide.
- Users. We share with our Users data regarding usage by End Users of their sites. For example, we provide a User with information about what web page the End User visited before coming to their site and how their End Users interacted with their site. This is so Users can analyze the usage of their sites and improve their services.
- Business partners. We may share personal information with business partners. For example, we may share your personal information when our Services are integrated with their Third-Party Services, but only where you have been informed, provided consent (where required by law), or where such sharing is consistent with your reasonable expectations.
- Third Party Plugins and Social Networks. We may share personal information with website plugins, social media platforms or similar Third-Party Services to improve your experience, at your direction or based on your interaction with the plug-in. For example, when you use a Third-Party Service to create or log in to your account, we may share your personal information with that Third Party Service.
- Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.
- Process payments. We transmit your personal information via an encrypted connection to our payment processor. Our payment processors are required to comply with applicable privacy and data protection laws.
- Compliance with legal obligations and protection rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests (such as enforcing our Terms of Service) or prevent fraud or abuse of RSA or our Users or End Users. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements, in compliance with applicable due process requirements.
- Advertising. We share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness. For example, we may share your pseudonymized email address with a third-party social media platform on which we advertise solely to prevent advertising to individuals who are already RSA customers, or to provide relevant advertising, where permitted by law and subject to your choices and preferences.
- Business transfers. If we’re involved in a reorganization, merger, acquisition, or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals. In such cases, we will ensure that your personal information continues to be protected in accordance with this Privacy Notice and applicable laws.
Your Choices
You can make the following choices regarding your personal information:
- Access To Your Personal Information. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you. Where applicable law requires, we will provide this information in a portable format, if required. Note that California residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing.
- Changes To Your Personal Information. We rely on you to update and correct your personal information. Our Sites allows you to modify or delete your account profile. If our Sites do not permit you to update or correct certain information, you contact us at the address described below in order to request that your information by modified. Please note that we may retain historical information in backup files as permitted or required by law.
- Deletion Of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, and as described in this Privacy Notice. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address described below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below. Where required by law, we will honor your objection unless we have a compelling legitimate interest in continuing such processing or are otherwise permitted by law to do so.
- Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. Please note that even if you opt out of promotional emails, we may still send you non-promotional communications related to your account or transactions with us.
- Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.” Text messages sent to your mobile device may be generated using automated technology. Your consent to receive text messages is not required to use the Services and you may opt out of receiving text messages at any time by contacting us at support@rsaamerica.com. Please be aware that your carrier’s message and data rates may apply.
- Push Notifications. If you receive a push notification from us on your mobile device from one of our mobile applications, you can choose not to receive future push notifications by altering the settings on your mobile device. Your consent to receive push notifications is not required to use the Services.
- Revocation Of Consent. If you revoke your consent for the processing of personal information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.
Please address written requests and questions about your rights to support@rsaamerica.com. or call us at 1 312-471-6700.
Note that, as required by law, we will require you to prove your identity. We may verify your identity through methods such as phone call, text message, or email. Depending on the nature of your request, we may ask you to provide information such as your name, account details, or other relevant information. We may verify your identity by phone call, text message or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our records. consistent with applicable law.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:
- A written and signed authorization from the individual confirming that you are authorized to act on their behalf.
- If you are a business entity, proof that you are registered with the appropriate Secretary of State (such as in California) to conduct business.
If we do not receive both pieces of information, the request will be denied.
How We Protect Personal Information
While no service can be guaranteed as completely secure, we have a dedicated security team and have implemented reasonable and appropriate technical, physical, and organizational safeguards designed to protect the personal information we process from unauthorized access, alteration, disclosure, or destruction. The Company has adopted appropriate physical, electronic and managerial procedures to safeguard and secure the personal information we process. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Your account is protected by a password to help maintain your privacy and security. We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. When your bank account information is transmitted through the Services, it is protected using encryption technology. Because the internet is not a completely secure environment, Company cannot warrant the security of any information a user transmits to Company or guarantee that information on the Services may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. You are responsible for maintaining the confidentiality of your unique password and account information, and for controlling access to communications between you and the Company (such as emails), at all times. Users should limit access to its computer and/or mobile device and/or browser and sign off after a user has finished accessing its account. We are not responsible for the security, privacy, or functionality of any third-party websites, services, or applications that may be linked to or from our Services, nor for the information or content contained within them.
How We Retain Your Personal Information
We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The exact retention periods vary depending on the nature of the data, the purpose for its collection, and applicable legal and regulatory requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use and/or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with a user) for research or statistical purposes in which case we may use this information indefinitely without further notice to a user. We may also retain information (including your personally identifiable information) for a commercially reasonable time period for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce agreements. Please note that if you choose not to provide us with certain requested information, you may not be able to use or access certain features or services. You can request additional details regarding our retention periods for different types of personal data by contacting us.
Additionally, in the course of providing the Services, we may collect and maintain aggregated, anonymized, or de-identified information, which we may retain and use indefinitely.
End Users’ Personal Information
Our customers who have created a site using RSA are responsible for what they do with the personal information they collect, directly or through RSA, about their End Users. This Section is directed to such customers.
- Your relationship with End Users. If you are one of our Users, you will collect personal information about your End Users. For example, during checkout you may ask your End Users to provide their name, address, email address and payment information so that you can complete their orders. You may also use cookies and similar technologies to analyze usage and other trends. You are solely responsible for ensuring that your collection, processing, and use of End Users’ personal information complies with all applicable privacy and data protection laws and regulations, including (where applicable) providing notice, obtaining consent, enabling data subject rights, and honoring requests under laws such as the GDPR or CCPA. This includes any personal information you collect about them from us or using RSA functionality or cookies or similar technologies. You must publish and maintain your own privacy and cookie policies that accurately describe your data practices and ensure your compliance with them. We are not responsible for your relationship with your End Users or how you collect and use personal information about them (even if you collect it from us or using RSA functionality or services. We do not provide legal advice and recommend consulting qualified counsel to ensure your compliance obligations are met.
- End User Payment Information. Your End Users’ payment information may be processed via third party payment processor with which you integrate your account, in accordance with such processor’s terms and privacy policies. RSA does not collect, store, or access your End Users’ complete payment information. We only transmit this information securely when initially provided or updated, solely to pass it to your designated payment processor.
Other Important Information
The following additional information relates to our privacy practices:
- Third Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own or operate. We are not responsible for the content, privacy policies, or practices of any third-party websites or services, and we encourage you to review their privacy notices before providing them with any personal information.
- Children. The Site is not directed at children, and we do not knowingly collect personal information directly from users under the age of 13 or from other web sites or services directed at children. Consistent with the Children’s Online Privacy Protection Act (“COPPA”), we do not knowingly collect or solicit personal information from children under the age of 13 without verifiable parental consent. If we learn that we have collected personal information from a child under age 13 without such consent, we will promptly delete that information.
- Changes To This Privacy Notice. We may change our Privacy Notice and practices over time to reflect changes in technology, law, our business operations, or any other reason we determine is necessary or appropriate. If we make material changes to this Privacy Notice, we will notify you as required by applicable law, which may include updating the ‘Last Updated’ date at the top of this notice and/or providing direct notice (such as through email or a prominent notice on our Site). Unless you provide your express consent, material changes will not apply retroactively to personal information collected under a prior version of the Privacy Notice. We encourage you to review this Privacy Notice periodically to stay informed about how we process your personal information.
- Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader. If you need this Privacy Notice in an alternative format, please contact us at support@rsaamerica.com or call us at 312-471-6700.
Other Jurisdictions
Personal information that you submit through the Services may be transferred to countries other than where you reside. We may also store personal information locally on the devices you use to access the Services. Your personal information may be transferred to countries that may not provide the same level of data protection as the country in which you initially provided the information. The following provisions may apply to you depending on where you are located.
- European Economic Area (EEA) and the United Kingdom (UK).
Transmission Of Information To Other Countries.
RSA is located in the United States. The Services are hosted in, provided from the United States, and intended for those visiting the United States. Our service providers and other third parties you may interact with in connection with our Services may be located in the United States and other countries around the world. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where required, we take appropriate safeguards to protect your personal information in accordance with applicable data protection laws. By submitting your personal information to us, you consent to the transfer, storage, and processing of your information in countries outside your country of residence, including—but not limited to—the United States. By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. Where personal information is collected from the EEA or the UK and transferred internationally, we rely on the following legal mechanisms:
Standard Contractual Clauses. In accordance with Article 46 of the GDPR and UK GDPR, we may transfer personal information to recipients who have entered into European Commission-approved Standard Contractual Clauses or UK-approved international data transfer agreements that provide appropriate safeguards for the data.
Other Transfer Mechanisms: We may also rely, as appropriate, on adequacy decisions pursuant to Article 45 of the GDPR/UK GDPR, approved certification mechanisms, codes of conduct, or binding corporate rules (BCRs), where applicable and enforceable. These mechanisms ensure that your personal information remains protected and that your data subject rights are preserved.
Complaints.
If you are a resident of the EEA, and believe we process your information in scope of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with your local supervisory authority or with the Office of the Data Protection Commissioner in your country. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office (ICO). To exercise your privacy rights set forth in this Privacy Notice, you may contact us as set forth in the Contact Us.
- Nevada. This notice is provided to you pursuant to Nevada Revised Statutes Chapter 603A. Nevada law permits certain businesses to make marketing calls to existing customers. However, if you prefer not to receive such calls, you may request placement on our internal “do not call” list by emailing us at support@rsaamerica.com. You may also direct complaints to the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; phone: 702-486-3132; email: AGCinfo@ag.nv.gov..
- Texas. If you have a complaint, we encourage you to contact us first by visiting our website at https://rsaamerica.com. If your complaint regarding the company’s money transmission or currency exchange activity remains unresolved, you may contact the Texas Department of Banking at 2601 North Lamar Boulevard, Austin, TX 78705-4294; phone: 1-877-276-5554 (toll-free); website: www.dob.texas.gov.
- Vermont. In accordance with Vermont law, we will not share information we collect about you with companies outside of RSA except as permitted or required by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.
- California – California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (CPRA). This section applies only to California residents and only to personal information that RSA collects and processes in its role as a “Business” under the CCPA/CPRA. It does not apply to personal information collected in the context of a business-to-business relationship, such as when you are an employee, owner, director, officer, or contractor of a company, non-profit, or government agency that uses our Services. For information about how we handle personal information when we act as a “Service Provider,” please see Section 3.7 of our Terms of Service.
How We Collect, Use, and Disclose your Personal Information
Under the CCPA/CPRA and subject to certain limitations and exceptions, California residents may have the following rights with respect to the personal information RSA has collected about them:
- The right to know the categories and specific pieces of personal information we have collected, the sources from which we collected it, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
- The right to request deletion of personal information we have collected from you, subject to legal exceptions.
- The right to correct inaccurate personal information.
- The right to opt out of the “sale” or “sharing” of personal information, as defined under California law.
- The right to limit the use and disclosure of sensitive personal information, if applicable.
- The right to non-discrimination for exercising any of your privacy rights.
The Types of Information We Collect section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the Our Use of Your Information section. We share this information as described in the Sharing Of Information section. RSA uses cookies, including advertising cookies, as described in our Cookie Policy. https://rsaamerica.com/cookie-policy/
To exercise your data protection rights under California law, California residents may contact us at support@rsaamerica.com. If you have questions, please reach out as described in the Contact Us section of this Privacy Notice.
You may be required to provide additional information necessary to verify your identity before we can respond to your request. We will use this information solely for verification purposes. In some cases, we may request that you submit a signed statement under penalty of perjury confirming your identity.
We will acknowledge receipt of your request within 10 business days and will endeavor to respond within 45 calendar days of receipt. If we need more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing. For verified requests to opt out of the sale or sharing of personal information, we will comply within 15 business days, as required by law.
We are not able to fulfill your request or disclose personal information unless we can verify your identity and confirm that the personal information we maintain relates to you.
You may submit a request for:
- Disclosure of our information collection practices, including the categories of personal information collected, sources of collection, purposes of use, and categories of third parties to whom information is disclosed;
- Access to the specific pieces of personal information we have collected about you in the preceding 12 months;
- Deletion of personal information (subject to legal exceptions);
- Correction of inaccurate personal information, and
- Opting out of the sale or sharing of personal information.
You may submit these requests up to twice within a 12-month period.
For requests for a copy of personal information collected in the 12 months prior to the request, we will provide the information in a format that is readily usable and portable, such as a secure electronic file or a mailed paper copy, if you have an account with us.
For deletion requests, please note that California law allows us to retain certain personal information under specific circumstances. For example, we may deny a deletion request if the information is necessary to:
- Complete a transaction or fulfill a contract with you;
- Detect, prevent, or prosecute security incidents, fraud, or other illegal activity;
- Comply with a legal obligation;
- Use the information internally in a lawful manner compatible with the context in which you provided it (e.g., for recordkeeping or internal analytics).
If your deletion request is valid and verified, we will also notify any service providers or contractors with whom we shared your personal information so they can delete it as required.
Selling Information. We do not sell your personal information for monetary consideration, nor do we disclose your personal information in exchange for other valuable consideration, as those terms are defined under the CCPA/CPRA. We also do not “share” personal information for purposes of cross-context behavioral advertising.
Using an Authorized Agent. You may submit a privacy rights request through someone holding a formal Power of Attorney. Otherwise, you may authorize another person to act as your agent for CCPA purposes only if:
- The agent is registered with the California Secretary of State to conduct business in California,
- You provide the agent with signed written permission to submit the request,
- You verify your identity directly with us,
- You confirm with us that you have authorized the agent to make the request on your behalf, and
- The agent provides proof of authorization to act on your behalf.
We will require your authorized agent to submit evidence of compliance with these requirements before we can process the request.
Categories of Information Collected in the Past 12 Months
In the past 12 months, we have collected the following categories of personal information about California residents, from the sources listed below, for the business or commercial purposes described in this Privacy Notice. This includes information about site visitors, registered users, employees, vendors, suppliers, and other individuals who interact with us online or offline.
Not all categories of information are collected from every individual. For example, we may collect different types of information from job applicants than from customers or business partners.
We encourage you to review the “Types of Information We Collect,” “Our Use of Your Information,” and “Sharing of Information” sections of this Privacy Notice for more detailed descriptions of how each category of information is used and disclosed.
The table below outlines the categories of personal information we have collected and disclosed for a business purpose in the past 12 months, as required by the CCPA/CPRA.
Categories of Personal Information
That We Collect |
To Whom We Disclose Personal Information for
Business Purpose |
Identifiers – this may include name, postal address, phone number, unique personal identifier, online identifier, internet protocol (IP) address, device ID, email address, account name, signature, social security number, driver’s license number, passport number, or other similar identifiers. |
|
Financial information – this may include bank account number, credit or debit card number, or other financial information. |
|
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
Network activity data– this may include internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. |
|
Geolocation data – this may include precise physical location. |
|
Professional/employment information – this may include occupation and professional references. |
|
Education information – such as information contained in education records. |
|
Contact Information
If you have any questions, comments, or complaints concerning our privacy practices, you may contact us using the information below. We will make reasonable efforts to respond to your request in a timely manner and provide you with additional privacy-related information as appropriate.
support@rsaamerica.com
Attn: Privacy Team
1604 W Colonial Parkway
Inverness, IL 60067
+1 312-471-6700
If you are not satisfied with our response, and you reside in the European Union or the United Kingdom, you may have the right to lodge a complaint with your local data protection supervisory authority, pursuant to Article 77 of the General Data Protection Regulation (GDPR) or the UK GDPR, respectively.
Last Updated: June 26, 2025. Effective as of February 14, 2014.