CrossFirst Bank recognizes the trust you have placed in us and our responsibilities regarding your financial privacy. It is our responsibility to keep your sensitive financial and personal information confidential. We have a formal policy to help protect your privacy.

We will take all the necessary steps to safeguard sensitive information that has been entrusted to us by our customers. The following privacy policy and disclosure outlines our practice regarding personally identifiable information for consumers and those consumers who become our customers.

TYPES OF INFORMATION THE BANK COLLECTS

We collect nonpublic personal information from many sources. We collect nonpublic information directly from consumers on various applications and forms, for example, loan applications, and requests for information about accounts or products and services.

We collect information as a result of transactions between us and our customers and as a result of providing a product or service to our customers. This includes transaction information from checks, debit cards, credit cards, electronic transfers (e.g., internet banking or automated clearinghouse (ACH) transactions).

Nonpublic personal information does not include that which we obtain from government records, widely distributed media, or government-mandated disclosures.

TYPES OF INFORMATION THE BANK DISCLOSES

CrossFirst Bank will not share and/or sell current or former individual customer information to an unaffiliated third party for marketing purposes.

Customer information will be disclosed only to authorized account owners or signers, and only after identification of that account owner has been verified. Verifying information may include social security number, date of birth, place of birth, mother's maiden name, signature and/or other identifying information. If the information request is made over the telephone and we are uncertain about the identity of the person requesting the information, we will ask that the request be made in person or in writing.

We may disclose certain personally identifiable information without allowing consumers the right to opt out of our sharing agreements in the following circumstances:

1. To affiliates and certain non-affiliated third parties (under limited circumstances) to the extent permissible under law to service the account, offer products or services the customer has requested, report to credit bureaus, manage risk, and perform other financial services related activities.
2. To companies who perform transaction processing for us in the following circumstances:
   - If the transaction, service, or product is requested or authorized by the consumer.
   - To maintain or service a consumer's account as part of a private label credit card or other loan extension program.
3. To disclose information that we receive on a customer's loan application such as customer's assets, liabilities, income, and employment history in order to determine whether a loan made to the customer is salable on the secondary market or considered for a loan participation, for example.
4. To disclose information necessary to enforce our legal or contractual rights or the right of any person who is engaged in the financial transaction.
5. To disclose information required in the ordinary course of business, such as in the settlement of claims or benefits, the confirmation of information to the consumer or the consumer's agent, and the billing, processing, or clearing of items in the normal course of business.
   
6. To provide information to persons or regulatory agencies that are assessing our compliance with industry standards, and our attorneys, accountants and auditors.
   
7. To the extent permissible under the Right to Financial Privacy Act.
   
8. To a consumer reporting agency under the Fair Credit Reporting Act.
9. To comply with federal, state, or local laws, rules and other applicable legal requirements.
   

SAFEGUARDING CUSTOMER INFORMATION

We protect consumer privacy by ensuring that only employees who have a business reason for knowing information have access to it. We have appointed our compliance officer as the financial privacy coordinator, who is responsible for maintaining internal procedures to ensure that our customers' information is protected.

All employees have a copy of this policy and are trained at least annually regarding the importance of safeguarding customer information. Any employee who violates our privacy policy is subject to disciplinary action.

If we change our policy or practice by, for example, adding a category of information that will be disclosed to a third party, we will notify our existing customers and give them an appropriate time period to opt out of the disclosure.