Privacy Disclosure

What Does Mid American Credit Union Do With Your Personal Information?

Rev. Date 9/14

Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social security number Account balances Transaction history Credit scores Checking account information Employment information When you are no longer our customer, we continue to share your information as described in this notice.
How?	All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information, the reasons Mid American Credit Union chooses to share, and whether you can limit this sharing.

Reasons We Can Share Your Personal Information	Does Mid American Credit Union Share?	Can You Limit This Sharing?
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	Yes	No
For our marketing purposes – to offer our products and services to you	Yes	No
For joint marketing with other financial companies	Yes	No
For our affiliates’ everyday business purposes – information about your transactions and experiences	Yes	No
For our affiliates’ everyday business purposes – information about your creditworthiness	No	We Do Not Share
For our affiliates to market to you	No	We Do Not Share

What We Do
How does Mid American Credit Union protect my information?	To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. We also maintain other physical, electronic and procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.
How does Mid American Credit Union collect my information?	We collect your personal information, for example, when you Open an account Pay your bills Apply for a loan Provide your mortgage information Show your driver's license We also collect your personal information from others such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?	Federal law gives you the right to limit only Sharing for affiliates’ everyday business purposes –information about your creditworthiness Affiliates from using your information to market to you Sharing for non-affiliates to market to you State laws and individual companies may give you additional rights to limit sharing. (See below for more on your rights under state law.)

Definitions
Affiliates	Companies related by common ownership or control. They can be financial and non-financial companies. Our affiliates include: Credit Union Service Center.
Non‑Affiliates	Companies not related by common ownership or control. They can be financial and non-financial companies. Mid American Credit Union does not share with non-affiliates so they can market to you.
Joint Marketing	A formal agreement between non-affiliated financial companies that together market financial products or services to you. Our joint marketing partners include insurance companies and investment companies.

Other Important Information
For Alaska, Illinois, Maryland, and North Dakota Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. For California Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with California privacy laws that apply to us. For Massachusetts, Mississippi and New Jersey Members. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing without your authorization. For Vermont Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization, and we will not share personal information with affiliates about your creditworthiness without your authorization. Mobile App Collected Information: We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device's geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).

Other Important Information

For Alaska, Illinois, Maryland, and North Dakota Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization.

For California Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with California privacy laws that apply to us.

For Massachusetts, Mississippi and New Jersey Members. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing without your authorization.

For Vermont Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization, and we will not share personal information with affiliates about your creditworthiness without your authorization.

Mobile App Collected Information:
We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device's geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).

Mid American Credit Union Application Privacy Disclosure

Last modified: August 25, 2025

Location Information:

If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect location data when you use the Services even when the application (app) is closed or not in use; for example, to provide our fraud detection services. If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.

Mid American Credit Union COPPA Privacy Disclosure

Last modified: August 19, 2025
Mid American Credit Union values the privacy of children and of all of its users. This COPPA Privacy Policy (“COPPA Policy”) is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”) and contains important information about how we collect, use, and disclose the personal information we collect from children under thirteen years old who use the Mid American applications, provided on our Site (the "Services"). In the course of providing financial products and Services that you seek, apply for, or obtain with us, we collect personal information in accordance with applicable law. We will use and share that information we collect from or about you to provide you these Services, and in accordance with the Mid American Credit Union Privacy Policy, Mid American Credit Union Privacy Policy, our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Who Will Collect Information About Children? Mid American Credit Union operates the Site and Services and will collect children’s personal information as described in this COPPA Policy and our Privacy Policy. Mid American Credit Union may provide partners with aggregate or de-identified information about users under thirteen years of age to provide Services and to respond to member service and technical support issues and requests. What Information Do We Collect About Children and How We Use Children's Information? Mid American Credit Union may collect some personal information from children in the course of providing Services and to respond to member service and technical support issues and requests. We de-identify and/or aggregate the information we collect from children under thirteen years of age before we use it for any other purposes, as noted below. Unique Identifiers. We only collect and use unique identifiers, such as IP addresses, as necessary to operate our Site or Services, including to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users and our Site and Services. We never use unique identifiers to track users across third-party apps or websites. Aggregate or De-identified Information. We may use aggregate or de-identified information about children for research, analysis, and similar purposes. When we do so, we strip out names, e- mail, contact information, and other personal identifiers. Pertaining to information collected from children under thirteen years of age, we may use aggregate or de-identified information for the following purposes: To better understand how users’ access and use our Site and Services; To improve our Site and Services and respond to user desires and preferences; and To conduct research or analysis, including research and analysis by third parties. How Information is Collected? We do not knowingly collect personal information from individuals under the age of thirteen without obtaining consent from a parent or legal guardian. We may collect information about children directly from children, as well as automatically through a child's use of our Site and Services. We will not require a child to disclose more information than is reasonably necessary to use our Services. Information We Collect Automatically We may automatically collect the following information about a child’s use of our Site through cookies and other technologies: domain name; browser type and operating system; web pages viewed; links clicked; buttons clicked; the length of time spent on our Site; the length of time our solution was utilized; Google Analytics statistics; the referring URL, or the webpage that led the child to our Site; device name and model; operating system type, name, and version; and activities within our Site. We may also collect IP address, push notification ID, device identifier or a similar unique identifier from users of our product, including children; we only use such identifiers to support the internal operations of our product and we do not use such identifiers to collect information about the child outside of our Site. How We Share Children’s Information We do not sell children’s personal information, and a child may not make his or her personal information public through our services. In general, we may disclose the personal information that we collect about children to provide our Services, to comply with the law, and to protect Mid American Credit Union and other users of our Services. For example, we may share children’s personal information as follows: Service Providers. We may disclose the information we collect from children to third-party vendors, service providers, contractors, or agents who perform functions on our behalf. Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected from our users to the other company. In Response to Legal Process. We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process. To Protect Us and Others. We also may disclose the personal information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, Privacy Policy, or this COPPA Policy, or as evidence in litigation in which Mid American Credit Union is involved. With Parents or Legal Guardian. Parents or a legal guardian may request to review the personal information we have collected from their child. Aggregate and De-Identified Information. We may also use and share aggregate or de-identified information about users with third parties for marketing, research, or similar purposes. The Right to Review, Delete, and Control Our Use of Children’s Personal Information Parents or legal guardians have a right to review the information we have collected about their children, respectively, and to delete it, and to tell us to stop using it. To exercise these rights, you may contact us at: Mid American Credit Union 8404 W Kellogg Drive Wichita, KS 67209 (800) 366-6228 contactcenter@midamerican.coop Opting to stop the collection of information may prevent the utilization of Services. You will be required to authenticate yourself as the child's parent or legal guardian to receive information about the child. Information may remain in cached or archived from on our systems after you request us to delete it. Changes to This COPPA Policy Mid American Credit Union may change this COPPA Policy from time to time. We will post any changes to this COPPA Policy on our Site, at www.midamerican.coop. If we make any changes to this COPPA Policy that materially affect our practices with regard to the personal information we have previously collected from a child, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.

Last modified: August 19, 2025

Mid American Credit Union values the privacy of children and of all of its users. This COPPA Privacy Policy (“COPPA Policy”) is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”) and contains important information about how we collect, use, and disclose the personal information we collect from children under thirteen years old who use the Mid American applications, provided on our Site (the "Services").

In the course of providing financial products and Services that you seek, apply for, or obtain with us, we collect personal information in accordance with applicable law. We will use and share that information we collect from or about you to provide you these Services, and in accordance with the Mid American Credit Union Privacy Policy, Mid American Credit Union Privacy Policy, our Terms of Service, including its applicable limitations on damages and the resolution of disputes.

Who Will Collect Information About Children?

Mid American Credit Union operates the Site and Services and will collect children’s personal information as described in this COPPA Policy and our Privacy Policy.

Mid American Credit Union may provide partners with aggregate or de-identified information about users under thirteen years of age to provide Services and to respond to member service and technical support issues and requests.

What Information Do We Collect About Children and How We Use Children's Information?

Mid American Credit Union may collect some personal information from children in the course of providing Services and to respond to member service and technical support issues and requests.

We de-identify and/or aggregate the information we collect from children under thirteen years of age before we use it for any other purposes, as noted below.

Unique Identifiers. We only collect and use unique identifiers, such as IP addresses, as necessary to operate our Site or Services, including to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users and our Site and Services. We never use unique identifiers to track users across third-party apps or websites.

Aggregate or De-identified Information. We may use aggregate or de-identified information about children for research, analysis, and similar purposes. When we do so, we strip out names, e- mail, contact information, and other personal identifiers.

Pertaining to information collected from children under thirteen years of age, we may use aggregate or de-identified information for the following purposes:

To better understand how users’ access and use our Site and Services;
To improve our Site and Services and respond to user desires and preferences; and
To conduct research or analysis, including research and analysis by third parties.

How Information is Collected?

We do not knowingly collect personal information from individuals under the age of thirteen without obtaining consent from a parent or legal guardian. We may collect information about children directly from children, as well as automatically through a child's use of our Site and Services. We will not require a child to disclose more information than is reasonably necessary to use our Services.

Information We Collect Automatically

We may automatically collect the following information about a child’s use of our Site through cookies and other technologies: domain name; browser type and operating system; web pages viewed; links clicked; buttons clicked; the length of time spent on our Site; the length of time our solution was utilized; Google Analytics statistics; the referring URL, or the webpage that led the child to our Site; device name and model; operating system type, name, and version; and activities within our Site. We may also collect IP address, push notification ID, device identifier or a similar unique identifier from users of our product, including children; we only use such identifiers to support the internal operations of our product and we do not use such identifiers to collect information about the child outside of our Site.

How We Share Children’s Information

We do not sell children’s personal information, and a child may not make his or her personal information public through our services. In general, we may disclose the personal information that we collect about children to provide our Services, to comply with the law, and to protect Mid American Credit Union and other users of our Services. For example, we may share children’s personal information as follows:

Service Providers. We may disclose the information we collect from children to third-party vendors, service providers, contractors, or agents who perform functions on our behalf.
Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected from our users to the other company.
In Response to Legal Process. We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process.
To Protect Us and Others. We also may disclose the personal information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, Privacy Policy, or this COPPA Policy, or as evidence in litigation in which Mid American Credit Union is involved.
With Parents or Legal Guardian. Parents or a legal guardian may request to review the personal information we have collected from their child.
Aggregate and De-Identified Information. We may also use and share aggregate or de-identified information about users with third parties for marketing, research, or similar purposes.

The Right to Review, Delete, and Control Our Use of Children’s Personal Information

Parents or legal guardians have a right to review the information we have collected about their children, respectively, and to delete it, and to tell us to stop using it. To exercise these rights, you may contact us at:

Mid American Credit Union

8404 W Kellogg Drive

Wichita, KS 67209

(800) 366-6228

contactcenter@midamerican.coop

Opting to stop the collection of information may prevent the utilization of Services. You will be required to authenticate yourself as the child's parent or legal guardian to receive information about the child. Information may remain in cached or archived from on our systems after you request us to delete it.

Changes to This COPPA Policy

Mid American Credit Union may change this COPPA Policy from time to time. We will post any changes to this COPPA Policy on our Site, at www.midamerican.coop. If we make any changes to this COPPA Policy that materially affect our practices with regard to the personal information we have previously collected from a child, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.