Privacy, Accessibility and Customer Identification

SECURITY FEDERAL INTERNET/MOBILE PRIVACY POLICY

DEFINITIONS

The terms "we", "us", "our", "Security Federal", and "Bank" refer to Security Federal Corporation. "You" and “your” refers to each and every person who enrolls for Internet Banking Services and has a PIN.

DISCLAIMER

The Bank is not responsible for any third-party software you may need to use the Services. You agree that you will perform, or cause to be performed by properly trained personnel, all vendor recommended maintenance, repairs, upgrades and replacements. Unless otherwise provided in this Agreement, you are solely responsible, at your own expense, for purchasing, installing, operating, testing and maintaining all hardware and software necessary to use the Service. The Bank will not be held liable for the failure of any transfers or payments resulting from deficiencies in your computer hardware or software or problems relating to your inability to gain access to the internet.

 Browser Requirements

The following link can take you to a list of current browsers compatible with Online Banking - https://ebank.securityfederalbank.com/browser-support-policy.html.

PRIVACY POLICY

Security Federal and its subsidiaries recognize and respect how important financial privacy is to our customers. We are acutely aware of the sensitive nature of the financial and personal information used to provide customers quality financial services and take every precaution to protect customer privacy. Employees, vendors and agents of our institution have a duty to protect the confidentiality of customers’ financial records and are bound by our high standards of conduct and confidentiality.

It is our intent to comply with the provisions of the law and related regulations. The bank will provide individuals with a Privacy notice/statement prior to establishing a customer relationship (deposit, loan, etc.) and annually thereafter in accordance with published regulatory guidelines unless alternative delivery methods / timeframes are applicable. If it becomes necessary to revise our notice/statement, we will provide the revised notice at least 30 calendar days in advance of any changes affecting the collection, retention, protection or disclosure of nonpublic personal information. The basic principles comprising our privacy practices are summarized below.

Recognition of Customer Privacy Expectations: Our corporate family respects that our customers and former customers expect and deserve privacy. Information that has been entrusted to us will be held in the strictest confidence. We maintain standards to ensure that the information is used only for appropriate business reasons in accordance with applicable laws and regulations. Comprising our privacy practices/Policy are summarized below.

Information We Collect: We collect, retain, and use nonpublic personal information about individual customers and consumers, as allowed by law, in order to provide products and services to our customers. We may collect nonpublic personal information from such sources as:

Applications/Other Forms: Information such as name, address, social security number, assets, liabilities, income.

Transactions: Information about customer transactions with us, our affiliates and others, such as account balance, payment history, parties to transactions, and credit card usage.

Consumer Reporting Agencies: Information from consumer reporting agencies including information related to credit history.

Information We Share and Why: We do not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law.

Service Providers: To provide our customers with products or services and to offer our customers products or services that we believe may meet their financial needs, we may disclose nonpublic personal information to companies that perform services and provide products on our behalf, such as check printing or marketing. If nonpublic personal information is provided to a third party, we require that they agree to keep such information confidential and to use that information only as permitted by law.

How We Protect Customer Information: We educate our employees about the importance of customer confidentiality and restrict employee access to customer nonpublic personal information only to those who need access to provide our products or services. Appropriate disciplinary actions may be taken to enforce our privacy standards. We also maintain physical, electronic, and procedural safeguards in compliance with regulatory standards to protect customer nonpublic personal information. Any attempt by a third party to fraudulently obtain customer information from us will be immediately reported to the appropriate law enforcement or government agency.

Internet and Electronic Privacy: Information gathered via the Internet or other electronic means will be used only for appropriate purposes such as for the evaluation of our web site’s effectiveness, designing new products or services for the benefit of our customers or estimating system capacity needed to conveniently service our customers.

Restricted Disclosure of Information: The responsible use of information benefits our customers by protecting privacy and enabling us to offer improved products and services. It is our policy to prohibit the sale of customer information. Security Federal and its affiliates do not reveal specific information about customer accounts or other personally identifiable data to external parties unless: 1. The customer or former customer requests disclosure of the information; 2. The information is necessary to complete a transaction or perform a service at the customer or former customer’s request; 3. The information is provided to a credit bureau or similar information reporting agency; or 4. The disclosure is otherwise lawfully permitted or required. We do share customer and former customer transaction and experience information with our affiliates through a central information system to assist in improving the type and selection of services offered.

SECURITY/PREVENTING IDENTITY THEFT

We work hard to make our website secure. We will employ such security measures as in our reasonable judgment are appropriate to secure our website. You will not use our website for any illegal or unauthorized purposes including, but not limited to, internet gambling, nor will you include any payment of funds to or receive funds from any person or entity listed on the Office of Foreign Assets Control (OFAC) list of Specially Designated Nationals and Blocked Persons. We may monitor and audit transactions made through our website.

There are actions you can take to protect your personal information online. At a minimum, we recommend the following precautions:

• Never share your Login ID.
• Never share your password.
• A Security Federal Bank employee will never need to know your password, and you should never furnish it to anyone.
• Change your PIN/Password often.
• Make sure no one is watching when you enter your Login ID and PIN/Password.
• Never walk away from the computer if your account information is showing on the screen.
• Do not send confidential information by email unless you are in a secure session.

COOKIES

We use "cookies" to provide you with better service and experience while you are online with us. A cookie is a small text file that can be placed on your system to allow us to facilitate image changes, collect anonymous aggregate site traffic and allow you to personalize our services to your needs. Our Web site does not require users to accept "cookies," and you can set your browser to notify you when you receive a "cookie," giving you the chance to decide whether or not to accept it. If you choose not to accept cookies, you may experience some reduction in graphics and other personalized services.

ACCOUNT DELETION

Account deletion options cannot be added to the online or mobile applications as this option falls under Federal Regulations. Deleting a bank account would be in direct violation of several federal regulations and acts. The Federal Deposit Insurance Corporation (“FDIC”) and Bank Secrecy Act (“BSA”) requires banks and other financial institutions to implement Customer Identification Programs to prevent money laundering. These programs mandate that banks obtain and retain checking and savings account customer data, including contact, identification, and tax information. FDIC and BSA regulations stipulate that banks must keep this information for at least five years after the account is closed. Regulations FDIC 8000 1020.220 BSA, 31 USC 5311, 12 CFR 21.11 and 12 CFR 21.21. The above regulations are only a subset of regulations that financial institutions are required to comply with.