Privacy Policy

Last Updated January 1, 2020

I. Introduction

First Republic Bank (“First Republic” or “we” or “us”) respects your privacy. This Privacy Policy (this “Policy”) describes our policies and practices with respect to our collection, protection, use and sharing of personally identifiable information (“PII”). For purposes of this Policy, PII about you means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your communications device (computer, tablet, mobile phone, etc.). We commit to using PII responsibly and safeguarding it according to our detailed security standards. In no event do we sell your or others’ PII.

We may add to, delete or change the terms of the Policy from time to time. When we make changes, we will post the amended policy on this website, firstrepublic.com (the “Site”). Any changes to the Policy will become effective immediately upon our posting of the Policy, and your use of the Site and our services is deemed to constitute your agreement with the Policy terms. Please be sure to check the Policy before providing us with PII. We encourage you to review the Policy carefully as it relates to your experience with First Republic, from the outset when exploring a potential partnership, to opening and maintaining an account with us, and including the introduction of additional services that support your evolving financial needs.

If you are, or apply to become, a customer of First Republic with respect to products or services to be used primarily for personal, family or household purposes, you have additional privacy rights, as reflected in our customer privacy notice, available at: https://www.firstrepublic.com/~/media/frb/documents/pdfs/privacy/privacy-notice.pdf?la=en. (Note: As of December 9, 2019, Gradifi, Inc. is no longer an affiliate of First Republic Bank and First Republic does not share PII with Gradifi.)

II. How Does First Republic Collect Your PII and What Types of PII Does It Collect?

First Republic collects PII about you when you actively provide it to us, such as by completing an online form, providing PII at your discretion or responding to a request for information, and when you interact with us online, such as browsing our website. For example, if you decide to opt in to any of our communications options, such as receiving text messages at a number you provide or emails at an email address you provide, we will collect the number or email address, and we will collect any additional PII you may send to us by text, email or otherwise.

We also may collect PII about you from the following sources: our affiliates; the Internet, including social media websites and other websites; other financial institutions with whom you have accounts, if you elect to have an account aggregation service; conferences; the press or other print media; credit reporting agencies; and other persons (including persons who might refer you to us for a possible customer relationship) and organizations as permitted under applicable law.

Not all information that we collect from you is PII. We may collect information about you that we cannot use to identify you specifically. Listed below are the types of information about you that we may have collected within the past 12 months. These types of information are PII only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device.

  • Identifiers such as: your name, postal address, online identifier, Internet Protocol (IP) address, email address, account name, Social Security Number, driver’s license number, passport number or other similar identifiers.
  • Internet or other similar network activity, such as browsing history, search history, information on your interaction with our website, mobile application(s) or an advertisement. This may include hardware and browser information about your computer or device, including Media Access Control (MAC) address, computer type and brand, screen resolution, operating system name and version, device manufacturer and model, browser type and language used. It also may include mobile application usage data, such as the date and time our mobile application on your device accesses our servers, and what information and files have been downloaded to the application.
  • Geolocation data, meaning the physical location or movements of the device you use to connect with us online. If you use the mobile application, the physical location of your device through the use of, for example, Bluetooth, satellites, cell phone towers, Wi-Fi signals or other technologies.
  • Sensory data, such as audio, electronic, visual or similar information.
  • “Customer Records” information (some of which may be identifiers or professional/employment-related information as well), such as your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information.
  • Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric information, such as fingerprints or voiceprints. Our mobile applications may allow you to use third-party authentication features, such as biometric technology (such as fingerprint scanning), to access our mobile applications on your device.
  • Professional or employment-related information, such as your current or past job history.
  • Personal characteristics that are related to classifications legally protected from discrimination, such as race, national origin, ethnicity, marital status, age and gender.
  • Inferences drawn from other PII, such as a summary we might make based on your apparent personal preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We might, for example, infer your race, ethnicity or gender based on your name and/or postal address.

III. Our Business Purposes for Collecting PII; How We Use the Information

We may use the PII we collect from you for a variety of purposes permitted by law, including:

  • To provide you with information about our products and services, and to provide you with our products and services, including to service loans we make to you
  • To communicate with you, including in response to your inquiries and to fulfill your requests, and to inform you of changes to terms and conditions relating to the products you receive from us or the First Republic services in which you are enrolled
  • To allow you to apply for our products and services and to evaluate your eligibility for such products or services, including your creditworthiness
  • To personalize our services for you by presenting First Republic products and offers tailored to you
  • To prevent fraud, including by confirming your identity and/or location (for example, we may use your device’s physical location for fraud prevention purposes, if you are conducting a transaction)
  • To improve our services’ interface and functionality (for example, we may use your device’s physical location to provide you with personalized location-based services, content and offers, such as: informing you when you are approaching one of our ATMs or banking locations, or offering you a coupon or reward that can be redeemed at a nearby location)
  • To allow you to access features within our website or mobile applications, when you request those features
  • To maintain and upgrade the security of the services and any data or information collected
  • For legal, compliance and risk management purposes, including to monitor our compliance with fair lending laws and regulations
  • Other legally permissible or everyday business purposes, including data analysis, product development and compliance with law enforcement and other legal processes.

IV. When and With Whom We Share Personally Identifiable Information

We may share the PII we collect with our affiliates, as permitted by applicable law, and with our service providers. We engage service providers to deliver services to you on our behalf, such as bill payment, money transfers, check processing, wiring services and payment solutions; and to assist us with technology support, operational support and other forms of assistance. We bind our service providers to protect the confidentiality and security of the PII we share with them.

We also share PII with others as we believe to be necessary or appropriate, consistent with applicable law, for the following purposes: (a) to comply with applicable legal requirements (for example, responding to subpoenas) and regulatory requirements (for example, monitoring of fair lending law compliance); (b) to respond to requests from public and government authorities; (c) to enforce and investigate violations of applicable Terms and Conditions; (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (e) to allow us to pursue available remedies or limit the damages that we may sustain; and (f) to evaluate or conduct a merger, divestiture, restructuring, reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock.

Other than for these purposes, we do not share PII with third parties and in no event do we sell PII. We do not share PII with non-affiliated entities for those entities to use for their own marketing purposes.

V. Other Information Collection, Use and Sharing

We also may collect, use, and share information that is not PII as follows:

  • Aggregated Data. We may create or compile, or have created or compiled by our service providers, aggregated data consisting of pieces of information from various sources (including information collected by cookies, from accounts, transaction information, and any other information, including PII), which does not personally identify you or any other individual. We may use and share this aggregated data for our business purposes, including data analytics, research, marketing products and services, and other legal or business purposes.
  • Data from Cookies and Tags. We (including our service providers) may use cookies, which are pieces of data that are stored in memory on an Internet user’s device. We also may use tags, which tie to cookies, that allow us to manage the data gathered from cookies. We use these technologies to collect information such as browser type, pages visited, the time spent on each page, and which tasks a user performs on the page. We use this information to help improve your online experience with us, to update and improve the user interfaces of our website and mobile applications, for security purposes, to recognize you and your device so you can access our online products and services, to personalize your services, and to display personalized products and offers tailored to you. You may change the settings on your browser to either automatically decline cookies, to give you the choice of declining or accepting the cookies from a particular site on a case-by-case basis, or, in some instances, to automatically delete cookies upon exiting the browser. If you choose not to accept cookies from our website, you may experience some reduced functionality or other inconveniences while accessing the site or other online products and services.
  • Information From Online Advertising. In order to best deliver relevant digital advertising to you, we and other third-party advertising service providers may collect information about your online activities over time and across different websites when you use our services. Some of the advertisements that click-through to our services contain cookies that allow for the monitoring of your response to these advertisements, may be interest-based, and may use information about your online and offline interests to customize the online ads you see. Interest-based advertising helps us to deliver content that is more likely to be of interest to you, and when you use our services, we use information about your activities to help us determine which of our ads are more likely to appeal to you. If you do not wish to have us and/or our third-party advertising service providers know which advertisements and subsequent websites you have viewed, you may opt out at AboutAds. Additionally, the Digital Advertising Alliance website contains important information about interest-based advertising, cookies, behavioral advertising, and what opting out will and will not do.
  • Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. This analytical tool uses cookies and similar technologies to help analyze how users use the services. The information generated about usage, including visitor IP address, is transmitted to Google. This information is then used to evaluate visitors’ usage, compile statistical reports on website activity, and provide other services relating to website activity and Internet usage. For further information about the collection and use of data through Google Analytics, please refer to: http://www.google.com/policies/privacy/partners/. Google offers the ability to opt out from tracking through Google Analytics cookies; for more information, visit http://tools.google.com/dlpage/gaoptout
  • Adobe Technologies. We also use analytics and other services provided by Adobe Systems, Inc. Adobe uses cookies and similar technologies that allow us to analyze information about users of the services. For more information about Adobe’s privacy practices, please refer to: http://www.adobe.com/privacy.html. Adobe offers the ability to opt out of certain data collection practices; for more information, visit http://www.adobe.com/privacy/opt-out.html.

VI. Security

To help prevent unauthorized access to any of your PII, we seek to use reasonable organizational, technical and administrative measures to protect the PII we maintain within our organization. In addition to the safeguards we apply to protect your PII, there are steps you can take to protect it as well, such as never sharing your passwords and maintaining them in a secure location. The steps you take to complement the many safeguards we apply are particularly important. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at (888) 408-0288. For more information, please visit our Security Center at https://www.firstrepublic.com/privacy/security-and-fraud-prevention.

VII. Control Over Your Personally Identifiable Information

If you would like to update PII that you have provided to us, you may contact us through one of the means listed in the “How to Contact Us” section below. Note that certain information is required to provide the services; requests to delete required information may result in our inability to provide the services.

VIII. California Residents’ Privacy Rights

If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”). We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.

A. Right to Know

Subject to the exemption and exceptions mentioned below, if you are a California resident, you have the right to know what PII we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the PII during the past 12 months. (See below on “How to Submit a Request.”) You may request that we provide a description of the categories of PII we have collected (a “Categories Request”) or a request for access to the specific pieces of PII we have collected (a “Specific Pieces Request”).

If you make a Categories Request, and you do not have any type of account with us, we will need you to provide us with at least two data elements specific to you, such as your cell phone number or mother’s maiden name (depending on the data elements we already maintain about you), so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:

  • The categories of PII we collected about you
  • The categories of sources for the PII we collected about you (g., social media websites, government records available to the public, etc.)
  • Our business or commercial purpose for collecting that PII
  • The categories of third parties other than service providers (if any) with whom we shared the PII

If you make a Specific Pieces Request, we need to be sure we have verified your identity with great certainty to safeguard your privacy. In order for to verify your identity, if you do not have any type of account with us, you will need to provide to us at least three data elements specific to you, together with a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. After we confirm that your request is a verifiable consumer request, we will disclose to you:

  • The specific pieces of PII we collected about you that you requested

B. Right to Request Deletion

You have the right to request that we delete any of your PII that we collected from you and retained, other than Personal Customer Information (as defined above). We are not obligated to comply with your request if we have a legal basis to retain the PII. If you make a request for us to delete PII, and you do not have any type of account with us, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your PII from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.

C. Exceptions

Certain PII is protected by federal and state privacy law other than the CCPA and thus the specific rights described above do not apply in the case of that PII. Specifically:

  • If you are, or apply to become, a customer of First Republic with respect to products or services to be used primarily for personal, family or household purposes, the non-public PII we obtain from you in that context (“Personal Customer Information”) is protected under other state and federal law rather than the CCPA. As noted, the rights of such customers of First Republic are set forth in our customer privacy notice, available at https://www.firstrepublic.com/~/media/frb/documents/pdfs/privacy/privacy-notice.pdf?la=en.
  • Also, if you are working for First Republic, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with First Republic, the CCPA currently does not provide you with a “right to know” or “right to request deletion” until January 1, 2021.

D. How to Submit a Request

To request access to or deletion of your PII as described above, please submit a verifiable consumer request to us by either:

First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111

You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s PII. If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.

In order to protect your PII from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, First Republic requires identification verification before granting any request to provide copies of, know more about or delete your PII. We take special precautions to help ensure this. Specifically, we require that any request submitted to us:

  • Provides sufficient information to allow us to reasonably verify you are the person about whom we collected PII or an authorized representative
  • Describes your request with sufficient detail to allow us to properly understand, evaluate and respond to it

We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm that the PII relates to you.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. We will only use PII provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

IX. Information Retention

We retain information, including PII, for as long as necessary to achieve the purpose for which it was collected, to fulfill legal or contractual obligations, or for as long as permitted by applicable law. We may retain aggregated or de-identified information indefinitely.

X. Scope of Users

Our online products and services, including our website and mobile applications, are not directed to users under the age of 13. We do not knowingly collect PII online from any person we know to be under the age of 13.

Our online products and services, including our website and mobile applications, are designed for users from, and are controlled and operated by us from, the United States. By using our online products and services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.

XI. Do Not Track Signals

Your browser may allow you to send us a “do-not-track signal” to communicate your privacy preferences to us. Our website currently does not respond to browser do-not-track signals.

XII. Links to Other Websites

Our website and mobile applications may feature links to third-party websites that offer goods, services or information. When you click on one of these links, you will be accessing content and services that are not subject to this Policy. We are not responsible for the information-collection practices of the other websites that you visit, and urge you to review their privacy policies before you provide them with any PII. Third-party sites or services may collect, use and secure information about you in a way that is different from those described in this Policy.

XIII. How to Contact Us 

If you have any questions regarding this Policy, you can call us at (888) 408-0288 or write to us at:

First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111

Fax: (415) 392-1413