Digital Security & Privacy Policy

Website Privacy

As a general policy, we do not automatically collect personal information from our website users. We do collect and store information on the domain used to access our website, the internet address of the website from which a user links to the Credit Union’s website and the date and time of the visit to our website. This information is used only to measure the number of visitors to our website and the route user travels while within the Credit Union’s website to better serve users in improved design and site navigation.  


Our website may use cookies (small text files) to collect anonymous data for improving our website, services and information security. Our cookies do not collect or store any confidential or sensitive information. We used cookies only to enhance a member’s online banking session and ease navigation through our website.

JHFCU Mobile App Privacy Policy

Last Updated: February 6th, 2024

The JHFCU Mobile App helps you manage your JHFCU account.  The app allows you to:

  • View your:
    • Total balance and available account balance
    • Account history
    • Images of cleared checks (check images typically available one business day after clearing, for up to a year)
    • E-statements & tax forms (2 years of e-statement history is available online)
    • Ca$hPerks offers (earn rebates when you shop* with your JHFCU Debit Card)
    • Credit Score powered by SavvyMoney**
  • Transfer between your JHFCU accounts (including Cross Accounts)
  • Apply for a Loan (excluding first mortgages)
  • Deposit a check**
  • Pay Bills with Online Bill Payment
  • Track expenses and set up a budget with MoneyMap
  • Find Surcharge-Free ATM locations
  • Contact JHFCU

*Each offer comes with its own specifics and limitations. Some retailers limit the amount per offer, but there is no limit on the total amount you can earn from multiple offers. Minimum purchase may be required, see offer for details. Cash back will be credited to your account the last day of the following month the cash back was earned. Some rebates may take longer to process.

**Credit information provided by TransUnion. The credit score provide is intended to help you understand the factors that affect your credit score. It is not used for loan approval purposes, or for determining loan rates. Loan rates and approvals are based on information provide to JHFCU when you apply for a loan. The credit score found in external credit reports may be different than in our credit score service feature.

***Basic requirements include a member in good standing and having a satisfactory history of managing their Johns Hopkins FCU account.

JHFCU Card Controls help you control your credit and debit cards through your mobile device, making it easy to manage your finances on the go. 

The Card Controls App allows you to:

  • turn your credit cards on and off;
  • establish transaction controls for dollar amount limits, merchant categories and geographic locations;
  • receive alerts when your credit card is used, approved or exceeds the transaction controls set by you;
  • stay informed of potential fraud with alerts on attempted and declined transactions; and
  • get real-time balances for your accounts.

This Privacy Policy, in combination with other relevant privacy notices that we provide to you (e.g., pursuant to financial privacy laws), inform you of the policies and practices regarding the collection, use and disclosure of any personal information that we and our service providers collect from or about users in connection with the Mobile App’s and Card Controls App’s website(s) and mobile application(s) (the “Services”). 


Through your use of the Services, we may collect personal information from you in the following ways:

(a) Personal Information You Provide to Us.

  • We may collect personal information from you, such as your first and last name, address, e-mail, telephone number, and social security number when you create an account.
  • We will collect the financial and transaction information necessary to provide you with the Services, including account numbers, payment card expiration date, payment card identification, verification numbers, and transaction and payment history.
  • If you provide feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
  • We also collect other types of personal information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.

(b) Personal Information Collected from Third Parties. We may collect certain information from identity verification services and consumer reporting agencies, including credit bureaus, in order to provide some of our Services.

(c) Personal Information Collected Via Technology. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
  • Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications. 
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
  • Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect your location data when you use the Services even when the app is closed or not in use; for example, to provide our fraud detection services. If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.


(a) General Use. In general, we use your personal information collected through your use of the Services to respond to your requests as submitted through the Services, to provide you the Services you request, and to help serve you better. We use your personal information, in connection with the Mobile App and the Card Controls App, in the following ways:

  • facilitate the creation of, and secure and maintain your account;
  • identify you as a legitimate user in our system;
  • provide improved administration of the Services;
  • provide the Services you request;
  • improve the quality of experience when you interact with the Services;
  • send you administrative e-mail notifications, such as security or support and maintenance advisories; and
  • send surveys, offers, and other promotional materials related to the Services.

(b) Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); 
  • audit our internal processes for compliance with legal and contractual requirements and internal policies; 
  • enforce the terms and conditions that govern the Service; and 
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyber attacks and identity theft.

(c) Creation of Non-Identifiable Data. The Mobile App and/or Card Control App may create de-identified information records from personal information by excluding certain information (such as your name) that makes the information personally identifiable to you. We may use this information in a form that does not personally identify you to analyze request patterns and usage patterns to enhance our products and services. We reserve the right to use and disclose non-identifiable information to third parties in our discretion.


We disclose your personal information collected through your use of the Services as described below.

(a) In Accordance with Our Other Privacy Notices. Other than as described in this Privacy Policy in connection with the Mobile App and the Card Controls App, this Privacy Policy does not apply to the processing of your information by us or third parties with whom we share information.

(b) Third Party Service Providers. We may share your personal information with third party or affiliated service providers that perform services for or on behalf of us in providing the Mobile App and/or the Card Controls App, for the purposes described in this Privacy Policy, including: to provide you with the Services; to conduct quality assurance testing; to facilitate the creation of accounts; to optimize the performance of the Services; to provide technical support; and/or to provide other services to the Mobile App and/or the Card Controls App. 

(c) Authorities and Others. Regardless of any choices you make regarding your personal information, the Mobile App and/or the Card Controls App may disclose your personal information to law enforcement, government authorities, and private parties, for the compliance and protection services described above.


The Mobile App and Card Controls App may contain links to third party websites. When you click on a link to any other website or location, you will leave the Mobile App and/or Card Controls App and go to another site and another entity may collect personal and/or anonymous information from you. The Mobile App’s and Card Controls App’s provisions of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites. We encourage you to read the privacy policy of every website you visit.


You have several choices regarding use of information on the Services.

(a) How We Respond to Do Not Track Signals. Some web browsers transmit “do not track” signals to the websites and other online services with which your web browser communicates. There is currently no standard that governs what, if anything, websites should do when they receive these signals. We currently do not take action in response to these signals. If and when a standard is established, we may revise its policy on responding to these signals.

(b) Access, Update, or Correct Your Information.  You can access, update or correct your information by changing preferences in your account. For additional requests, please contact us.

(c) Opting Out of Email or SMS Communications. If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the "unsubscribe" link included at the bottom of the email or other electronic communication. Alternatively, you can opt out of receiving marketing communications by contacting us at the contact information under "Contact Us" below. If you provide your phone number through the Services, we may send you notifications by SMS, such as provide a fraud alert. You may opt out of SMS communications by unlinking your mobile phone number through the Services.

(d) Opting Out of Location Tracking. If you initially consented to the collection of geo-location information through the Services, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of the Mobile App and the Card Controls App.


We implement reasonable administrative, technical and physical measures in an effort to safeguard the information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.


The Services are not directed towards individuals under the age of 16, and we do not, through the Mobile App or the Card Controls App, intentionally gather personal information about visitors who are under the age of 16. If a child under 16 submits personal information to us through the Mobile App and/or the Card Controls App and we learn that the personal information is the information of a child under 16, we will attempt to delete the information as soon as possible.


This Privacy Policy is subject to occasional revision. We will notify you of any material changes in its collection, use, or disclosure of your personal information by posting a notice on the Services. Any material changes to this Privacy Policy will be effective thirty (30) calendar days following notice of the changes on the Services. These changes will be effective immediately for new users of the Services. If you object to any such changes, you must notify us prior to the effective date of such changes that you wish to deactivate your account. Continued use of the Services following notice of any such changes shall indicate your acknowledgement of such changes.


If you have any questions or complaints about this Privacy Policy or the Mobile App or the Card Controls App’s data collection or processing practices, or if you want to report any security violations to the Mobile App or the Card Controls App, please contact the Mobile App and/or the Card Controls App by email at: [email protected]; or by mail at:

Johns Hopkins FCU
Attn: Marketing/Digital Banking Compliance
1501 S Clinton Street
Suite 1200
Baltimore, MD 21224

Online and Mobile Security

The strength of your login credentials is an integral element of the protection.

User ID Requirements

  • Must be 8 to 25 characters
  • Cannot contain special characters
  • Cannot contain spaces
  • Can contain number, but not your account number

Password Requirements

  • Must be 8 to 25 characters
  • Must contain a combination of letters (upper and lower case), numbers and special characters (excluding ~)
  • Cannot contain your Account Number or Social Security Number
  • Cannot contain your user name or email address

Multifactor Authentication

When you attempt to login from a new computer/device, or perform certain transactions or functions within the system, you will be required to complete the Google reCAPTCHA and be prompted to answer one of your challenge questions. You may also elect to receive a one-time security code to either a phone number or email you provide during setup for added security. 


Additional Risks

  • Enroll in transaction-based account alerts to be more aware of account activity
  • Do not provide electronic banking credentials to unknown parties
  • Shorten session time out
  • Do not reuse the same User ID and password for different sites
  • Update your device operating system, browsers and apps to the latest versions
  • Install a firewall and antivirus software and keep them up to date


Third Party Links

A link to a third party website (“linked site”) does not mean that we endorse or accept any responsibility for the content, functioning or use of such linked site, and you enter any such website at your own risk. If you decide to access linked sites, a pop-up will remind you when you leave the JHFCU site. You agree that we have no control over or liability for information on linked sites. You should be aware that linked sites may contain rules and regulations, privacy policies, security policies, and other provisions that may differ from those practiced by JHFCU.



Please contact us as soon as You can if You think Your statement or receipt is wrong or if you need more information about a transaction listed on the statement or receipt. We must hear from you no later than 60 days after we send you the first statement on which the problem or error appeared. 

  • Tell us your name and account number
  • Describe the error or the transfer you are unsure about, and explain as clearly as you can why you believe it is an error or why you need more information
  • Tell us the dollar amount of the suspected error.

If you tell us orally, we may require that you send us your complaint or question in writing within 10 business days. We will determine whether an error occurred within 10 business days after we hear from you and will correct any error promptly. If we need more time, however, we may take up to 45 days to investigate your complaint or question. If we decide to do this, we will credit your account within 10 business days for the amount you think is in error, so that you will have use of the money during the time it takes us to complete our investigation. If we ask you to put your complaint or question in writing and we do not receive it within 10 business days, we may not credit your account. We will tell you the results within three business days after completing our investigation. If we decide that there was no error, we will send you a written explanation. You may ask for copies of the documents that we used in our investigation. If we have credited your account with funds while investigating an error, we will charge your account for those funds if we conclude no error has occurred. In this provision, all references to 10 business days will be 20 business days if your notice of error involves an electronic fund transfer that occurred within 30 days after the first deposit to your account was made and all references to 45 business days will be 90 business days if your notice of error involves an electronic fund transfer that: (a) was not initiated within a state; (b) resulted from a point-of-sale debit card transaction; or (c) if your notice of error involves an electronic fund transfer that occurred within 30 days after the first deposit to your account was made.


Member Communication in Cases of Fraud: While JHFCU will contact members in cases of fraud, please note we will NEVER ask for a member’s electronic banking credentials. Please contact us if you suspect any fraud on your account.