Privacy policy for the becu.gr.com reference site
This privacy policy describes what becu.gr.com collects when you visit, what it does not collect, how long data is retained, and your rights under GDPR and CCPA. This policy applies to this reference site only — not to the upstream BECU credit union or its products.
Quick answer
becu.gr.com collects standard analytics data (page views, referring URLs, approximate geographic region, browser type) and server logs (IP address, timestamp, page requested) for performance monitoring. It does not collect account credentials, financial data, Social Security numbers, or any personalised financial information — this site has no login form and processes no transactions. Optional email correspondence is stored only for as long as needed to respond. GDPR and CCPA rights apply to applicable readers.
What this site collects
Two data types are collected automatically when any visitor loads a page on becu.gr.com — analytics data and server logs. Neither identifies individual visitors by name.
Analytics data collected on becu.gr.com includes: pages viewed, time on page, referring URL (the page or search engine that directed the visit), approximate geographic region derived from IP address (city or regional level, not street address), browser type, and device category (desktop, mobile, tablet). This data is collected through a standard web analytics tool and is aggregated — it is used to understand which pages are most useful to readers, which topics generate the most questions, and how the site is being found. Analytics data is not tied to individual identities.
Server logs are generated automatically by the web server each time a page is requested. Server logs record the IP address of the requesting device, the date and time of the request, the specific page or file requested, the HTTP status code returned, and the browser user-agent string. Server logs are used for performance monitoring, error detection, and security purposes — identifying patterns that might indicate crawling abuse or access attempts against the server infrastructure. Server log data is not combined with analytics data to build individual profiles.
Optional email correspondence — messages sent to the editorial contact address (hello@becu.gr.com) by readers — is retained only for as long as needed to respond to the inquiry and for a reasonable follow-up window. Email addresses and message content from correspondence are not added to any mailing list, sold, or shared with third parties.
Pocket Brief
becu.gr.com collects: analytics (page views, browser, approximate region — aggregated, not personalised), server logs (IP, timestamp, requested page — security and performance only), optional email correspondence (retained only to respond). Does NOT collect: credentials, account numbers, financial data, Social Security numbers, or any personalised financial information. No login form, no transactions, no financial data processing. GDPR and CCPA rights apply. Contact hello@becu.gr.com with data requests.
What this site does not collect
The absence of certain data types is as important to document as what is collected — particularly for a site that discusses financial services.
becu.gr.com does not collect, process, or store: BECU login credentials of any kind (usernames, passwords, PINs), account numbers (BECU or any other institution), Social Security numbers or Tax Identification numbers, financial account balances or transaction histories, credit card or debit card numbers, mortgage or loan details, or any other financial data associated with a BECU or any other financial account.
This site has no login form and processes no financial transactions. There is no authentication layer on any page — all pages are publicly accessible without any credential. Any page on this domain that appears to request a username, password, account number, or Social Security number is not a legitimate part of this site, and readers encountering such a page should treat it as a potential phishing attempt and leave immediately.
This site does not place advertising tracking cookies for third-party ad networks, does not run retargeting scripts, and does not share visitor data with data brokers or financial marketing services.
Cookies and local storage
Cookie use on becu.gr.com is limited to what the analytics tool and server infrastructure require — no advertising or tracking cookies are set.
The analytics tool used on becu.gr.com may set a first-party cookie or use local storage to distinguish between unique visits and returning visits for session counting purposes. This cookie does not identify the visitor by name, email, or any personal identifier — it only distinguishes between different browser sessions for aggregate counting. No third-party cookies are set by this site. Visitors who prefer not to be counted in analytics can use browser private/incognito mode, which typically clears session storage after each visit.
GDPR and CCPA rights
Readers in the European Economic Area and California have specific rights regarding their data — this section covers how those rights apply to becu.gr.com.
Under the General Data Protection Regulation (GDPR), readers located in the European Economic Area have the right to access any personal data held about them, the right to request correction of inaccurate data, the right to request erasure of data (the "right to be forgotten"), the right to object to processing, and the right to data portability. Because becu.gr.com collects only aggregated, non-personalised analytics data and server logs, the practical scope of these rights as applied to this site is narrow — individual server-log records can be located and deleted on request, but analytics aggregates cannot be disaggregated to an individual after the fact.
Under the California Consumer Privacy Act (CCPA) and its successor the CPRA, California residents have the right to know what personal information is collected, the right to request deletion of personal information, and the right to opt out of the sale of personal information. becu.gr.com does not sell personal information. California residents who want to exercise their CCPA rights can submit a request to hello@becu.gr.com with the subject line "CCPA request."
The GDPR.eu summary of the regulation covers the full scope of GDPR rights for readers who want to understand the framework in detail beyond what this policy summarises.
Data retention
Retention periods are proportionate to the purposes the data serves — analytics data is retained for trend analysis, server logs for security, and correspondence only until resolved.
Analytics data is retained for up to 24 months to support long-term trend analysis of site performance and content usefulness. After 24 months, aggregated analytics data is either archived in anonymised form or deleted.
Server logs are retained for up to 90 days for security monitoring and error detection purposes. After 90 days, server logs are deleted on a rolling basis. Logs may be retained longer if a specific security investigation requires it, but are deleted promptly once the investigation concludes.
Email correspondence is retained for up to 12 months after the last response, then deleted unless the correspondence relates to a legal or operational matter requiring longer retention.
| Data category | Collected | Purpose | Retention |
|---|---|---|---|
| Analytics (page views, browser, region) | Yes — aggregated | Site performance and content usefulness | Up to 24 months; then archived anonymised or deleted |
| Server logs (IP, timestamp, page requested) | Yes — standard server logging | Security monitoring and error detection | Up to 90 days rolling; deleted after security use |
| Email correspondence | Only if reader contacts us | Responding to reader inquiry | Up to 12 months after last response; then deleted |
| Financial data (credentials, account numbers, etc.) | No — not collected | N/A — no login form, no transactions | N/A |
| Advertising or retargeting data | No — not collected | N/A — no ad-network tracking | N/A |
Contact for data requests
Data requests — access, deletion, or questions about this policy — go to the editorial contact address.
Readers who want to exercise data rights under GDPR, CCPA, or other applicable privacy frameworks, or who have questions about this privacy policy, can contact the becu.gr.com editorial team at hello@becu.gr.com. Please include "Privacy request" in the subject line. Requests will be acknowledged within five business days and addressed within 30 days in accordance with applicable regulatory timelines.
This privacy policy was last updated in April 2026. Material changes to data practices will be reflected with a revised update date at the bottom of this page.
Frequently asked questions — becu.gr.com privacy policy
Three questions covering the most common privacy concerns for readers of this reference site.
Does becu.gr.com collect my BECU login credentials?
No. becu.gr.com has no login form and does not collect, process, or store login credentials, account numbers, passwords, or any financial data. Every reference to BECU online banking on this site is an informational explanation of the upstream process — the actual login happens at the upstream becu.org domain, not here.
What analytics data does becu.gr.com collect?
becu.gr.com collects aggregated, non-personalised analytics data including page views, approximate geographic region, browser type, and referring URL. This data is used to understand which content is most useful to readers. No personal identifiers are tied to this data. Server logs (IP address, timestamp, page requested) are retained for up to 90 days for security monitoring.
How do I exercise my GDPR or CCPA data rights?
Email hello@becu.gr.com with the subject line "Privacy request" and describe the right you want to exercise — access, deletion, correction, or opt-out. Requests are acknowledged within five business days and addressed within 30 days. Because this site collects only aggregated analytics and server logs, the practical scope is narrow, but all requests are addressed in good faith.