In today's environment, where people are subjected to marketing calls, junk mail, and spam and are very concerned about fraud and identity theft, we recognize the seriousness of our responsibility to help maintain the privacy and security of your personal information. As a result, we have adopted privacy and security practices that go beyond minimum legal requirements in order to give you greater comfort. We invite you to compare what we do with any other lender that you are presently using or considering.

We are a Norton Secure Site, allowing you to confirm our web site identity by clicking on the seal below:


For Nevada residents only, Nevada law requires that we also provide you with the following contact information:

Bureau of Consumer Protection, Office of the Nevada Attorney General
555 E. Washington St., Suite 3900
Las Vegas, NV 89101
Phone: 702.486.3132
Email: BCPINFO@ag.state.nv.us

We may modify this privacy and security policy from time to time. We will post such changes to this page and update the last revised date. If the changes to the policy are significant, we will provide a more prominent notice including, possibly, an email notification to you.

Privacy Policy

Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Social Security number and income
  • account balances and payment history
  • credit history and credit scores
How? All financial companies need to share customers' information to run their everyday business—to process transactions, maintain customer accounts, and report to credit bureaus. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons LightStream chooses to share; and whether you can limit this sharing.
Reason we can share your personal information Does LightStream share? Can you limit this sharing?
For our everyday business purposes—
such as process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes No
For our marketing purposes—
to offer our products and services to you
Yes Yes (See below)
For joint marketing with other financial companies No We don't share
For our affiliates' everyday business purposes—
information about your transactions and experiences
Yes No
For our affiliates' everyday business purposes—
information about your creditworthiness
Yes Yes (See below)
For our affiliates to market to you Yes Yes (See below)
For nonaffiliates to market to you No We don't share
To limit our
  • LightStream customers, please go to Preferences in the customer service section of the LightStream web site to change your preferences to limit our sharing.
  • You may also email LightStream at privacy@lightstream.com
If you are a new customer, we can begin sharing information 30 days from the date you receive this notice. When you are no longer our customer, we may continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing and to restrict telemarketing, direct marketing postal mail and email solicitations.
Who we are
Who is providing this notice? LightStream, and its affiliates.
What we do
How does LightStream protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does LightStream collect my personal information? We collect your personal information, for example, when you
  • open an account or deposit money
  • pay your bills or apply for a loan
  • use your credit or debit card
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can't I limit all sharing? Federal law gives you the right to limit sharing only for
  • affiliates' everyday business purposes—information about your creditworthiness
  • affiliates to market to you
  • nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to everyone on your account—unless you tell us otherwise
Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies. LightStream is a division of SunTrust Bank.
  • Our affiliates include companies with a SunTrust name and other financial companies, such as GenSpring International LLC. SunTrust does not own any nonfinancial companies.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
  • LightStream does not share information with nonaffiliates so they can market to you.
Joint marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • LightStream does not have any joint marketing partners.
Other important information
State and Local Regulations: If, in addition to federal law, you are protected by specific state or local rules concerning information sharing and marketing, SunTrust will fully comply with these regulations as well. Under Vermont and California law, we will not share information we collect about you with companies outside of SunTrust Bank, unless the law allows. Nevada State law requires that we provide residents with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington Street, Suite 3900, Las Vegas, NV 89101; Phone: 702.486.3132; Email: BCPINFO@ag.state.nv.us.
Use of Third Parties: We have arrangements with companies whose experience is essential for our own services to operate properly. These companies, some of which may be located outside the United States, work at LightStream's direction, only receive the information necessary to perform these functions, and adhere to LightStream’s data security guidelines.
Important Notice about Credit Reporting: We may report information about your account(s) to credit bureaus. Late payments, missed payments, or other defaults on your account(s) may be reflected in your credit report.
Do Not Call Policy. This notice is LightStream’s Do Not Call Policy under the Telephone Consumer Protection Act. LightStream abides by all federal and state regulations on telephone usage, maintains an internal Do Not Call list and makes no telemarketing calls to numbers on this list. All Do Not Call requests are implemented within 30 days and the selection is permanent - unless you elect to remove your number from the list.

Updated December 2019

LightStream has a longstanding commitment to protecting the confidentiality and security of our clients' personal information. We believe it is helpful to have an overview of how this commitment is applied as LightStream collects, uses, and protects your personal information when you visit us online.

For California residents, the California law requires that we provide consumers with advance notice of the types of personal information we collect from consumers, our intended use of such information, and a description of your privacy rights under California law. This includes rights to request disclosure of the types of personal information we have collected on you and your right to request that we delete certain information we have collected from you. Please click here for further information on your specific consumer privacy rights.

What information do we collect?

When you visit the LightStream website, application or otherwise interact with us online, we may collect the below information:

How do we use the information we collect?

The information we collect online helps LightStream to:

Technologies we use

LightStream and its online advertising and marketing partners may employ various technologies to collect information, including:

Interacting with LightStream online

Online advertising on third-party websites and applications

LightStream advertises its products and services on websites and applications not affiliated with LightStream. The third-party companies we hire to display these ads use their own tracking technologies to measure the effectiveness of these ads and to understand your interest. Many of our third-party partners have their own privacy policies. We encourage you to review these policies carefully.

Some of our third-party advertising is interest-based and may use information about your online interests to customize the online ads you see. LightStream has adopted the use of the AdChoices Icon (also known as the Advertising Option Icon) for our interest-based advertising (excluding ads appearing on platforms that do not accept the icon). Anyone receiving an interest-based ad can click on the displayed icon to receive more information. The AdChoices Icon does not prevent you from receiving advertisements, but allows you to control whether you receive interest-based advertisements and from which companies. Visit the Digital Advertising Alliance website for more information about the AdChoices Icon and interest-based advertising.

Third-party aggregation services and tools

Aggregation allows you to gather information from many websites and view that information in a consolidated format. An example of why you might use a third-party aggregation tool is if you wanted a comprehensive view of assets and liabilities held within your financial accounts. If you provide information about your LightStream accounts (including your access information) to an aggregation service provider, we will consider that as your having authorized all transactions initiated by that aggregation site. LightStream reserves the right to disable aggregation for any account without notice. If you wish to cancel your third-party aggregation services you should also change your password at lightstream.com.

Social Media

LightStream provides experiences on social media platforms such as Facebook or Twitter that enable online sharing and collaboration. Any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.

Given the very public nature of social media, it is critical that we all safeguard confidential financial information. If you post information on a LightStream site that we feel should be shielded from public view, we will remove it. This includes not only specific details about your LightStream accounts and other private, confidential information (such as your Social Security Number), but details of information relayed in private conversations between you and LightStream representatives. Please know that in taking down or editing your posts, we are focusing our experience and best judgment to keep your personal information safe.

Linking to other sites

LightStream may provide links to non-LightStream companies, such as credit bureaus or merchants, and will notify you when leaving the LightStream site. If you choose to link to websites not controlled by LightStream, we are not responsible for the privacy or security of these sites, including the accuracy, completeness, reliability or suitability of their information. If you are asked to provide information on one of these sites we urge you to carefully study their privacy policies before sharing.

Protecting your children

LightStream strictly follows the federal guidelines of the Children's Online Privacy Protection Act (COPPA) which gives parents control over what type of information is collected online about their children. We do not knowingly collect, maintain, or use personally identifiable information from children under age 13 on our websites. We are not responsible for the data collection and use practices of nonaffiliated third-parties that are linked from our websites. Visit the COPPA website for more information.

Control your online privacy preferences

In summary, the below links can help you to customize and control your privacy preferences when interacting with LightStream online:

Online Privacy Practices updates

LightStream's Online Privacy Practices are subject to change, so please review them periodically. Any changes will become effective when we post the revised Practices on the site (please note the effective date listed at the top of this page). Your use of the site and applications following these changes means that you accept the revised Practices.

Our Security Practices

With regard to the security of your personal information, we employ a variety of electronic, physical, and procedural safeguards to protect your personal information including:

Encryption - We employ 128-bit Secure Sockets Layer (SSL) technology to encrypt your personal information when it is in transit between your web browser and our web server or vice versa. In addition, we also use advanced encryption when storing or backing up your personal information on our computers, substantially reducing the risk even in the event of loss or misuse of your personal information.

Software and Hardware Security - We employ stringent, up-to-date software and hardware solutions to minimize the risk that your encrypted, personal information could be hacked, lost, or stolen from our computer systems.

Physical Security - Your encrypted, personal information is located and stored in secure areas within our building and any offsite data processing facilities.

Access - Access to your personal information (either physically or online) is limited to you and our employees who have a "need to know" in order to perform their jobs and who have the appropriate authentications such as key cards, user IDs, and passwords. A user ID and password is required on the Sign In page on our web site for you to access and/or update your account information. Please remember to keep your user id and password secure. Also, if you prefer additional security, we offer our AccountLock feature which will prevent access to your account even with a valid user id and password. Access will only be granted after you request a pass code from us. We will then email you a randomly-generated, temporarily available pass code, allowing you one-time access to your account.

Training - We provide training to our employees regarding our security procedures.