Legal

Cookie and Tracking Notice

How PayServices Bank uses cookies, client-side storage, and tracking technologies on the ITAM application and the itam.world website.

Last updated: May 5, 2026
This document is provided in English. Translations of other parts of the site are for convenience only; the English version governs.

1. Overview

This Cookie and Tracking Notice explains how PayServices Bank uses cookies, similar tracking technologies, and any other client-side storage on the ITAM application and the itam.world website (together, the "Services"). It is provided as a separate notice in addition to our Privacy Notice.

This Notice is provided in accordance with the EU ePrivacy Directive (2002/58/EC) as transposed in EEA member states, the EU General Data Protection Regulation (GDPR), the UK Privacy and Electronic Communications Regulations (PECR), the California Consumer Privacy Act (CCPA / CPRA), the Brazilian Lei Geral de Proteção de Dados (LGPD), and equivalent laws in markets where ITAM is available.

2. What we currently use

PayServices Bank uses only strictly necessary client-side storage on the Services. We do not currently use:

  • Third-party analytics cookies (such as Google Analytics, Mixpanel, Amplitude, or Hotjar);
  • Advertising or marketing cookies (such as the Meta Pixel, Google Ads, or LinkedIn Insight Tag);
  • Third-party cross-site tracking technologies;
  • Third-party fonts loaded from external content delivery networks (we self-host all fonts);
  • Third-party social-media share buttons that load embedded scripts.

If we begin to use any of these in the future, we will update this Notice and, where required by law, obtain your consent before activation.

3. Strictly necessary storage

The following storage is used by the Services and is necessary for the basic operation of the application and website. Under the EU ePrivacy Directive (Recital 25 and Article 5(3)), GDPR, and CCPA, this category does not require user consent because it is necessary for the service the user has requested.

ItemTypePurposeDuration
itam_lang localStorage Stores your language preference (e.g., "en", "fr", "ar") so the site loads in your selected language on return visits. Persistent until cleared by you.
Authentication session HTTP-only secure cookie Maintains your authenticated session in the ITAM application. Session-only or up to your authentication-token lifetime.
CSRF token HTTP-only secure cookie Protects against cross-site request forgery during sensitive actions. Session-only.
Load-balancer affinity HTTP-only cookie Routes requests in the same session to the same server for consistency. Session-only.

None of these items are used for analytics, advertising, profiling, or any purpose other than the operation of the Services as you have requested.

4. Server-side processing

In addition to client-side storage, our servers process information about your visit for security, fraud prevention, and operational reasons. This is not "cookie" or "tracking" activity in the technical sense, but we disclose it here in the interest of transparency:

  • Access logs — the IP address you connect from, the user-agent string of your browser or app, the URL path you requested, the HTTP response code, and the time of the request. These logs are used for security investigation, abuse prevention, and operational diagnostics, and are retained for the period set out in our Privacy Notice.
  • Content delivery and DDoS protection — we use a content delivery network and DDoS-protection service that processes the same access-log information.
  • Error and crash reporting — technical error reports may be transmitted to our internal logging system to allow us to fix bugs.

Where this processing involves the personal data of users in the European Economic Area, the United Kingdom, or other regions with comprehensive data-protection laws, we rely on the legitimate-interest legal basis (GDPR Art. 6(1)(f)), or, where required, on contractual necessity (GDPR Art. 6(1)(b)) or compliance with a legal obligation (GDPR Art. 6(1)(c)).

5. Why you do not see a cookie consent banner

Under the EU ePrivacy Directive and equivalent laws, a cookie consent banner is required only when a website stores or accesses information on a user's device that is not strictly necessary for the service the user has requested. PayServices Bank has chosen to operate the Services using only strictly-necessary storage, and to self-host all fonts, scripts, and assets so that no third-party tracking is initiated when you visit the Services.

If we begin to use non-strictly-necessary cookies or trackers in the future, we will display a consent banner that meets the requirements of EU and other applicable law, including the ability to refuse non-essential cookies as easily as accepting them.

6. Your controls

You may disable cookies in your browser settings or use private/incognito browsing mode. Disabling strictly-necessary cookies will prevent the Services from functioning as intended (for example, you will not be able to remain signed in to the ITAM web application).

You may clear our localStorage entries (such as itam_lang) by clearing site data in your browser. The next time you visit, the site will reset to default values.

For more information about your other privacy rights and how to exercise them, see our Privacy Notice, our State-Specific Privacy Rights Notice, and the "Do Not Sell or Share My Personal Information" page.

7. Changes to this Notice

We may update this Notice from time to time. The current version is the version posted at itam.world/cookies. Material changes — including, in particular, the introduction of any non-strictly-necessary cookies or trackers — will be communicated to users in-app, by email, or by an on-site notice, and where required by law will be subject to your prior consent.

8. Contact us

For questions about this Notice or about cookies and tracking on our Services:

PayServices Bank — Privacy
950 W Bannock Street, Suite 1100
Boise, Idaho 83702-6140
United States

info@payservices.com