Privacy Policy

1. Introduction

Welcome to FunderFlow. We operate a marketplace platform that connects business owners seeking funding with alternative lenders. FunderFlow is not a lender itself; we provide the technology infrastructure that enables direct connections between merchants and lenders.

This Privacy Policy describes how FunderFlow ("we," "us," or "our") collects, uses, shares, and protects your personal and business information when you use our platform. We are committed to transparency in our data practices and protecting your privacy.

This policy applies to all users of our platform, including:

Merchants - Business owners applying for funding
Lenders - Financial institutions offering funding products
Visitors - Anyone browsing our public website

By using FunderFlow, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use our platform.

2. Information We Collect

2.1 Personal Account Information

When you create an account, we collect:

Email address (used as your unique identifier)
Password (encrypted and never stored in plain text)
First and last name
Phone number
User role (merchant, lender, or administrator)
Profile avatar image (optional)
Two-factor authentication credentials (if enabled)

2.2 Merchant Business Information

If you register as a merchant seeking funding, we collect:

Legal business name and DBA (Doing Business As)
Employer Identification Number (EIN) or Tax ID (encrypted at rest)
Business industry and classification
Years in business and founding date
Business owner name, email, and phone number
Business address (street, city, state, ZIP code)
Monthly revenue and financial estimates
Business type (LLC, Corporation, Sole Proprietorship, etc.)

2.3 Lender Company Information

If you register as a lender, we collect:

Company name and legal entity information
Primary contact name, email, and phone number
Lending products and services offered
Funding criteria (minimum/maximum amounts, revenue requirements)
States and geographic regions served
Company website URL and logo
Subscription tier and billing information

2.4 Financial Information

Important: This section contains critical disclosures about sensitive financial data collection.

Loan Applications: Funding amount requested, purpose, terms preferences
Bank Statements: PDF documents uploaded or retrieved via bank connections
Bank Account Data: Account numbers, routing numbers, balances, transaction history (via Plaid)
Transaction Details: Dates, amounts, categories, merchant names
Cash Flow Analysis: Revenue calculations, expense patterns, NSF occurrences
Underwriting Data: Risk scores, credit assessments, prequalification decisions
Loan Offers: Funding amounts, terms, interest rates, fees from lenders
Invoice Records: Payment history, amounts, due dates

2.5 Automatically Collected Information

Device Information: IP address, browser type, operating system
Usage Data: Pages visited, features used, time spent
Cookies: Authentication tokens stored in browser
Audit Logs: User actions, timestamps, changes to data

2.6 Information from Third Parties

Plaid: Bank account verification, transaction history, balance data (with your authorization)
Public Sources: Business registration data (if applicable)

3. How We Use Your Information

We use the information we collect for the following purposes:

Account Management: Create, maintain, and authenticate user accounts; verify identity
Service Delivery: Process loan applications; match merchants with lenders
Underwriting & Risk Assessment: Analyze financial data using automated algorithms to generate risk scores
Communications: Send transaction confirmations, application updates, offer notifications
Platform Operations: Monitor system performance; troubleshoot technical issues
Compliance: Meet legal obligations under FCRA, Fair Lending laws, anti-money laundering regulations
Analytics: Understand platform usage; improve user experience
Security: Detect and prevent fraud, unauthorized access, security threats

Automated Decision-Making: Our platform uses automated systems to analyze your financial information and generate prequalification decisions and risk scores. These automated assessments influence which lenders see your application. You have the right to request human review of automated decisions and to dispute inaccurate information.

4. Information Sharing & Disclosure

Important: Information Sharing with Lenders

When you submit a loan application through FunderFlow, your business and financial information is shared with lenders to evaluate your funding request. This is the core function of our marketplace. By submitting an application, you explicitly authorize us to share your information with matched lenders.

4.1 With Lenders (When You Apply for Funding)

When a merchant submits a loan application, we share:

Business information (name, industry, location, years in business)
Funding request details (amount, purpose, terms)
Financial data (revenue, bank statements, transaction history)
Underwriting reports and risk scores
Contact information (after NDA acceptance)

Note: Lenders initially see anonymized data. Full details are only shared after NDA acceptance.

4.2 With Service Providers

Plaid: Bank account verification and transaction data (Privacy Policy)
Stripe: Payment processing for subscriptions (Privacy Policy)
Email Service Providers: Transactional notifications
Cloud Hosting: Secure data storage

4.3 Legal Disclosures

We may disclose your information when required by law or to protect rights and safety:

In response to subpoenas, court orders, or legal processes
To comply with applicable laws and regulations
To protect rights, property, or safety
To investigate fraud or security incidents

4.4 Business Transfers

If FunderFlow is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

We Never Sell Your Data: FunderFlow does not and will not sell your personal or business information to third parties for marketing purposes.

5. Data Security

We implement industry-standard measures to protect your information:

Encryption in Transit: All data transmitted using TLS/SSL protocols
Encryption at Rest: Sensitive fields (EINs, tokens) encrypted in database
Password Protection: Hashed using modern cryptographic algorithms
Access Controls: Strict limits on data access based on role
Two-Factor Authentication: Optional 2FA for enhanced security
Audit Logging: All data access tracked for accountability
Security Assessments: Regular reviews and testing

Important: While we employ commercially reasonable security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information as necessary to provide services and comply with legal obligations:

Active Accounts: Retained while your account is active
Financial Records: Minimum 7 years (federal compliance)
Audit Logs: Retained per regulatory requirements
After Account Closure: Deleted or de-identified unless legally required

7. Your Privacy Rights

7.1 Access & Portability

You have the right to access your personal information and receive a copy in portable format. Contact privacy@funderflow.com to request your data. We respond within 30 days.

7.2 Correction & Updates

Update your profile information through account settings or contact support@funderflow.com for assistance.

7.3 Deletion

You can request deletion of your personal information. Note: Some information must be retained for legal compliance (e.g., financial records for 7 years).

7.4 State-Specific Rights

California Residents (CCPA/CPRA):

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale (we don't sell data)
Right to non-discrimination

Virginia, Colorado, Connecticut Residents:

Right to access, correct, and delete
Right to data portability
Right to opt-out (we don't engage in targeted advertising or sales)

How to Exercise Your Rights: Email privacy@funderflow.com with your request. We will verify your identity and respond within 30 days.

8. Cookies & Tracking Technologies

We use cookies and similar technologies:

Essential Cookies: Authentication tokens, CSRF protection (required for platform)
Audit Logs: IP address and user agent for security monitoring

Essential cookies cannot be disabled as they're required for platform functionality. You can manage preferences through browser settings.

9. Third-Party Services

Our platform integrates with third-party services:

Plaid: Bank account verification - View Privacy Policy
Stripe: Payment processing - View Privacy Policy

We are not responsible for third-party privacy practices. Review their policies before providing information.

10. Children's Privacy

FunderFlow's services are intended for business owners and financial professionals. Our platform is not directed to individuals under 18, and we do not knowingly collect information from minors.

If we discover information from someone under 18, we will promptly delete it. Contact privacy@funderflow.com if you believe we have collected data from a minor.

11. International Users

FunderFlow operates in the United States. Your information is processed and stored on U.S. servers. By using our services, you consent to transfer and processing in the U.S., where data protection laws may differ from your country.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices, technology, or legal requirements.

Material Changes: We will notify you by email and/or platform notice at least 30 days before changes take effect.

Non-Material Changes: We will update the "Last Updated" date at the top.

Continued use after changes constitutes acceptance. We encourage periodic review of this policy.

13. Contact Us

Privacy Inquiries:
privacy@funderflow.com

Customer Support:
support@funderflow.com

Response Time:
We respond to privacy requests within 30 days

14. Fair Credit Reporting Act (FCRA) Disclosures

Required notices under federal law

14.1 Consumer Reporting Activities

FunderFlow may use consumer reports and/or be considered a consumer reporting agency under FCRA. We collect and analyze financial information for:

Evaluating creditworthiness and ability to repay
Generating risk scores and underwriting assessments
Matching merchants with appropriate lending products
Facilitating lenders' evaluation of funding applications

14.2 Adverse Action Rights

If your application is denied or you receive less favorable terms, you are entitled to:

Notice of adverse action with specific reasons
Information about the consumer reporting agency (if applicable)
Right to dispute inaccurate information
Right to obtain a free copy of any consumer report used

14.3 Accuracy & Dispute Procedures

If you believe information is inaccurate:

Submit a Dispute: Contact privacy@funderflow.com
Investigation: We investigate within 30 days
Resolution: We correct inaccuracies or add notation
Notification: You receive written results

14.4 Permissible Purposes

We only access credit and financial information for permissible purposes under FCRA. We do not share information for marketing without consent.

Your FCRA Rights Summary: For complete information about your rights under FCRA, visit the FTC Consumer Rights Summary.

Questions? Contact privacy@funderflow.com

Table of Contents