This Privacy Policy describes how CredFin, Inc. ("CredFin," "we," "us," or "our") collects, uses, discloses, and protects information about you when you:
By using our services or submitting information to us, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated by reference into our Client Service Agreement.
| Category | Examples | When Collected |
|---|---|---|
| Identity & Contact | Full name, email address, phone number(s) including mobile, mailing address, job title | Forms, enrollment, workshop registration |
| Business Information | Business name, EIN/tax ID, entity type, state of formation, date formed, industry, annual revenue, number of employees | Enrollment, funding applications, consultations |
| Financial Information | Monthly revenue, existing debt obligations, funding goals, self-reported credit score ranges (we do not collect full bank account numbers) | Fundability assessments, coaching sessions |
| Business Credit Profile | D&B DUNS number, Equifax Business file data, Experian Business credit data, PAYDEX scores, trade line information | Platform use, fundability analysis (with your authorization) |
| Payment Information | Credit/debit card details, billing address — processed by PCI-compliant third-party processor. CredFin does not store full card numbers. | Enrollment checkout |
| SMS / Mobile Consent | Mobile phone number, opt-in confirmation, opt-out requests, STOP/HELP responses | Web forms, workshop registration, enrollment |
| Communications | Call recordings, voicemails, email correspondence, SMS/text messages, chat transcripts, coaching session notes | Ongoing interactions with our team |
| Purpose | Description | Legal Basis |
|---|---|---|
| Service Delivery | Providing coaching, fundability assessments, lender matching, platform access, and all contracted services | Contract performance |
| Account Management | Creating and maintaining your account, processing payments, sending receipts and service communications | Contract performance |
| Fundability Analysis | Analyzing business credit data from D&B, Equifax Business, and Experian Business to generate reports and recommendations | Contract; legitimate interest |
| Lender Matching | Using your business profile to identify and introduce you to appropriate lenders | Contract; consent |
| SMS & Phone Communications | Sending appointment reminders, workshop confirmations, follow-ups, program updates, and promotional texts (with consent — see Section 6) | Consent; legitimate interest |
| Marketing & Outreach | Promotional offers, newsletters, and information about new services. You may opt out at any time. | Consent; legitimate interest |
| Call Center Operations | Recording and reviewing calls for QA, compliance, training, and dispute resolution (see Section 7) | Legitimate interest; legal obligation |
| Legal & Compliance | Complying with legal obligations, responding to lawful requests, enforcing our agreements | Legal obligation; legitimate interest |
| Security & Fraud Prevention | Detecting and preventing fraud, unauthorized access, and security incidents | Legitimate interest; legal obligation |
| Analytics & Improvement | Understanding service usage to improve features and user experience | Legitimate interest |
We engage trusted third-party vendors who are contractually prohibited from using your data for their own purposes:
With your explicit consent, we may share your business profile with lenders in our network as part of the Lender Match™ service. Each lender has its own privacy policy governing their use of your information. We do not share your data with lenders for purposes other than evaluating your eligibility for financing.
We may disclose information when required by law, subpoena, or court order; to enforce our agreements; or to protect the rights, property, or safety of CredFin, our clients, or others.
In the event of a merger, acquisition, or sale of substantially all assets, your information may be transferred to the successor entity. We will notify you of any material change in how your information is used, where required by law.
| Type | Purpose | Can Opt Out? |
|---|---|---|
| Strictly Necessary | Required for the website and platform to function (authentication, security, session management) | No — required |
| Functional | Remember your preferences, language settings, and prior interactions | Yes |
| Analytics / Performance | Measure website traffic and usage patterns (e.g., Google Analytics) | Yes |
| Marketing / Retargeting | Track behavior to show relevant ads and measure campaign effectiveness (e.g., Facebook Pixel, Google Ads) | Yes |
Manage cookie preferences through your browser settings, our cookie consent banner, or by emailing [email protected]. Our website does not currently alter its data collection practices in response to browser Do Not Track (DNT) signals, as no universal standard exists.
Web Beacons: Our emails may contain small image files ("web beacons") that allow us to track open rates and engagement. You can disable this by setting your email client to block remote images.
CredFin, Inc. sends SMS and MMS text messages through registered A2P 10DLC messaging campaigns in full compliance with the Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227), FCC regulations, CTIA Messaging Principles and Best Practices, and all applicable A2P 10DLC carrier requirements.
We obtain express written consent before sending any marketing or promotional SMS messages. Consent is collected when you:
| Message Type | Description / Examples |
|---|---|
| Appointment Reminders | Reminders for upcoming workshop sessions, coaching calls, and consultations |
| Workshop Confirmations | Registration confirmations and access details for free and VIP workshops |
| Program Updates | Notifications about your Capital Qualified™ status, platform activity, and program milestones |
| Follow-Up Communications | Post-call or post-workshop follow-up messages from our team |
| Promotional Messages | Information about new CredFin services, offers, and educational content (marketing only with prior consent) |
| Transactional Alerts | Payment confirmations, account notices, and service-related updates |
Phone Number Privacy: CredFin will never sell, share, or disclose your mobile phone number to any third party for their own marketing or SMS outreach purposes.
You may opt out of SMS communications from CredFin at any time using any of the following methods:
After opting out, you may re-subscribe at any time by texting START to the same number or by completing a new opt-in form.
CredFin's SMS campaigns are registered with the major U.S. wireless carriers through the A2P 10DLC system administered by The Campaign Registry (TCR). This registration includes disclosure of our brand identity, message types, and opt-in/opt-out procedures to carriers and their aggregators. Our messaging complies with all applicable carrier codes of conduct and CTIA short code and 10DLC guidelines.
CredFin's SMS program is available on all major U.S. wireless carriers, including AT&T, Verizon, T-Mobile, and others. Carrier support may vary. We are not liable for delayed or undelivered messages due to carrier transmission failures.
CredFin operates a call center and may record telephone calls for quality assurance, compliance, agent training, dispute resolution, and service improvement. By calling us or accepting a call from us, you consent to call recording. Where state law requires two-party consent (including Florida, California, and other two-party consent states), we provide notice at the start of each call. Recordings are stored securely and accessed only by authorized personnel.
CredFin may contact you by telephone using an automated dialing system or pre-recorded messages for service-related and marketing purposes. By providing your phone number on a CredFin web form or during enrollment, you expressly consent to such calls. You may revoke consent at any time by saying "remove me" during any call, emailing [email protected], or replying STOP to any text message.
CredFin maintains an internal Do Not Call list and honors the National Do Not Call Registry. To be added to our internal Do Not Call list, contact us at [email protected] or (949) 828-4020.
With your authorization, we access your business credit profile from Dun & Bradstreet, Equifax Business, and Experian Business. This data includes your business credit scores, payment history, trade lines, and public records associated with your business entity. We use this data solely to deliver our Capital Qualified™ Fix and Lender Match™ services. We do not access your personal consumer credit report without separate explicit written consent.
To the extent CredFin collects nonpublic personal financial information in connection with financial advisory activities, we operate in compliance with applicable provisions of the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.) and the FTC Safeguards Rule (16 C.F.R. Part 314). We maintain a written information security program to protect the security, confidentiality, and integrity of client financial information.
All payment card transactions are processed by a PCI DSS-compliant third-party processor. CredFin does not store, transmit, or have access to your full credit card number, CVV, or card expiration date after a transaction is processed.
CredFin implements reasonable and appropriate technical, administrative, and physical safeguards including:
| Data Category | Retention Period |
|---|---|
| Active client account data | Duration of Service Period plus 7 years |
| Payment and transaction records | 7 years from transaction date (tax and accounting requirements) |
| Call recordings | 3 years from recording date, unless required longer for disputes |
| Email and SMS communications | 3 years from last interaction |
| SMS opt-in / opt-out records | 5 years (TCPA compliance requirement) |
| Business credit data (bureau reports) | Duration of program plus 2 years |
| Lead and prospect data (non-enrollees) | 2 years from last contact, or until opt-out |
| Website analytics / cookies | Up to 2 years (varies by cookie type) |
| Legal dispute / compliance records | 7 years or as required by law |
After the applicable retention period, we securely delete or anonymize your information, subject to our legal obligations to retain certain records.
CredFin's services are intended exclusively for business owners and authorized representatives who are 18 years of age or older. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will promptly delete it. Contact us at [email protected] if you believe a child has provided us personal information.
CredFin complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.) and the FTC's COPPA Rule (16 C.F.R. Part 312).
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:
Submit a California Privacy Request by emailing [email protected] with subject line "California Privacy Request" or calling (949) 828-4020. We respond within 45 days and process up to two requests per 12-month period at no charge. Identity verification may be required.
Residents of the following states have rights under their respective state privacy laws. CredFin honors these rights for qualifying residents where applicable:
| State | Law | Key Rights |
|---|---|---|
| Virginia | CDPA | Access, correction, deletion, portability, opt-out of sale/targeted advertising, appeal |
| Colorado | Colorado Privacy Act | Access, correction, deletion, portability, opt-out, appeal |
| Connecticut | CTDPA | Access, correction, deletion, portability, opt-out, appeal |
| Texas | TDPSA | Access, correction, deletion, portability, opt-out |
| Nevada | SB 220 / SB 260 | Opt-out of sale of covered information |
| Florida | Florida Information Protection Act | Data breach notification rights; security safeguards |
To exercise rights under any applicable state law, contact [email protected] and include your state of residence. We will respond within the timeframe required by your state's law.
CredFin, Inc. is headquartered in the United States and our services are designed for U.S.-based businesses. If you access our services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our services, you acknowledge and consent to this transfer for the purposes described in this Policy.
Our website and platform may contain links to third-party websites, tools, or services (including lender websites, educational resources, and partner tools). This Privacy Policy does not apply to any third-party websites. We encourage you to review the privacy policies of any third-party site before providing your information. CredFin is not responsible for the privacy practices or content of third-party sites.
When you are introduced to a lender through our Lender Match™ service and visit that lender's website, you are interacting directly with that third party under their own privacy policy.
CredFin reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will:
Your continued use of our services after the effective date of any update constitutes acceptance of the revised Policy. If you do not agree to the revised Policy, you may terminate your service relationship per the terms of your Client Service Agreement.
For any privacy-related questions, requests, or complaints, contact us using the information below. We are committed to acknowledging your request within 10 business days and resolving it within the timeframe required by applicable law.