Privacy Policy

This Privacy Policy shall be effective as of July 31, 2024.

This website is owned and operated by Lendio, Inc. (“Lendio”). We at Lendio respect and protect the privacy of visitors to our website, and the privacy of our customers and have developed this Privacy Policy to demonstrate our commitment to protecting your privacy. Except where otherwise noted, this Privacy Policy applies to and describes our information handling practices when you access our services, which include our content located on this website, or any other websites, pages, features, or content we own or operate (collectively, the “Site(s)”) or third-party applications relying on API, and related services (referred to collectively hereinafter as “Services”).

Lendio is a small business marketplace to assist small businesses in accessing and managing capital. Our Privacy Policy applies to everyone who utilizes our Sites.

We encourage you to review Lendio’s Terms of Use. Where consent is required by law to process your personal information, we will ask for your consent to the collection, use, and sharing of your personal information as described further below, otherwise your receipt of notice of our privacy policy constitutes sufficient consent for Lendio to collect and process your personal data in a manner consistent with this Privacy Policy and the law. We may provide additional “just-in-time” disclosures or information about the data processing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.

For each section, Lendio will provide a summary of the section in the hopes that it will assist Lendio customers to better understand Lendio’s privacy practices and policies. 

1. Types of Information that is collected

1.1 Personal Information.

While Lendio strives to only collect information about your business, due to the nature of small businesses, Lendio invariably collects Personal Information about business owners as they seek business capital. Personal Information is defined as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. The definition of Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.

To establish an account and access our Services, we’ll ask you to provide us with some important information about you. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide 3 or 4 months of bank statements), or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information.

Please note that we may not be able to serve you at all, or our Services may be degraded if you choose not to share certain information with us.

1.2 Types of Personal Information.

During the course of offering services, Lendio may, but does not always, collect the following information from you:

• Personal Identification Information: Full name, date of birth, utility bills, photographs, phone number, home address, IP Address, social security number, and/or email.
• Formal Identification Information: Government issued identity document such as Passport, Driver’s License, National Identity Card, State ID Card, Tax ID number, passport number, driver’s license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial, consumer protection, and commercial lending laws or contractual obligations imposed upon us by our banking partners.
• Business Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners.
• Financial Information: Bank account information, Tax return information, Federal and State Tax ID, Profit and Loss Statements, Income statements, Credit Score, Business Invoices, and Wire Instructions.
• Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount, and/or timestamp.
• Employment Information: Office location, job title, and/or description of role.
• Correspondence: Survey responses, information provided to our support team or user research team.
• Business Information: Type of business, list of officers, members, or managers of the business, articles of incorporation, certificates of good standing, and ownership structure.

1.3 Device/Digital Information.

We receive and store certain types of information automatically, such as whenever you interact with the Sites or use the Services, or access our Site or Services from another website – such as by interacting with an advertisement, or by interacting with Lendio’s . This information helps us address customer support issues, improve the performance of our Sites and applications, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. Information collected automatically includes:

• Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or device IP addresses.
• Usage Data: Authentication data, security questions, click-stream data, public social networking posts, and other data collected via cookies and similar technologies.

For example, we may automatically receive and record the following information on our server logs:

• How you came to and use the Services;
• Device type and unique device identification numbers;
• Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);
• How your device interacts with our Sites and Services, including pages accessed and links clicked;
• Geographic location; and,
• Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser and other information about you.

We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third-party site.

1.4 Third-Party Information About You.

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. As needed, we will obtain your consent to obtain this information from third-parties.  These sources may include:

• Public Databases & ID Verification Partners: We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law.
• Credit Bureaus: With your consent, we obtain information from credit bureaus, including your credit report.We will not disclose your credit report without your explicit permission. We obtain your credit information to better provide services to you, to match you with appropriate lenders, to ensure your identity, and to avoid fraud.
• Financial Institution: With your consent, we obtain information directly from your financial institution, including copies of your account statements. We obtain this information to assist in providing Services to you, including the underwriting process. To do this, we utilize Finicity, Ocrolus, and Plaid. Finicity’s privacy policy, available at https://www.finicity.com/privacy/ describes its collection and use of personal data. Ocrolus’s privacy policy, available at https://www.ocrolus.com/privacy-policy/, describes its collection and use of personal data. Plaid’s privacy policy, available at https://plaid.com/legal/#consumers, describes its collection and use of personal data
• Joint Marketing Partners & Resellers: For example, unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.
• Advertising Networks & Analytics Providers: We work with these providers to provide us with de-identified information about how you found our Sites and how you interact with the Sites and Services. This information may be collected prior to account creation.
• Third Party Service Providers: Lendio customers who use certain of our products are subject to third-party privacy policies, including WePay, whose privacy policy is maintained at https://go.wepay.com/privacy-policy/.

2. How information is collected

We obtain information about you during the application process, and also through your interactions with our Sites.

As we’ve noted previously, where we require your consent to process your personal information, we will ask for your consent to the collection, use, and sharing of your personal information as described further below. We may provide additional “just-in-time” disclosures or information about the data processing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data, IF YOU DO NOT AGREE WITH OR YOU ARE NOT COMFORTABLE WITH ANY ASPECT OF THIS PRIVACY POLICY, YOU SHOULD IMMEDIATELY DISCONTINUE ACCESS OR USE OF OUR SERVICES

We obtain the categories of personal information listed below from the following sources:

• Directly from you: For example, from forms you complete or by using our Products and Services.
• Indirectly from you: For example, from observing your actions on our Sites.
• Third Parties: For example, from third-party services which you connect to as part of using our Services.

2.1  During the application process. 

To process your initial application for funding, you may provide to us your name, address, phone number, email address and other personal information. You may also be required to provide the name of your business, its address, its federal and state tax ID, the type of business, business location, average monthly sales, state of incorporation, name of Landlord. Such information is used primarily to process your application for business funding, but may also be used as otherwise described in this privacy policy. 

2.2  Emails and telephone calls. 

You provide us with an email address when you register for our services. We use your email for both transactional (e.g., application status, application updates, application confirmation, etc.) and promotional (e.g., newsletters, new product offerings, event notifications, special third-party offers) purposes. We may send e-mail messages to you that may contain code that enables us or our vendors to track your usage of the e-mails, including whether the email was opened and what links (if any) were clicked. Additionally, during the application process, you may engage in email communications about your transaction, and provide Lendio with information about you, your business, and your application. If you would rather not receive promotional emails from us, please see the section below labeled “Choice/Opt-Out”. We reserve the right to send you certain communications relating to the Lendio services, such as service announcements and administrative messages, without offering you the opportunity to opt out of receiving them. We may also contact you by telephone or text message (including to any wireless number you may provide to us), and you may provide to us information, in connection with Lendio’s services, or for marketing purposes if you consent to receiving such telephone calls or text messages. Lendio records, stores, transmits, and analyzes the contents of these calls to third-parties for the purposes discussed in sections 3 and 4. If you would rather not receive telephone calls or text messages from us, you may change or delete your number from your account preferences page(s), or ask to be placed on our internal do-not-contact list if you receive a call or text message from us. We fully comply with the requirements of the U.S. CAN-SPAM Act, the Telephone Sales Rule, the Telephone Consumer Protection Act (TCPA), and relevant state laws governing telephone calls.

2.3  Service Providers

Lendio offers multiple ways for our customers to interact with us, and provides to our customers a variety of information to support their business financing journey. Lendio embeds videos on its websites, it enables chat features, utilizes AI chatbots, third-party web monitoring services, and other general services from time to time. You provide your information to those service providers, who, in turn, provide that information to Lendio. By utilizing these service providers on Lendio’s Sites, we may also disclose your information to those service providers as set forth more fully in sections 3 and 4 below. To the extent possible, Lendio minimizes the data it collects, the data it shares, and anonymizes and aggregates your data.Furthermore, Lendio enacts relevant restrictions, such as screening sensitive personal information from collection or use by these third-party service providers.  

2.4  Log files.

Any time you visit any of our Sites, our servers automatically gather information from your browser (such as your IP addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks) to analyze trends, administer the site, prevent fraud, track visitor movement in the aggregate, and gather broad demographic information. For example, we may log your IP address for system administration purposes. IP addresses are logged to track a user’s session. This gives us an idea of which parts of our site users are visiting. We do not share the log files externally.

2.5 Cookies.

We use “cookies” to keep track of some types of information while you are visiting our Sites or using our services. Cookies are very small files placed on your computer, and they allow us to count the number of visitors to our Sites and distinguish repeat visitors from new visitors. They also allow us to save user preferences and track user trends. We rely on cookies for the proper operation of our Sites.Some of those cookies also transmit information about you back to third parties.

2.6  Web beacons.

”Web beacons” (also known as “clear gifs” and “pixel tags”) are small transparent graphic images that are often used in conjunction with cookies in order to further personalize our Sites for our users and to collect a limited set of information about our visitors. We may also use web beacons in email communications in order to understand the behavior of our customers. We do not link the web beacons to any personally identifiable information.

2.7  Other sources and third parties.

We may obtain information about you from third parties. We combine this third-party data with information we already have about you to create tailored advertising and other relevant product recommendations. If you provide information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.Any information obtained from a third-party will be used to assist matching your business with various lenders.

The sites contain links to other websites that are maintained by third parties. These third parties are solely responsible for their own websites and we encourage you to reach out to such third parties for copies of and information regarding their privacy and security practices. We do not control, and are not responsible for, the privacy and security practices of these third parties.

3. How your information is used

3.1 Lendio Services.

We process your personal information to provide the Services to you. For example, when you wish to seek business financing from one of our financing partners, we require certain information such as your identification, contact information, income information, and other information as requested by our business financing providers. 

3.2 Artificial Intelligence and Machine Learning.

As part of offering our Services, Lendio has created our own Artificial Intelligence (“AI”) and Machine Learning (“ML”) datasets and models. Lendio also utilizes vendors who utilize AI and ML models. Your information may be processed utilizing these AI and ML models.. Your Personal Information may also be used to train these AI and ML models. As part of Lendio’s efforts to develop our AI and ML models ethically and responsibly, Lendio has committed to ensuring that it does so in conformance with all applicable laws, regulations, and ethical standards. 

3.3 Service communications.

We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails or mobile notifications sent for legal or security purposes;

3.4 Customer service.

We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services;

3.5 Research and development purposes.

We process your personal information to better understand the way you use and interact with Lendio’s Services. In addition, we use such information to customize, measure, and improve Lendio’s Services and the content and layout of our applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services;

3.6 To enhance your experience.

We process your personal information to provide a personalized experience, and implement the preferences you request. For example, you may choose to provide us with access to certain personal information stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services;

3.7 Facilitate corporate acquisitions, mergers, or transactions.

We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions. You have the option of closing your account if you do not wish to have your personal information processed for such purposes.

3.8 Maintain legal and regulatory compliance.

Most of our core Services are subject to laws and regulations requiring us to collect, use, and store your personal information in certain ways. For example, Lendio must identify and verify customers using our Services in order to comply with commercial lending laws across jurisdictions.

3.9 Enforce our terms in our user agreement and other agreements.

Lendio handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services;

3.10 Detect and prevent fraud.

We process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or information loss;

3.11. Ensure quality control.

We process your personal information for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process personal information for quality control purposes, you may experience issues on the Services;

3.12 Ensure network and information security.

We process your personal information in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your personal information, we may not be able to ensure the security of our Services;

3.13 Data Anonymization and Data Aggregation.

We may use data we have anonymized and aggregated for any business purpose.

Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated customer data (i.e. information about our customers that we combine together so that it no longer identifies or references an individual customer).

Lendio may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties.

Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators. Moreover, should you request that your information be deleted in accordance with the policies set forth more fully below, some of your information may be anonymized or aggregated, which complies with applicable law regarding deletion of personal information. 

4. Sharing your information with third parties

4.1. Disclosure By Law.

Lendio may disclose information you provide if required to do so by law, at the request of a third party pursuant to a court order, or if we, in our sole discretion, believe that disclosure is reasonable to (1) comply with the law, requests or orders from law enforcement, or any legal process (whether or not such disclosure is required by applicable law) and (2) protect or defend Lendio´s, or a third party´s, rights or property.

4.2. Financing Providers. 

As part of applying for business financing, you agree that Lendio will share your information with lenders, business financing providers, banks, and brokers (“Financing Providers”) within our marketplace. Please be aware that the lFinancing Providers with whom you are matched and with whom your information is shared may retain your information, even if you do not enter into an agreement for their products or services. Upon request, Lendio will provide you with a list of those Financing Providers with whom we’ve shared your data as part of your application. Please contact each such party directly regarding their privacy and information policies. Also, if you enter into an agreement with a Financing Provider and make changes to the information you have provided to us, we may share the updated information with such Financing Providers.

4.3. Sharing to Trusted Third Parties By Us.

Lendio shares your information with various third-parties who may offer products or services which Lendio believes may be of interest to you. Your information will only be shared with that party after you have elected to pursue their services (such as by clicking a link to their website).  The third-parties may offer services ranging from tax preparation, consumer loans, credit repair, or other ancillary services. We are not responsible for the material of the third parties or their actions. In addition, from time to time, we may share personal contact information (such as e-mail or mailing address) about our user base with carefully selected third parties, so they can offer goods and services that we believe may be of interest to our users. 

4.4. Service Providers and Subcontractors.

Lendio shares your information with subcontractors and service providers who assist in providing services to you. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else. Examples of the types of service providers we may share personal information with (other than those mentioned above) include:

• Artificial Intelligence Chatbots
• Email Service Providers
• Network infrastructure
• Cloud storage
• Transaction monitoring
• Security
• Document repository services
• Customer support
• Internet (e.g. ISPs)
• Data analytics
• Information Technology
• Marketing
• Any other service providers Lendio believes are necessary to offer its Services to you.

Please note that some of these Service Providers utilize AI and ML as part of offering their services to you. Where possible, Lendio has contractually restricted these Service Providers from utilizing your data to train their models, except in furtherance of refining their services to Lendio customers. Where possible, Lendio also requires these Service Providers to anonymize and aggregate any personal information that they use or process as part of their services. Lendio further seeks commercially reasonable assurances that these service provides 

4.5. As part of a Merger, Acquisition, or Fundraising Event

Lendio may share your personal information with companies or other entities that we plan to merge with or be acquired by, or who may provide us with funding. You will receive prior notice of any change in applicable policies.

4.6. Third party advertising platforms and providers

We may share certain personal information with, or make certain personal information available to, third party advertising platforms and providers. This occurs when you view our advertisements on third-party websites, or interact with those advertisements. Doing so may place a third-party cookie on your computer. Generally, these companies do not collect information that can personally identify you, but, when combined with other information they may have in their database, such information may become personal information. We share aggregate website usage information with third party advertisers and related third party providers for the purpose of effectively targeting our online advertisements. These third-party advertising networks also track visitors’ online usage and behavior patterns. These companies may use information about your visits to Lendio and other websites to provide advertisements on this site and across other sites about products and services that may be of interest to you. The result of these efforts is the creation by the third party advertising company of an online profile and segments that attempt to predict individual user interests, preferences and purchasing habits. The third-party advertising networks then use the profile and segments to customize the advertising content served to users when visiting other website.

4.7. Professionals

We may share personal information with our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.

4.8. Miscellaneous

We may share your personal information for any purpose with which you consent.

5. Updating, accessing, retaining, and deleting your information

You may choose to update, access, or delete your data; however, we may be legally required to retain your information to comply with the law.

You may update or access your contact information at any time by logging into your account and making any change or update. Any changes made will be updated immediately.

If you want to stop using your account you may deactivate it. When you deactivate an account, your information will not be sent to any Funding Providers, but the information will not be deleted. By deactivating your account you will have the ability to restore the account in its entirety.

You may delete your account from Lendio in certain circumstances upon submitting a request to Lendio to delete your account. In certain circumstances, Lendio is legally required to continue to maintain the information in your account. In these circumstances, Lendio will place your account into a deactivated status, will opt you out of all communications, and will disable your access to the account.

In the event that Lendio is able to comply with your request to delete your account, data you provide to Lendio will be retained by Lendio in a commercially reasonable manner and to comply with relevant lending laws. Once your account is deleted, Lendio will not share your information, and will only use your data for internal research and Lendio marketing. Data that is retained by Lendio will be retained for a commercially reasonable period of time as determined by Lendio in conformance with applicable law.

We store your personal information securely throughout the life of your Lendio Account. We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal information are described below.

1. Personal information collected to comply with our legal obligations under financial, consumer protection, and commercial credit laws may be retained after account closure for as long as required under such laws.
2. Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
3. Content that you post on our such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
4. Recording of our telephone calls with you may be kept for a period of up to six years.

Information collected via technical means such as cookies, web page counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.

Opting out of receiving electronic communications from us. If you no longer wish to receive promotional email communications from us, please follow the instructions provided in Section 7 below.

Your California privacy rights. In addition to the above, if you are a California resident, please review our California Privacy Notice to learn more about the personal information we collect, use and disclose, as well as your privacy rights related to your personal information under the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), as well as other state laws.

6. Security

We employ commercially reasonable security measures to protect the loss, misuse and alteration of the information stored in our database. These measures include the use of industry standard encryption methods and administrative access to site data, as well as other proprietary security measures which are applied to all repositories and transfers of user information. We will exercise reasonable care in providing secure transmission of information between your computer and our servers, but given that no information transmitted over the Internet can be guaranteed 100% secure, we cannot ensure or warrant the security of any information transmitted to us over the Internet and hence accept no liability for any unintentional disclosure. Lendio maintains a SOC 2 certification evidencing our commitment to securing your personal information. Unfortunately, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, Lendio cannot ensure or warrant the absolute security of any data or content you transmit to us.

In the event of a suspected breach of the security of your personally information, we will, to the extent required by law, notify you so you can take appropriate protective steps and to inform you of the steps Lendio is taking with respect to any such suspected breach.

We also encourage you to not share your account login and/or password with any other individual. Your account login and/or password is sensitive and your sharing of your account information may lead to additional exposure to your account.

7. Choice / Opt out of Marketing

You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instruction included in these emails or you can contact us at [email protected]

You can choose not to provide us with certain information, but this will likely result in the inability to use certain features of the site and to obtain the services and products you are seeking. As a general matter, do not post personal information on public forums. You are solely responsible for the posting of any personal information on public forums.

If, after signing up for our services, you decide you no longer wish to receive our services or future contact from lenders, brokers, or other third parties to which your information has been referred, you may cancel your account as discussed herein. Upon canceling your account, your information will no longer be sent to lenders, brokers, or other third parties. This does not guarantee that these lenders, brokers, or other third parties will cease contacting you or using your information. Please be sure to reach out to all lenders, brokers, and/or other third parties to ensure they cease contacting you.

Certain federal and state regulations require that we maintain a record of your information for certain periods of time. Due to these regulations, we may be unable to completely delete your information from our database until the time requirements of these regulations have expired.

8. California Privacy Notice

In addition to the rights provided for above, the information contained in this section applies solely to those individuals who reside in the State of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (together, the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this Policy.

Effective January 1, 2020, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this California Privacy Notice.

8.1 Personal information we collect.

Lendio may collect, or has collected, the following categories of personal information from California residents within the last twelve (12) months:

CATEGORY	EXAMPLES
Identifiers	First and last name; email address; phone number; home address; social security number, driver’s license, passport, or other government issued identity document; password and account credentials; Employer Identification Number (or comparable number issued by a government); and other contact and personal identification information
Personal information categories listed in the California Civ Code § 1798.80(e)	First and last name; phone number; home address; signature; social security number, driver’s license, passport, or other government issued identity document; payment card information; bank account information
Internet or other electronic activity information	Cookie identifiers; pixel tags; embedded scripts; tags; IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Websites and Apps you are visiting; geolocation data, browsing history, time spent on the Platform, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Platform including individual Websites and Apps
Characteristics of protected classifications under California or federal law	Date of birth; demographic information (e.g., nationality, gender)
Commercial information	Payment histories; account balances and activity; products and services that you have purchased, obtained, or considered; utility bills; profit and loss statements; income statements; credit score and other credit report information; information about transactions you make on the Services; and/or other purchasing or consumer histories, tendencies, and preferences
Geolocation data	Global Positioning System (“GPS”) data based on your IP address
Audio, electronic, or visual information	Photographs; recordings of calls to or from our customer service centers
Professional or employment-related information	Office location, job title, and/or description of role
Inferences about you	Inferences based on information about an individual to create a profile about a consumer reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Please note that because of the overlapping nature of certain of the categories of personal information identified above, which are required by state law, some of the personal information we collect may be reasonably classified under multiple categories.

Sensitive personal information. Certain of the personal information that we collect, as described above, may constitute “sensitive personal information” under California law, including:

• Social security, driver’s license, state identification card, and/or passport number
• Account log-in combined with any required security or access codes, passwords, or other credentials allowing access to an account
• Precise geolocation
• Racial and/or ethnic origin
• Personal information concerning sex life or sexual orientation

The specific types of personal information we collect are further detailed in Section 1 of this Privacy Policy. Personal information does not include information excluded from the CCPA’s scope.

Lendio will not retain any information we collect form you for longer than is reasonably necessary for the disclosed purpose of using such information. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

8.2 Uses of personal information

Lendio may collect, use, or disclose personal information about California residents for purposes listed in Section 3 of this Privacy Policy.

The sensitive personal information that we collect as described in Section 10.1 above may be used for any of these purposes.

8.3 Sources of personal information

Lendio may collect personal information about California residents from the categories of sources listed in Sections 1.3 and 2 of this Privacy Policy.

8.4 Disclosure of personal information

We may disclose your personal information to the categories of service providers and third parties identified in Section 4 of this Privacy Policy, and in ways that are described in that section.

This includes disclosure of your personal information to service providers for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not to use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed each categories of personal information listed in Section 8(a), including the listed sensitive personal information, for a business purpose.

In addition, Lendio “sells”/”shares” certain personal information, as those terms are defined by the CCPA, for purposes of cross-contextual behavioral advertising, as that term is defined by the CCPA. Specifically, as with many online companies, Lendio partners with third parties advertising platforms and similar providers to manage our marketing of Lendio on other platforms, where such advertising is based on your past visits to our Sites and Services. These third party partners may use technologies, such as cookies and pixels, to gather information about your activities on the Sites and Services to deliver such advertising to you when you visit their platforms. Please also review our disclosures in Sections 1.2, 2, and 5 of our Privacy Policy for more information about this activity.

The CCPA requires us to identify the categories of personal information that we have “sold”/“shared” under the CCPA in the preceding twelve (12) months. In the last twelve (12) months, we have “sold”/”shared” the following categories of personal information to advertising partners for cross-context behavioral advertising purposes:

• Identifiers
• Internet or other electronic network activity information
• Personal information categories listed in the California Civ Code § 1798.80(e)
• Internet or other electronic activity information

8.5 Your California privacy rights

The CCPA provides California residents with specific privacy rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

If you are a California resident, you have the right to make the following requests under applicable California law in relation to your personal information, subject to certain exceptions:

• Right to Know. You have the right to, up to twice in a 12-month period, request what personal information we collect, use, disclose, and/or sell, and to whom, as applicable. You may request either a report disclosing the general categories of the personal information we collect, or a report disclosing the specific pieces of personal information we collect.
• Right to Delete. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
• Right to Opt-Out of Sale or Sharing. You have the right to opt-out of the “sale”/“sharing” of your personal information, as those terms are defined under California law.
• Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide our products and services to you, or for certain other authorized purposes. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
• Right to Correct. You have the right to request the correction of your inaccurate personal information.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

How to submit a request.

You can exercise your rights by contacting us at [email protected], by contacting customer service at (855) 853-6346, or by filling out this online form so that we may consider your request.

Any request you submit to us is subject to an identification and residency verification process as permitted by the CCPA. We will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the consumer about whom we collected the personal information on. In order to verify you, you must provide us with first name, last name, and email address.

Requests by authorized agents. If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. We will respond to your authorized agent’s request if they submit proof that they are authorized to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity

Household data. We currently do not collect household data. If we receive a request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 18, as we do not collect personal information from any person under the age of 18.

Responses. We will respond to your request within forty-five (45) days after receipt of a Verifiable Consumer Request for a period covering twelve (12) months and for no more than twice in a twelve-month period. Lendio reserves the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days.

These rights are subject to various exclusions and exceptions under California law and other applicable laws. In addition, if we are unable to verify your identity to a degree of certainty as required by the CCPA through any reasonable method, we will state that we are unable to verify in a written response to you along with a reason as to why there is no reasonable method by which we can verify your identity.

Direct marketing by third parties. Lendio does not disclose personal information to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email [email protected].

We will continue to update our business practices as direct regulatory guidance becomes available.

8.6 Notice of Right to Opt-Out

As detailed in Section 10.4 above, Lendio “sells”/“shares” personal information with third parties for purposes of cross-context behavioral advertising, as those terms are defined by the CCPA.

If you wish to opt-out of the “sale”/“sharing” of the limited personal information that is gathered when you visit our Sites and Services for purposes of cross-context behavioral advertising, by fill out this online form.

9. Special Notice to Vermont Residents

Vermont residents have access to additional limits on the sharing of their personal information subject to certain exceptions.

Vermont law places additional limits on sharing information about Vermont residents so long as they remain residents of Vermont. In accordance with Vermont law, we will not share information we collect about Vermont residents to companies outside of Lendio except: (1) As permitted by law; (2) To companies that perform marketing or other services on our behalf; (3) Name, contact and transaction and experience information to other financial institutions with which we have joint marketing agreements; or (4) With the authorization or consent of the Vermont resident. We also will not share non-transactional information about Vermont residents received from others within the Lendio family of companies except with the authorization or consent of the Vermont resident.

10. Notification of Privacy Policy Changes

We reserve the right to update this Privacy Policy and will notify you if we do so; however, we encourage you to regularly review this policy for the latest information.

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Site. We encourage you to periodically review this page for the latest information on our privacy policy. When we make changes to this Privacy Policy we will revise the revision date at the top of the Privacy Policy.

11. Protecting Children’s Privacy

These Sites are general audience websites and we do not knowingly collect personal, or other, information from children under the age of 18. If you are under the age of 18, please do not use our site. If we suspect that information provided to us is, in fact, personal information of an individual younger than 18 years of age, such information will be deleted, aggregated, or anonymized as soon as possible. Please notify us if you know of any individuals under the age of 18 using our services so we can take action to prevent access to our services.

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise one of your privacy rights, please contact us using the following information:

4100 Chapel Ridge Road, Suite 500
Lehi, Utah 84043
Telephone: (855) 853-6346
Email: [email protected]