Privacy Policy

1) Who we are

Fynancr, Inc. ("Fynancr," "we," "us," "our") provides software that helps lenders and servicers identify and support at-risk borrowers. We are incorporated in Delaware, USA. Contact: compliance@fynancr.com.

2) Scope

This Privacy Policy explains how we handle personal information for:

• Visitors to our websites and apps (e.g., fynancr.com);
• Borrowers who interact with features we power on behalf of a lender/servicer;
• Representatives of lenders, partners, and vendors.

If your lender provides Fynancr-powered services, your lender remains the "controller"/"financial institution" and Fynancr acts as a processor/service provider. In those cases, your lender's privacy notice governs and we process your data under their instructions.

3) Key laws we consider

We design our program to align with GLBA (nonpublic personal information for financial products), CCPA/CPRA (California) and other U.S. state privacy laws, GDPR/UK GDPR (where applicable), FCRA (if consumer reports are used), and TCPA for consented communications.

4) Information we collect

A. Categories (examples)

• Identifiers: name, email, phone, address, device IDs, IP address.
• Account/usage info: login data, role, activity logs, support interactions.
• Financial relationship data (GLBA NPI when supplied by lender): account status, repayment plans, balances, delinquency flags-as provided by your lender.
• Device/technical data: browser type, OS, referring URLs, pages viewed, cookie IDs, approximate location.
• Communication preferences/consents: email/SMS opt-in, audit trails.
• Sensitive data (only if necessary and instructed by lender): e.g., identity verification tokens, last 4 of SSN, or bank tokens. We do not directly store full SSNs or full payment card numbers.

B. Sources

• Directly from you (forms, email, chat, calls);
• Your lender/servicer (under contract);
• Service providers (fraud/abuse prevention, analytics, comms);
• Public/enterprise sources (e.g., business contact data).

5) How we use information

• Provide and improve the Fynancr platform and services;
• Authenticate users; secure accounts; prevent fraud and abuse;
• Operate borrower support features (e.g., hardship or payment-plan workflows) as instructed by lenders;
• Communicate service notices and product updates (with consent where required);
• Compliance, auditing, legal defense, and risk management;
• Aggregated/ de-identified analytics and benchmarking.

Automated decisioning: If we provide risk scores or flags, they are tools for the lender, not final credit decisions by Fynancr. We support human-in-the-loop review where decisions may have legal or significant effects.

6) Legal bases (GDPR/UK GDPR, if applicable)

• Contract performance;
• Legitimate interests (security, service analytics, fraud prevention);
• Legal obligations;
• Consent (e.g., marketing, certain cookies, SMS).

7) Disclosures of information

We disclose personal information to:

• Service providers/processors (hosting, security, analytics, comms, customer support);
• Your lender/servicer (when we act as their processor);
• Professional advisors (legal, accounting);
• Authorities when required by law or to protect rights, safety, or property;
• Business transfers (M&A, financing, restructuring).

We do not sell personal information as "sale" is defined under the CPRA, nor do we knowingly "share" it for cross-context behavioral advertising. If this changes, we'll update this policy and provide opt-out mechanisms.

8) Retention

We retain data for the minimum period necessary for the purposes above or as required by our contracts with lenders and by law. We may keep logs/archives for security, audit, and fraud prevention for a longer period where permitted.

9) Security

We apply administrative, technical, and physical safeguards, including encryption in transit, access controls, least-privilege, logging/monitoring, and vendor risk management. No system is perfectly secure; report concerns to security@fynancr.com (or compliance@fynancr.com).

10) Your rights

Depending on your location and role, you may request:

• Access/Portability (copy of your data);
• Correction (inaccuracies);
• Deletion;
• Restriction/Objection (GDPR);
• Opt-out of certain processing (e.g., marketing);
• Appeal a denied request (where required by state law).

How to exercise: Email privacy requests to compliance@fynancr.com and specify your relationship (borrower/ lender staff/ visitor). If we process your data on behalf of a lender, we will route your request to that lender.

Global Privacy Control (GPC): We honor GPC signals for applicable jurisdictions where we use cookies for targeting.

11) Children

Our services are not for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect such data.

12) International transfers

Data may be processed in the U.S. and other countries. For EEA/UK transfers we rely on SCCs and additional safeguards where required.

13) Third-party links

Our sites may link to third-party services; their privacy practices are their own.

14) Changes to this policy

We'll post updates here and revise the "Last updated" date. Material changes may be notified by email/banner.

15) Contact

• Privacy & compliance: compliance@fynancr.com
• Support: support@fynancr.com
• Investor Relations: investors@fynancr.com