This Privacy Policy (“Policy”) explains how CreditPullEngine, LLC (collectively, “we”, “our”, or “us”), and trusted third parties, collect, use, disclose, and protect your personal information when you use our websites and other online services (collectively the “Services”), as well as your rights and choices related to your personal information. Please review this Policy carefully to understand our practices.

Introduction and Scope

Thank you for choosing to be part of our community at CreditPullEngine, LLC. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this Privacy Policy, or our practices with regards to your personal information, please contact us using the contact information provided at the end of this Policy.

When you visit our websites and use any of our Services, we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this Privacy Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it.

IF YOU DO NOT CONSENT AND AGREE WITH THE TERMS OF THIS PRIVACY POLICY, YOU CANNOT, AND WE DO NOT AUTHORIZE YOU TO, ACCESS, BROWSE, OR USE OUR SERVICES.

This Privacy Policy applies to all information collected through our Services, including when you:

• Visit our websites
• Contact us directly to become a customer or to obtain more information
• Use our Services as a customer
• Interact with us through sales and marketing events
• Communicate with us through customer service requests

Our Commitment to Compliance

Our processing of personal information complies with applicable privacy laws, including but not limited to:

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act
• Colorado Privacy Act
• Utah Consumer Privacy Act
• Connecticut Data Privacy Act
• Texas Data Privacy and Security Act
• Oregon Consumer Privacy Act
• Montana Consumer Data Privacy Act
• Other applicable state privacy laws
• General Data Protection Regulation (GDPR) for EU residents
• UK General Data Protection Regulation
• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

Important Notices

Credit Reporting Activities: This Privacy Policy does not apply to the way we process consumer credit information in our role as a vendor to our customers. If you are an end user of one of our customers (e.g., businesses that use our credit report services), please contact the customer directly for information regarding how they use the personal information gathered from our Services.

Credit Report Questions: If you have questions or concerns about information on your credit report, please contact the three major credit bureaus: Equifax, Experian, and TransUnion.

Third-Party Marketing: When you visit or log in to our websites, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

Table of Contents

1. Whose Personal Information Do We Collect?
2. What Types of Personal Information Do We Collect?
3. How Do We Collect Personal Information?
4. How Do We Use Personal Information?
5. How Do We Share Personal Information?
6. Cookies and Tracking Technologies
7. Artificial Intelligence and Automated Decision-Making
8. Data Security
9. Data Retention
10. International Data Transfers
11. Your Privacy Rights
12. California Privacy Rights
13. Children’s Privacy
14. Changes to This Privacy Policy
15. Contact Us

1. Whose Personal Information Do We Collect?

We collect information from various categories of individuals:

Website Visitors: Individuals who visit our websites or contact us directly for information.

Customers: Businesses and individuals who engage us for services, including demos, paid services, training, support, or customization of our Services.

End Users: Individuals whose information we collect and process on behalf of our customers.

Service Providers: Third-party vendors and contractors who provide services to us.

Business Contacts: Employees, representatives, and contacts at partner organizations, vendors, and other businesses we interact with.

The use of “you” and “your” throughout this Privacy Policy will, depending on the context, refer to any of these categories of individuals.

2. What Types of Personal Information Do We Collect?

Information You Provide Directly

Contact Information:

• Name, title, company name
• Physical address
• Email address
• Telephone number

Account Information:

• Username and password
• Account preferences and settings
• Communication preferences

Financial Information:

• Bank account information
• Credit card or other payment information
• Billing address
• Transaction history

Professional Information:

• Resume or CV
• Employment history
• Educational background
• Professional qualifications

Communications:

• Content of messages you send us
• Customer service inquiries
• Feedback and survey responses

Information About End Users We Collect from Credit Bureaus

When our customers engage our services, we may collect consumer credit information from credit bureaus on behalf of the customer. These credit reports are subject to the Fair Credit Reporting Act (FCRA) and include:

• Contact information (name, address, phone number)
• Commercial information (purchasing histories, payment records)
• Professional or employment information
• Credit account information
• Payment histories
• Public records
• Inferences about creditworthiness and financial behavior

Information We Collect Automatically

Technical Data:

• Internet Protocol (IP) address
• Browser type and version
• Device type and identifiers
• Operating system
• Time zone settings

Usage Data:

• Pages visited on our websites
• Time and date of visits
• Time spent on pages
• Click patterns and navigation paths
• Referring website addresses
• Search queries within our Services

Location Data:

• General location based on IP address
• GPS location (only with your explicit permission)

Diagnostic Data:

• Error reports and logs
• Performance data
• Feature usage statistics
• Session information

Information from Third-Party Sources

We may receive information about you from:

• Credit bureaus and financial institutions
• Data aggregators and marketing partners
• Public databases and records
• Social media platforms
• Business partners and affiliates
• Identity verification services

We only accept personal information from third parties who represent that they obtained the data lawfully and have the right to share it with us.

3. How Do We Collect Personal Information?

Direct Interactions

We collect information when you:

• Create an account or register for our Services
• Request information or customer support
• Complete forms or surveys
• Participate in promotions or events
• Make a purchase or payment
• Communicate with us via email, phone, or chat
• Apply for employment or contractor positions
• Engage with us on social media

Automated Collection

We automatically collect information through:

• Cookies and similar tracking technologies
• Server logs
• Web beacons and pixel tags
• Analytics tools
• Session recording software

See our Cookie Policy section below for more details.

Third-Party Sources

We receive information from:

• Credit reporting agencies and financial institutions
• Identity verification services (such as Prove Identity, Inc. and Veratad Technologies, LLC)
• Marketing partners and data providers
• Public records and databases
• Social media platforms
• Our customers (when they provide information about their end users)

4. How Do We Use Personal Information?

We use your personal information for the following purposes:

Providing Our Services

• To deliver the Services you have requested or purchased
• To process credit reports and financial information on behalf of customers
• To authenticate users and maintain account security
• To process transactions and payments
• To provide customer support and respond to inquiries
• To send service-related communications and updates

Legal Basis: Performance of our contract with you or with the entity that has contracted with us.

Business Operations

• To maintain and improve our Services
• To develop new features and functionality
• To diagnose technical problems and perform troubleshooting
• To monitor usage patterns and analyze trends
• To conduct market research and analysis
• To manage our internal operations

Legal Basis: Legitimate business interests in improving our Services and operating efficiently.

Marketing and Communications

• To send you newsletters and promotional materials
• To inform you about new products, services, or features
• To conduct marketing campaigns and measure their effectiveness
• To personalize your experience with our Services
• To display targeted advertising on our websites and third-party platforms

Legal Basis: Your consent or our legitimate interest in marketing our Services (you may opt out at any time).

Security and Fraud Prevention

• To detect, prevent, and investigate fraud and unauthorized access
• To protect the security and integrity of our Services
• To enforce our terms of service and policies
• To comply with legal obligations and protect legal rights
• To prevent misuse of our Services

Legal Basis: Legal obligation and legitimate interest in maintaining security.

Legal Compliance

• To comply with applicable laws and regulations
• To respond to legal requests, subpoenas, and court orders
• To cooperate with law enforcement investigations
• To protect our rights and the rights of others

Legal Basis: Legal obligation and legitimate interest in compliance.

With Your Consent

We may use your information for other purposes with your explicit consent. You have the right to withdraw consent at any time.

5. How Do We Share Personal Information?

We share your personal information in the following circumstances:

Service Providers and Vendors

We share information with third-party service providers who perform services on our behalf:

• Cloud hosting and data storage providers
• Payment processors
• Customer support platforms
• Email and communication services
• Analytics and performance monitoring tools
• Marketing and advertising partners
• Identity verification services
• IT security providers

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Business Partners

We may share information with:

• Credit bureaus and financial institutions
• Our customers (when providing Services on their behalf)
• Partners who help us deliver Services
• Affiliates and subsidiaries within our corporate group

Marketing and Advertising

With respect to cookies and similar technologies, we share information with:

• Third-party advertising networks
• Social media platforms (such as Facebook and Google)
• Marketing analytics providers

You can opt out of this sharing through our Cookie Policy controls and the link provided at https://app.retention.com/optout.

Legal Requirements

We may disclose your information when required or permitted by law:

• To comply with legal obligations, court orders, or subpoenas
• To respond to lawful requests from public authorities
• To enforce our terms and conditions
• To protect our rights, property, or safety
• To protect the rights, property, or safety of others
• To prevent fraud or illegal activity
• In connection with legal proceedings or investigations

Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information for other purposes with your explicit consent.

Important: We do not sell your personal information to third parties for monetary consideration. However, under some privacy laws (such as the CCPA), certain sharing for targeted advertising purposes may be considered a “sale” or “sharing” of personal information. You have the right to opt out of such activities.

6. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files placed on your device when you visit our websites. We use cookies and similar technologies to provide functionality, analyze usage, and deliver personalized experiences.

Types of Cookies We Use

Essential Cookies:

• Required for the Services to function properly
• Enable user authentication and security features
• Cannot be disabled without affecting functionality

Performance and Analytics Cookies:

• Collect information about how you use our Services
• Help us improve performance and user experience
• Include Google Analytics and similar tools

Functionality Cookies:

• Remember your preferences and settings
• Personalize your experience
• Enable enhanced features

Marketing and Advertising Cookies:

• Deliver targeted advertisements
• Measure advertising effectiveness
• Track conversions and campaign performance
• Include Facebook Pixel and Google Ads

Other Tracking Technologies

Web Beacons (Pixel Tags):

• Track email opens and engagement
• Monitor page visits and user behavior
• Analyze advertising effectiveness

Session Recording:

• Record mouse movements, clicks, and scrolling
• Help us understand user interactions
• Used for improving user experience and troubleshooting

Mobile Device Identifiers:

• Collect device information and usage data
• Enable personalized mobile experiences
• Track app performance and engagement

Canvas Fingerprinting:

• Collect device and browser configuration data
• Used for fraud prevention and security

Your Cookie Choices

You can control cookies through:

Browser Settings: Configure your browser to block or delete cookies. Visit your browser’s help section for instructions.

Opt-Out Tools:

• Network Advertising Initiative: http://www.networkadvertising.org/choices/
• Digital Advertising Alliance: http://www.aboutads.info/choices/
• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout

Do Not Track Signals: We currently do not respond to browser Do Not Track (DNT) signals, as there is no industry standard for compliance.

Global Privacy Control (GPC): We recognize and honor GPC signals as requests to opt out of the sale or sharing of personal information.

For more information, see our full Cookie Policy.

7. Artificial Intelligence and Automated Decision-Making

Our Use of AI

We may employ artificial intelligence (AI) technologies to enhance the performance and functionality of our Services, including:

• Personalizing your experience based on usage patterns
• Detecting and preventing fraud
• Improving service recommendations
• Analyzing trends and patterns
• Enhancing customer support

Data Collection by AI Systems

Our AI systems may collect and process:

• Usage data (pages visited, clicks, searches)
• Device and connection information
• Location data
• Behavior patterns and preferences

Automated Decisions

We may use automated decision-making for:

• Content personalization and recommendations
• Fraud detection and security measures
• Service optimization
• Customer support routing

Your Rights Regarding AI

You have the right to:

• Request an explanation of automated decisions affecting you
• Challenge decisions made solely by automated means
• Opt out of certain automated processing and profiling
• Access information about the logic and consequences of automated decisions

Safeguards

We implement safeguards including:

• Regular auditing of AI systems for accuracy and fairness
• Human oversight of automated decisions
• Transparency in AI processing
• Compliance with applicable privacy regulations

To exercise your rights or ask questions about our AI systems, please contact us at the email address provided in the Contact Us section.

8. Data Security

We take the security of your personal information seriously and implement appropriate technical, administrative, and physical safeguards to protect it against unauthorized access, disclosure, alteration, and destruction.

Security Measures

Our security measures include:

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure socket layer (SSL) technology
• Firewalls and intrusion detection systems
• Regular security testing and vulnerability assessments
• Access controls and authentication mechanisms

Administrative Safeguards:

• Employee training on data protection
• Confidentiality agreements with staff and contractors
• Limited access to personal information on a need-to-know basis
• Regular security policy reviews and updates

Physical Safeguards:

• Secure data centers with restricted access
• Environmental controls and monitoring
• Backup and disaster recovery systems

Data Breach Response

We have established procedures to detect, respond to, and report data breaches. If we experience a breach that affects your personal information, we will notify you and applicable regulators as required by law.

Limitations

Despite our best efforts, no security measures are completely impenetrable. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized access.

9. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy and to comply with legal, regulatory, tax, and accounting obligations.

Retention Periods

Account Information: Retained for the duration of your account plus a reasonable period thereafter to comply with legal obligations.

Transaction Records: Retained for the period required by tax and accounting regulations (typically 7 years).

Marketing Data: Retained until you opt out or withdraw consent, plus a reasonable period to process the request.

Customer Service Records: Retained for a reasonable period to resolve issues and improve services.

Security and Fraud Data: Retained as necessary for security purposes and fraud prevention.

Anonymized Data: We may retain anonymized data indefinitely for statistical and analytical purposes.

Disposal

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods.

10. International Data Transfers

Our Services are operated primarily from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States and potentially other countries.

Legal Basis for Transfers

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we transfer personal data based on:

• Your consent
• Performance of our contract with you
• Standard contractual clauses approved by relevant authorities
• Other lawful transfer mechanisms as applicable

The United States and other countries may not have the same data protection laws as your jurisdiction. However, we implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law.

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Right to Access

You have the right to request access to the personal information we hold about you and receive a copy of that information.

Right to Correction

You have the right to request that we correct inaccurate or incomplete personal information about you.

Right to Deletion (Right to be Forgotten)

You have the right to request deletion of your personal information in certain circumstances, such as when:

• The information is no longer necessary for the purposes it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The information was unlawfully processed

Right to Restriction

You have the right to request that we restrict processing of your personal information in certain circumstances, such as when you contest the accuracy of the information.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing of your personal information for:

• Direct marketing purposes (at any time)
• Processing based on legitimate interests
• Automated decision-making and profiling

Right to Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have violated your privacy rights.

Exercising Your Rights

To exercise any of these rights, please contact us using the information in the Contact Us section. We may need to verify your identity before processing your request.

No Fee: You generally do not need to pay a fee to exercise these rights, though we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Response Time: We will respond to all legitimate requests within one month, though it may take longer for complex requests. We will notify you if we need additional time.

12. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

Sources of Personal Information

We collect personal information from:

• Directly from you
• Your devices and browser
• Credit bureaus and financial institutions
• Identity verification services
• Our customers
• Data aggregators and marketing partners
• Public records

Purposes for Collection and Use

We use personal information for the business purposes described in Section 4 of this Privacy Policy.

Disclosure of Personal Information

We disclose personal information to the categories of third parties described in Section 5 of this Privacy Policy.

In the preceding 12 months, we have disclosed the following categories of personal information for business purposes:

• Identifiers
• Customer Records information
• Commercial information
• Internet activity
• Professional information
• Inferences

Sale and Sharing of Personal Information

Sale: We do not sell personal information for monetary consideration.

Sharing for Targeted Advertising: We may share certain information (such as identifiers and internet activity) with advertising partners for cross-context behavioral advertising purposes. Under the CCPA, this may be considered “sharing” personal information.

Sensitive Personal Information: We collect and use sensitive personal information (such as government identifiers) only for purposes permitted under the CCPA, including:

• Performing services requested by you
• Fraud prevention and security
• Legal compliance
• Short-term transactional purposes

Your California Privacy Rights

As a California consumer, you have the right to:

1. Right to Know

• What personal information we collect, use, disclose, and sell
• Categories of sources from which we collect information
• Business or commercial purposes for collection
• Categories of third parties with whom we share information

2. Right to Access

• Request a copy of specific pieces of personal information we have collected about you

3. Right to Delete

• Request deletion of your personal information, subject to certain exceptions

4. Right to Correct

• Request correction of inaccurate personal information

5. Right to Opt Out

• Opt out of the sale or sharing of your personal information
• We honor Global Privacy Control (GPC) signals as opt-out requests

6. Right to Limit Use of Sensitive Personal Information

• Request that we limit use of your sensitive personal information

7. Right to Non-Discrimination

• Exercise your privacy rights without receiving discriminatory treatment

Exercising Your California Rights

To exercise your California privacy rights:

Email: [Your Contact Email]
Phone: [Your Contact Phone]
Online Form: [Your Website Request Form]

Verification: We will verify your identity before processing requests. We may request information such as name, email, phone number, or details about your relationship with us.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

Response Time: We will respond to verified requests within 45 days, with the possibility of a 45-day extension for complex requests.

Request Limits: You may make up to two requests for information in a 12-month period.

Exceptions to Deletion

We may deny deletion requests when retaining information is necessary to:

• Complete transactions or provide requested services
• Detect and prevent fraud or security incidents
• Debug and repair functionality
• Exercise free speech or legal rights
• Comply with legal obligations
• Conduct research in the public interest
• Enable internal uses reasonably aligned with your expectations

Do Not Sell My Personal Information

California consumers can opt out of the sale or sharing of personal information by:

• Visiting our “Do Not Sell or Share My Personal Information” page
• Enabling Global Privacy Control (GPC) in your browser
• Contacting us using the information below

California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us.

13. Children’s Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child under 18 without parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the “Last Updated” date at the top of this Policy
• We will post the revised Policy on our websites
• For material changes, we may provide additional notice via email or prominent notice on our Services

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

CreditPullEngine, LLC

Email: [Your Contact Email]
Phone: [Your Contact Phone]
Address: [Your Business Address]

Data Protection Officer: [If applicable, DPO contact information]

For California Privacy Rights: Include “California Privacy Rights Request” in your communication

For General Privacy Inquiries: [Dedicated privacy email if different]

Additional Information

Fair Credit Reporting Act (FCRA) Notice

The Fair Credit Reporting Act (FCRA) governs consumer credit information. If you have questions about information on your credit report or how our customers use credit reporting services, please contact:

Equifax: 1-800-685-1111 | www.equifax.com
Experian: 1-888-397-3742 | www.experian.com
TransUnion: 1-800-916-8800 | www.transunion.com

Links to Third-Party Websites

Our Services may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

Your Feedback

We welcome your feedback on this Privacy Policy and our privacy practices. Please contact us with any suggestions or concerns.