1. Information We Collect

We collect information that you provide directly to us, including:

Personal Information

• Name, email address, phone number, business name, and business address
• Payment and billing information
• Government-issued identification documents
• Social security number or tax identification number

Business Information

• Financial statements, business plans, and tax returns
• Bank statements and revenue data
• Business credit reports and financial history
• Documentation required for funding assessment and compliance

Communication Data

• Records of correspondence with us, including emails, phone calls, and messages
• Feedback, survey responses, and support requests

Technical Information

• IP address, browser type, and operating system
• Referring URLs and pages viewed on our website
• Device information and unique identifiers
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

• Process and evaluate your funding applications and requests
• Communicate with you about your application, our services, and updates
• Verify your identity and prevent fraud, money laundering, and other illegal activities
• Comply with legal obligations, regulatory requirements, and industry standards
• Improve our services, website functionality, and user experience
• Send you updates, newsletters, and marketing communications (with your consent)
• Analyze usage patterns, conduct research, and optimize our platform
• Protect the security and integrity of our systems and services
• Enforce our terms of service and other agreements

3. Information Sharing and Disclosure

We may share your information with:

Service Providers

Third-party companies that perform services on our behalf, including:

• Payment processors and financial service providers
• Data analytics and business intelligence providers
• Cloud storage and hosting services
• Customer relationship management (CRM) systems
• Marketing and communication platforms
• Identity verification and fraud prevention services

Financial Partners

Banks, lenders, investors, and financial institutions involved in the funding process. This includes underwriters, credit bureaus, and other entities necessary to evaluate and complete funding transactions.

Legal Authorities

Government agencies, regulators, law enforcement, and courts when required by law or to:

• Comply with legal processes, subpoenas, or court orders
• Protect our rights, property, safety, or that of our users
• Investigate and prevent fraud or security issues
• Enforce our terms of service and policies

Business Transfers

In connection with any merger, acquisition, sale of assets, financing, or other business transaction, we may transfer your information to the relevant parties. You will be notified of any such change in ownership or control.

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Important: We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• End-to-end encryption of data in transit using TLS 1.3 and SSL protocols
• AES-256 encryption of data at rest on secure servers
• Secure servers with restricted access controls and authentication
• Regular security audits, penetration testing, and vulnerability assessments
• Employee training on data protection, confidentiality, and security best practices
• Multi-factor authentication (MFA) for internal systems and sensitive operations
• Intrusion detection and prevention systems (IDS/IPS)
• Regular backup and disaster recovery procedures
• Network segmentation and firewall protection
• Logging and monitoring of access to sensitive data

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: Information is retained while your account is active and you are using our services
• Financial Records: Financial and business documentation may be retained for up to 7 years to comply with tax laws, accounting standards, and regulatory requirements
• Legal Obligations: Certain information may be retained longer if required for legal, regulatory, or contractual purposes
• Deleted Accounts: After account deletion, we may retain certain information in anonymized form for analytics and improvement purposes

6. Your Rights and Choices

Depending on your location and applicable laws (including GDPR, CCPA, and other privacy regulations), you may have the following rights:

Access Rights

• Request access to the personal information we hold about you
• Obtain a copy of your data in a portable format
• Inquire about how we use and share your information

Correction Rights

• Request correction of inaccurate or incomplete information
• Update your account information and preferences

Deletion Rights

• Request deletion of your personal information, subject to legal obligations
• Close your account and remove associated data

Portability Rights

• Request a copy of your data in a structured, machine-readable format
• Transfer your data to another service provider where technically feasible

Objection and Restriction Rights

• Object to processing of your personal information for certain purposes
• Request restriction of processing in specific circumstances
• Opt-out of automated decision-making and profiling

Marketing Opt-Out

• Unsubscribe from marketing communications at any time via email links
• Update communication preferences in your account settings

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and improve your experience.

Types of Cookies We Use:

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity for targeted advertising (with consent)

You can control cookie preferences through your browser settings. Note that disabling certain cookies may limit functionality and features of our website.

8. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review the privacy policies of any third-party sites you visit. These third parties may have their own privacy policies and terms of service that govern how they collect and use your information.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

If we become aware that we have collected information from a child without parental consent, we will take immediate steps to delete that information from our systems. If you believe we have collected information from a minor, please contact us immediately.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate.

These countries may have different data protection laws than your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions recognizing equivalent data protection standards
• Privacy Shield frameworks where applicable
• Binding corporate rules for intra-organization transfers

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and share
• Right to delete personal information we have collected from you
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at pitch@lofig.io with "CCPA Request" in the subject line.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority
• Right to object to processing based on legitimate interests
• Right to data portability in machine-readable format

Our legal basis for processing includes consent, contractual necessity, legal obligations, and legitimate interests.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification to your registered email address
• Displaying a prominent notice on our website

Your continued use of our services after such changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

15. Regulatory Compliance

We comply with applicable data protection laws and regulations, including but not limited to:

• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
• LGPD (Lei Geral de Proteção de Dados) - Brazil
• PDPA (Personal Data Protection Act) - Singapore
• Banking Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations
• Know Your Customer (KYC) requirements
• SOC 2 Type II compliance standards

We are committed to transparency, accountability, and maintaining the highest standards in our data handling practices.

16. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Inform relevant regulatory authorities as required by law
• Provide details about the nature of the breach and steps being taken
• Offer guidance on protective measures you can take
• Implement remediation measures to prevent future breaches