Privacy Policy

This Policy describes how we treat personal information — information that identifies, relates to, or can reasonably be linked to a particular individual or household — and certain business information (e.g. EIN, bank account details, revenue) about the merchants and partners we work with. It does not apply to information collected by third parties through their own services, even when linked from ours (see Section 17).

We collect information directly from you and from your devices, from our service providers and partners, from publicly available sources (such as Secretary of State filings and court records), and from the third parties identified above.

We use the information we collect to:

• Evaluate and process applications for commercial financing.
• Verify identity and ownership; perform KYC/KYB and anti-fraud checks.
• Underwrite, price, and service Revenue Purchase Agreements.
• Initiate ACH debits and credits to/from designated bank accounts.
• Communicate with you about applications, offers, agreements, payments, renewals, and account activity.
• Operate, secure, and improve the Services and develop new features.
• Track ISO/broker referrals and pay commissions.
• Comply with legal, regulatory, accounting, audit, and reporting obligations.
• Enforce our Terms and other agreements, and prevent fraud, abuse, and unlawful activity.
• With your consent (or where otherwise permitted by law), send marketing communications about our products and partner offerings.

We share personal and business information only as described below. We do not sell personal information for money.

• Service providers: hosting (Vercel, AWS), database (Neon Postgres), bank-data (Plaid), e-signature (DocuSign / similar), credit bureaus, payment / ACH processors, identity verification, statement OCR, communications (email, SMS), customer support tooling, and analytics.
• Funding partners and syndication parties: when a transaction is funded or co-funded with another capital provider, we share information necessary for them to evaluate, fund, and service the receivable.
• ISO/broker that referred you: approval status, approved amount, factor, term, funded date, outstanding balance, and commission information.
• Industry consortia: existing-advance, default, and fraud-flag information shared with services like DataMerch and MCA Track.
• Affiliates: entities under common control with Quickie for the purposes described in this Policy.
• Legal & safety: regulators, law enforcement, and others where required by subpoena, court order, or applicable law, or to protect the rights, safety, or property of Quickie, our customers, or the public.
• Corporate transactions: in connection with a merger, acquisition, financing, sale of assets, reorganization, or bankruptcy.
• With your consent: for any purpose disclosed at the time of collection.

Because Quickie provides financial products to businesses, much of the information we collect is governed by the federal Gramm-Leach-Bliley Act (“GLBA”) and applicable implementing regulations. Consistent with the GLBA, we collect non-public personal information only as permitted by law, restrict access to that information to employees and service providers who need it to deliver our Services, and maintain physical, electronic, and procedural safeguards designed to protect it.

You can request our standalone GLBA Privacy Notice in printable form at privacy@quickiebusiness.com.

We use first- and third-party cookies and similar technologies to remember your preferences, keep you signed in, measure how the Services are used, secure the Services against fraud, and (where enabled) deliver relevant marketing on other sites. You can control cookies through your browser settings; some Services may not work properly if you disable strictly-necessary cookies. Where required, we honor Global Privacy Control (GPC) signals as a valid request to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising.

We send transactional messages (about your application, agreement, payments, and account) by email and SMS as part of the Services; these are not marketing and you cannot opt out without closing your account. We send marketing messages only to recipients who have consented. You can opt out of marketing email by clicking “unsubscribe” in any marketing email, and out of marketing SMS by replying STOP to any SMS we send. Standard message and data rates may apply. See our full SMS Consent.

When you link a bank account through Plaid, you authorize Plaid to access account information from your financial institution on your behalf and to share it with Quickie. Plaid's collection and use of information is governed by the Plaid End User Privacy Policy. You can revoke Plaid's access at any time via my.plaid.com; revoking Plaid access does not by itself terminate your Revenue Purchase Agreement or your obligation to remit purchased receivables.

• Account information: log into the merchant portal to view and update most of the information we have about your business and account.
• Marketing: use the unsubscribe link in marketing email or reply STOP to marketing SMS.
• Cookies: use your browser's cookie controls or send a Global Privacy Control signal.
• Bank linking: revoke Plaid access at my.plaid.com.
• Access, correction, deletion, portability: contact us as described in Section 19; we'll respond consistent with applicable law.

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights, subject to verification and certain exceptions:

• Right to know: the categories and specific pieces of personal information we have collected about you, the sources, purposes, and the categories of recipients with whom we have shared it, in the prior 12 months.
• Right to correct: inaccurate personal information.
• Right to delete: personal information we collected from you, subject to legal exceptions (including ongoing financing and fraud prevention).
• Right to opt out of sale or sharing: for cross-context behavioral advertising. We do not sell personal information for money. Where “sharing” for behavioral advertising occurs, you can opt out via the cookie banner or by sending a GPC signal.
• Right to limit use of sensitive personal information.
• Right to non-discrimination: we will not discriminate against you for exercising any privacy right.
• Right to designate an authorized agent to make a request on your behalf.

To exercise these rights, email privacy@quickiebusiness.com with the subject line “California Privacy Request.” We will verify your identity before responding.

Residents of certain other U.S. states (including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Tennessee, Iowa, Indiana, Florida, New Jersey, and Delaware) may have similar rights under their respective state privacy laws — including rights to access, correct, delete, port, and opt out of certain processing. To exercise these rights, contact privacy@quickiebusiness.com.

We keep personal and business information only as long as needed for the purposes described in this Policy, and for any period required by law, regulation, or our document-retention policies — including tax, accounting, anti-money-laundering, dispute, and litigation holds. Information related to a Revenue Purchase Agreement is typically retained for the life of the receivable plus an additional period of seven (7) years.

We maintain administrative, technical, and physical safeguards designed to protect personal and business information, including encryption in transit (TLS) and at rest, role-based access controls, audit logging, vulnerability monitoring, vendor security reviews, incident response procedures, and employee training. No system is perfectly secure; please keep the phone number and email on your account current, never share one-time codes, and notify us immediately at security@quickiebusiness.com of any suspected unauthorized access.

The Services are intended for adults conducting commercial activity. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that is the relevant threshold). If you believe a child has provided personal information, please contact us at privacy@quickiebusiness.com and we will delete it.

The Services are operated from the United States. If you access the Services from outside the United States, you consent to the transfer of your information to, and processing in, the United States, where data protection laws may differ from those in your jurisdiction.

The Services may contain links to third-party sites and services we do not control. This Policy does not apply to those third parties. We encourage you to review their privacy policies before sharing information with them.

We may update this Policy from time to time. We will revise the “Last updated” date and, for material changes, provide additional notice (such as an email or in-portal banner). Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

For privacy questions, requests, or complaints, contact:

Quickie Business Services LLC — Privacy Office
Email: privacy@quickiebusiness.com
Security: security@quickiebusiness.com