Privacy Policy

1. Information We Collect

1.1 Personal Information

When you create an account or use our services, we collect:

• Identity Information: Full name, date of birth, email address, phone number, physical address
• Identification Documents: Government-issued ID, Social Security Number (or tax ID), proof of address
• Profile Information: Profile photo, bio, borrowing or lending preferences
• Business Information (for business lenders): Business name, type, registration documents, EIN, business address, authorized representatives

1.2 Financial Information

To facilitate lending and payments, we collect:

• Banking Information: Bank account details, routing numbers (collected securely through Plaid)
• Payment Methods: PayPal, Venmo, Cash App, Zelle account information for manual payments
• Transaction Data: Loan amounts, repayment history, payment dates and amounts, interest rates
• Credit Information: Credit history, income verification, employment status (when provided)
• Capital Management (for lenders): Capital pool amounts, reserved capital, lending preferences

1.3 Platform Activity Data

We track your activity on Feyza to improve services and prevent fraud:

• Loan Activity: Loan requests, applications, approvals, cancellations, repayment schedules
• Trust Score Data: Payment history, on-time payments, defaults, loan completions, trust score events
• Borrowing Tier: Current tier, tier progression, loans completed at each tier
• Matching Data: Auto-match settings, loan preferences, match notifications sent/received
• Vouching Activity: Vouches given, vouches received, vouch outcomes
• Social Connections: Trust network, friend connections within platform

1.4 Technical Information

We automatically collect technical data:

• Device Information: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, features used, time spent, click patterns, session duration
• Location Data: General location based on IP address (for fraud prevention)
• Communication Data: Messages between borrowers and lenders, support tickets, feedback

1.5 Information from Third Parties

We may receive information about you from:

• Identity Verification Services: To verify your identity and prevent fraud
• Credit Bureaus: To assess creditworthiness (with your consent)
• Payment Processors: Plaid (bank verification), Dwolla (payment processing), PayPal, Venmo, etc.
• Social Media: If you connect your social accounts or share profile information
• Other Users: Vouches, reviews, or references from other platform users

2. How We Use Your Information

We use your information for the following purposes:

2.1 Platform Services

• Create and manage your account
• Process loan requests and applications
• Match borrowers with suitable lenders using our auto-matching algorithm
• Facilitate loan agreements and payment schedules
• Process payments and transfers (via Dwolla, Plaid, or manual payment methods)
• Calculate and update trust scores based on payment history
• Manage borrowing tier progression and lending limits
• Process vouches and maintain trust networks
• Manage capital pools for business lenders

2.2 Security and Fraud Prevention

• Verify your identity and prevent impersonation
• Detect and prevent fraudulent activities
• Monitor for suspicious transactions or behavior
• Investigate and resolve disputes
• Enforce our Terms of Service and prevent violations

2.3 Communication

• Send transactional notifications (payment due dates, loan status updates)
• Notify you of new loan matches when auto-matching is enabled
• Send trust score updates and tier progression notifications
• Provide customer support and respond to inquiries
• Send important platform updates and security alerts
• Send marketing communications (with your consent; you can opt-out)

2.4 Platform Improvement

• Analyze usage patterns to improve user experience
• Develop new features and services
• Improve auto-matching algorithms and success rates
• Optimize trust score calculations
• Generate aggregate analytics and statistics
• Conduct research and analysis on lending trends

2.5 Legal and Regulatory Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to government requests and law enforcement
• Maintain records for audit and compliance purposes
• Prevent money laundering and terrorist financing
• Report suspicious activities as required by law

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 With Other Users

With Lenders: When you apply for a loan, lenders can see:

• Your name and profile information
• Your trust score and borrowing tier
• Loan purpose and amount requested
• General location (country/state, not exact address)
• Payment history summary (not detailed transaction data)
• Vouches you've received from other users

With Borrowers: When you lend money, borrowers can see:

• Your name or business name
• Lending terms and preferences
• Payment methods you accept (PayPal, Venmo, Zelle, etc.)
• Your lender profile and history (for transparency)

3.2 With Service Providers

We work with trusted third-party service providers:

• Plaid: For secure bank account verification
• Dwolla: For automated payment processing (ACH transfers)
• Payment Platforms: PayPal, Venmo, Cash App, Zelle for manual payments
• Identity Verification: Services to verify your identity and prevent fraud
• Cloud Hosting: Supabase, AWS, or similar providers for data storage
• Email Services: For transactional and marketing communications
• Analytics: To understand platform usage (anonymized data only)
• Customer Support: Tools to manage support tickets and communications

All service providers are contractually obligated to protect your data and use it only for specified purposes.

3.3 For Legal Reasons

We may disclose your information when required by law or when necessary to:

• Comply with legal obligations, court orders, or government requests
• Investigate potential violations of our Terms of Service
• Protect the rights, property, or safety of Feyza, our users, or the public
• Prevent fraud, security breaches, or other illegal activities
• Respond to claims of illegal content or policy violations

3.4 Business Transfers

If Feyza is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the new entity. We will notify you of any such change and the choices you have regarding your data.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement comprehensive security measures to protect your data:

4.1 Technical Safeguards

• Encryption: 256-bit SSL/TLS encryption for all data transmitted between your device and our servers
• Data Encryption at Rest: Sensitive data (bank accounts, payment methods, SSNs) encrypted in our database
• Secure Hosting: Data stored on secure, SOC 2 compliant cloud infrastructure
• Firewall Protection: Network security to prevent unauthorized access
• Regular Security Audits: Independent security assessments and penetration testing
• Vulnerability Monitoring: Continuous monitoring for security threats

4.2 Access Controls

• Limited Access: Only authorized personnel can access user data, on a need-to-know basis
• Multi-Factor Authentication: Required for all employee accounts
• Activity Logging: All data access is logged and monitored
• Background Checks: Employees with data access undergo background checks

4.3 Account Security

• Strong Passwords: Password requirements enforce security best practices
• Optional 2FA: Two-factor authentication available for added security
• Session Management: Automatic logout after inactivity
• Suspicious Activity Alerts: Notifications for unusual account activity

4.4 Payment Security

• PCI Compliance: Payment processing follows PCI-DSS standards
• Tokenization: Bank account details tokenized and never stored in plain text
• Secure APIs: Integration with payment providers using encrypted, authenticated connections

5. Your Privacy Rights

You have the following rights regarding your personal data:

5.1 Access and Portability

• Request a copy of all personal data we hold about you
• Export your data in a portable, machine-readable format (CSV, JSON)
• View your account data, loan history, and trust score details through your dashboard

5.2 Correction and Update

• Update your profile information, contact details, and preferences at any time
• Request correction of inaccurate or incomplete data
• Update payment methods and banking information

5.3 Deletion

• Request deletion of your account and associated data
• Delete specific data points (e.g., remove old addresses)

Note: We may retain certain information as required by law (tax records, loan agreements) or for legitimate business purposes (fraud prevention, dispute resolution). Financial transaction records are typically retained for 7 years for tax and regulatory compliance.

5.4 Object and Restrict

• Object to processing of your data for marketing purposes
• Opt-out of non-essential communications
• Restrict processing for specific purposes (subject to legal obligations)
• Disable auto-matching features at any time

5.5 Marketing Communications

• Opt-out of marketing emails via unsubscribe link in each email
• Manage notification preferences in your account settings
• You will still receive essential service notifications (payment reminders, security alerts)

To exercise your rights, contact us at privacy@feyza.app or through your account settings.

6. Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience:

6.1 Types of Cookies We Use

• Essential Cookies: Required for login, security, and core platform functionality (cannot be disabled)
• Functional Cookies: Remember your preferences, language settings, and customizations
• Analytics Cookies: Help us understand how you use Feyza to improve the platform (anonymized data)
• Security Cookies: Detect fraudulent activity and protect your account

6.2 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to block or delete cookies)
• Our cookie preference center (available in account settings)
• Opting out of analytics cookies (essential cookies will remain active)

Note: Disabling certain cookies may limit platform functionality.

7. Data Retention

We retain your data for different periods based on data type and legal requirements:

• Active Account Data: Retained while your account is active
• Loan Records: Retained for 7 years after loan completion (tax and regulatory requirements)
• Payment Transactions: Retained for 7 years (financial regulations)
• Trust Score History: Retained for 3 years after account closure (for reference purposes)
• Support Communications: Retained for 2 years (customer service improvement)
• Marketing Data: Deleted upon opt-out or account deletion
• Security Logs: Retained for 1 year (fraud prevention and security)

After the retention period, data is securely deleted or anonymized. Some aggregate, anonymized data may be retained indefinitely for analytics and research.

8. International Data Transfers

Feyza is based in the United States. If you access our platform from outside the US, your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers:

• Standard contractual clauses approved by regulatory authorities
• Compliance with applicable data protection laws (GDPR, CCPA, etc.)
• Service providers certified under recognized privacy frameworks

9. Children's Privacy

Feyza is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are under 18, do not use Feyza or provide any personal information.

If we discover that we have collected information from a child under 18, we will delete that information immediately. If you believe we may have information from or about a child, please contact us at privacy@feyza.app.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email or prominent notice on the platform
• For material changes, we may require you to review and accept the updated policy

Continued use of Feyza after changes indicates your acceptance of the updated policy. We encourage you to review this policy periodically.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: