Privacy Policy
This Privacy Policy explains how Lendmarket ("Lendmarket", "we", "us", or "our") collects, uses, discloses, and protects information when you use our websites at lendmarket.ai and the LendFlow platform at lendflow.lendmarket.ai (together, the "Services").
Lendmarket provides software to small-business lending companies ("Funders") that use the LendFlow platform to originate, underwrite, fund, and service loans to their merchant customers ("Merchants"). When a Funder uses LendFlow to process information about a Merchant, Lendmarket acts as a service provider on the Funder's behalf. The Funder is the controller of that information; Lendmarket processes it under the terms of our agreement with that Funder.
Contents
1. Information we collect
Information you provide
When you sign up for or interact with the Services, we collect information you give us directly, which may include:
- Identification information — name, email address, phone number, business name, EIN, mailing address, date of birth, and SSN (collected only where required for underwriting and stored encrypted at rest).
- Account credentials — usernames and salted, hashed passwords.
- Loan-application information — business details, ownership structure, requested amount, supporting documents, and signed agreements.
- Communications — messages, emails, support requests, and any feedback you send us.
Information from connected services
With your authorization, the LendFlow platform may obtain information from third-party services on your behalf, including:
- Bank account data through our banking-data provider (Plaid), including account balances, transactions, account and routing information, and account ownership data.
- Document signatures through our e-signature provider (DocuSign).
- Card payment information through our card payment processor (Authorize.Net), tokenized so that Lendmarket and the Funder do not store full card numbers.
Information collected automatically
When you visit our websites or use the LendFlow platform, we automatically collect certain technical information, including IP address, browser type, device identifiers, pages visited, referring URL, and timestamps. We use cookies and similar technologies for authentication, security, and basic analytics. We do not use third-party advertising cookies on the LendFlow platform.
2. How we use information
We use information for the following purposes:
- To provide, maintain, and secure the Services;
- To authenticate users, prevent fraud, and detect abuse;
- To process loan applications, underwriting decisions, contracts, funding disbursements, and payments on behalf of Funders;
- To send transactional messages (email and SMS) tied to your account, application, or loan;
- To respond to your support requests and communicate with you about the Services;
- To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information, and we do not share consumer mobile information with third parties or affiliates for their marketing or promotional purposes.
3. SMS and mobile messaging
If you opt in to SMS messaging by providing your mobile number and giving consent on the LendFlow registration form or another opt-in surface, we may use Twilio to send transactional SMS messages related to your account and loan, including:
- Application status updates;
- Contract and signature reminders;
- Payment and debit reminders;
- Failed-payment and default notifications;
- Account security alerts.
Message frequency: Frequency varies based on activity on your account, generally fewer than 10 messages per month.
Carrier charges: Message and data rates may apply. Lendmarket does not charge for SMS messages, but your wireless carrier may.
Opt-out: You can stop receiving SMS messages at any time by replying STOP to any message we send. After you reply STOP, we will send a single confirmation that you have been unsubscribed and we will not send further SMS messages.
Help: Reply HELP to any message for assistance, or contact us at support@lendmarket.ai.
Eligible carriers: Supported on all major U.S. carriers. Carriers are not liable for delayed or undelivered messages.
Mobile information sharing: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with subprocessors that help us deliver the SMS service (such as Twilio) and are bound by confidentiality and data-protection obligations.
4. How we share information
We share information only as described below:
- With Funders. Information you submit through a Funder's onboarding flow is shared with that Funder for the purpose of evaluating, funding, and servicing your loan.
- With service providers. We share information with vendors that help us operate the Services — including hosting, banking data (Plaid), e-signature (DocuSign), card payments (Authorize.Net), email delivery, SMS delivery (Twilio), and AI-based document analysis (Anthropic). These vendors are bound by contract to use information only to provide their services to us.
- For legal reasons. We may disclose information when required by law, subpoena, or court order, or when necessary to protect the rights, property, or safety of Lendmarket, our users, or the public.
- In a corporate transaction. If Lendmarket is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. The acquirer will be bound by this Privacy Policy or one substantially similar.
5. How long we keep information
We retain information for as long as your account is active and as needed to provide the Services. We retain certain information after account closure to comply with legal, tax, accounting, audit, and recordkeeping obligations, and to defend against legal claims. Loan-related records are typically retained for at least seven years from the date the loan is paid off, charged off, or otherwise closed, in line with industry recordkeeping practice.
6. Security
We use a combination of administrative, technical, and physical safeguards to protect information, including:
- AES-256 encryption at rest for sensitive fields including SSN, EIN, and Plaid access tokens;
- TLS for all data in transit;
- Role-based access control with separate platform admin, Funder, and Merchant scopes;
- Refresh-token rotation for authenticated sessions;
- Audit logging of state changes across the loan lifecycle;
- Tenant-scoped data access enforced at the service layer.
No system can guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you and applicable authorities as required by law.
7. Your rights
Depending on where you live, you may have the right to:
- Request access to the personal information we hold about you;
- Request correction of inaccurate information;
- Request deletion, subject to our legal retention obligations;
- Opt out of SMS messaging (see Section 3);
- Lodge a complaint with a data-protection authority.
To exercise any of these rights, email privacy@lendmarket.ai. If you are a Merchant whose data is held by a Funder, we may direct your request to that Funder, since the Funder is the controller of that data.
8. Children's privacy
The Services are not directed to children under 18. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us with information, contact us and we will delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy at this URL and update the "Last updated" date above. For significant changes affecting how we use your information, we will provide additional notice (such as an email or in-product notice).
10. How to contact us
For questions about this Privacy Policy or our privacy practices, contact us at:
Lendmarket
Email: privacy@lendmarket.ai
General: hello@lendmarket.ai