Privacy Policy

Last Updated: February 19, 2026

Flex Credit is operated by FinFi Trust Co, LLC (“FinFi Trust,” “we,” “us,” or “our”), a Delaware limited liability company. FinFi Trust Co, LLC is a subsidiary of GOFINFI Corporation, a Delaware corporation. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Flex Credit program and related services (collectively, the “Service”).

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

This Privacy Policy should be read together with our Terms of Service.

1. Who We Are

FinFi Trust Co, LLC is the operator of the Flex Credit program. FinFi Trust Co, LLC is a subsidiary of GOFINFI Corporation, a Delaware corporation. We serve as the data controller responsible for your personal information collected through the Service.

FinFi Trust is not a lender. We do not make credit decisions, provide loans, or offer financing. We operate a credit monitoring and credit building program.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

1. Account Information: Legal name, date of birth, email address, phone number, mailing address, and account credentials.
2. Identity Verification Information: Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), government-issued identification documents (e.g., driver's license, passport), and biometric information collected during identity verification (such as a selfie or liveness check image).
3. Payment Information: Payment card or bank account details used for subscription billing. Payment information is processed by our third-party payment processor and is not stored on our servers.
4. Communications: Information you provide when you contact us for support, submit a dispute, or respond to surveys.

2.2 Information We Collect from Third Parties

1. Consumer Credit Report Information: With your authorization, we obtain your consumer credit report and credit score(s) from one or more consumer reporting agencies (Experian, TransUnion, and/or Equifax). This includes account information, payment history, public records, inquiry history, and credit scores.
2. Identity Verification Results: Results from third-party identity verification services, including verification status, risk signals, and document authentication outcomes.
3. Credit Furnishing Data: Information about the status of your account as reported to consumer reporting agencies, including payment history and account standing.

2.3 Information Collected Automatically

1. Device and Usage Information: IP address, browser type, operating system, device identifiers, pages visited, features used, and interaction timestamps.
2. Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to operate the Service, remember preferences, and analyze usage. See Section 12 for cookie details.
3. Log Data: Server logs recording access times, pages viewed, and referring URLs.

3. Legal Bases for Processing

We process your personal information on the following legal bases:

1. Consent: You provide explicit consent when you authorize us to access your consumer credit report, verify your identity, and process your payment information.
2. Contractual Necessity: Processing is necessary to provide the Service under our Terms of Service, including account management, credit monitoring, and credit building features.
3. Legal Obligation: We process certain information to comply with applicable laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), state privacy laws, and tax and financial regulations.
4. Legitimate Interest: We process information for fraud prevention, security monitoring, service improvement, and enforcement of our Terms of Service.

4. How We Use Your Information

4.1 Service Delivery

We use your information to:

1. Create and manage your account;
2. Verify your identity;
3. Process subscription payments;
4. Retrieve and display your credit score and credit report information;
5. Monitor your credit report for changes and notify you of significant activity;
6. Report your payment activity to consumer reporting agencies to help you build credit history; and
7. Provide customer support.

4.2 Use of Consumer Reports

We access your consumer credit report information from one or more consumer reporting agencies with your consent and for the following permissible purposes under the Fair Credit Reporting Act (15 U.S.C. § 1681b):

1. To provide you with credit monitoring and credit score tracking services that you have requested;
2. To display your credit information within the Service;
3. To help you understand and improve your credit profile; and
4. To provide ongoing account servicing and notifications regarding changes to your credit file.

Access to your credit report through the Service constitutes a “soft inquiry” (also known as a “soft pull”) and will NOT affect your credit score.

4.3 Fraud Prevention and Security

We use your information to detect and prevent fraud, unauthorized access, and other harmful activity.

4.4 Communications

We use your contact information to send you service-related communications, including account notifications, credit monitoring alerts, billing confirmations, and responses to your inquiries.

4.5 Service Improvement

We use aggregated and de-identified information to analyze usage patterns, improve the Service, and develop new features. Aggregated data cannot be used to identify you.

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, as described in Section 6. These providers are contractually obligated to use your information only for the purposes we specify and to protect it in accordance with this Privacy Policy.

5.2 Credit Data Furnishing

With your consent, your payment activity is reported to one or more consumer reporting agencies (Experian, TransUnion, and/or Equifax). This reporting is designed to help you build credit history. See our Terms of Service for details on the credit building program.

5.3 Consumer Reporting Agencies

We access your consumer credit report information from consumer reporting agencies with your authorization, as described in Section 4.2.

5.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, including:

1. In response to a subpoena, court order, or other legal process;
2. To comply with applicable laws and regulations;
3. To protect our rights, property, or safety, or the rights, property, or safety of others; and
4. To enforce our Terms of Service.

5.5 Business Transfers

If FinFi Trust Co, LLC is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.6 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Service Providers and Processors

We engage third-party service providers to help us operate the Service. These providers act as data processors on our behalf and are contractually required to protect your information.

Categories of Service Providers:

1. Identity Verification: We use third-party identity verification services to confirm your identity during enrollment. These services may process your government-issued ID, biometric data (selfie/liveness check), and personal identifying information.
2. Credit Data Infrastructure: We use third-party credit data infrastructure to retrieve your consumer credit report information from consumer reporting agencies on your behalf.
3. Payment Processing: We use a third-party payment processor to handle subscription billing. Your payment card or bank account information is processed and stored by the payment processor, not by us.
4. Cloud Hosting and Infrastructure: The Service is hosted on third-party cloud infrastructure providers that maintain physical and technical security controls.
5. Customer Support: We may use third-party tools to manage customer support communications.

All service providers are processors. They process your information only as necessary to perform their functions on our behalf and are not permitted to use your information for their own purposes.

FinFi Trust Co, LLC is the operator and data controller. Service providers are not operators of the Service.

7. Data Security

7.1 Security Measures

We implement industry-standard technical and organizational measures to protect your personal information and consumer report data, including:

1. Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher.
2. Encryption at Rest: Sensitive personal information, including Social Security Numbers, credit report data, and payment information, is encrypted at rest using AES-256 or equivalent encryption.
3. Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. We maintain role-based access controls and enforce multi-factor authentication for administrative access.
4. Audit Logging: We maintain audit logs of access to consumer data, including who accessed what information and when.
5. Monitoring: We monitor our systems for unauthorized access, anomalous activity, and potential security threats.
6. Vendor Security: We require our service providers to maintain security standards consistent with industry best practices and applicable law.

7.2 Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you in accordance with applicable state and federal law. Notification will include a description of the breach, the types of information involved, and steps you can take to protect yourself.

7.3 Limitations

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

8.1 Retention Periods

We retain your personal information for as long as your account is active and for a reasonable period thereafter as follows:

1. Account Information: Retained for the duration of your account and for up to three (3) years after account closure, unless a longer period is required by law.
2. Consumer Credit Report Data: Credit report data retrieved during your use of the Service is retained for the duration of your account. Upon account closure, credit report data is deleted or anonymized within ninety (90) days, except as required by law.
3. Identity Verification Data: Verification results are retained for the duration of your account and for up to five (5) years after account closure, consistent with anti-money laundering and fraud prevention obligations.
4. Biometric Data: Biometric information collected during identity verification (selfie/liveness images) is retained only for the duration of the verification process and is deleted within thirty (30) days of verification completion, unless retention is required by law.
5. Payment Records: Transaction and billing records are retained for up to seven (7) years after the transaction date, consistent with tax and financial record-keeping requirements.
6. Communications: Support communications and dispute records are retained for up to three (3) years after resolution.
7. Usage Data: Aggregated and de-identified usage data may be retained indefinitely for analytics and service improvement purposes.

8.2 Deletion

When your data is no longer needed for the purposes described above, we will securely delete or anonymize it in accordance with our data retention policies. You may request deletion of your account and associated personal information by contacting us at privacy@finfi.app. See Section 11 for additional rights.

8.3 Legal Holds

We may retain information beyond the periods described above if required by law, regulation, or legal proceeding, or if necessary to resolve disputes or enforce our agreements.

9. Your Rights Under the Fair Credit Reporting Act (FCRA)

Under the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), you have the following rights:

1. Right to Know What Is in Your File. You have the right to request a copy of your consumer report from each of the nationwide consumer reporting agencies. You are entitled to one free report per year from each agency at www.annualcreditreport.com.
2. Right to Dispute Inaccurate Information. If you believe that information in your credit file is inaccurate or incomplete, you have the right to dispute it with the consumer reporting agency and/or the information furnisher. See Section 10.
3. Right to Have Inaccurate Information Corrected or Deleted. Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information, generally within 30 days of receiving your dispute.
4. Right to Know Who Has Accessed Your Report. You have the right to know who has requested your consumer report within the past year (two years for employment inquiries).
5. Right to Limit Pre-Screened Offers. You may opt out of pre-screened credit and insurance offers by calling 1-888-5-OPT-OUT (1-888-567-8688) or visiting www.optoutprescreen.com.
6. Right to Seek Damages. If a consumer reporting agency, user, or furnisher violates the FCRA, you may be entitled to sue in state or federal court.
7. Identity Theft Protections. If you are a victim of identity theft, you have additional rights, including the right to place a fraud alert or credit freeze on your file.
8. Right to Opt Out. You may revoke your authorization for us to access your consumer credit report at any time by contacting us or closing your account.

For a full summary of your rights under the FCRA, visit the Consumer Financial Protection Bureau at www.consumerfinance.gov/learnmore or the Federal Trade Commission at www.ftc.gov.

10. Disputes

10.1 Disputing Information on Your Credit Report

If you believe that information on your credit report is inaccurate or incomplete, you may file a dispute with:

(a) The Consumer Reporting Agency that issued the report:

(b) The Information Furnisher. If you believe furnished information is inaccurate, you may also contact us directly:

10.2 Dispute Process

When you file a dispute with a consumer reporting agency, the agency must investigate the dispute, generally within 30 days, and notify you of the results. If the information is found to be inaccurate, incomplete, or unverifiable, it will be corrected or removed.

When you file a dispute directly with us as the data furnisher, we will investigate and respond in accordance with the FCRA.

10.3 Disputes About Our Service

If your concern relates to how we operate the Service (rather than information on your credit report), contact us at privacy@finfi.app or see Section 14 for contact information.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.

11.1 Categories of Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

1. Identifiers (name, email, phone, SSN/ITIN, address)
2. Financial information (payment card details, credit report data)
3. Biometric information (selfie/liveness images for verification)
4. Internet/electronic activity (IP address, usage data, cookies)
5. Geolocation data (derived from IP address)
6. Professional/employment information (if provided)
7. Inferences drawn from the above categories

11.2 Your California Rights

You have the right to:

1. Know: Request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
2. Delete: Request that we delete personal information we have collected from you, subject to certain exceptions.
3. Correct: Request that we correct inaccurate personal information.
4. Opt Out of Sale or Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising.
5. Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

11.3 How to Exercise Your Rights

To submit a request, contact us at:

We will verify your identity before processing your request. We will respond within 45 days of receiving a verifiable request.

11.4 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may contact you directly to verify the request.

11.5 Financial Information Exemption

Certain personal information collected and used in connection with consumer credit reports is subject to the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA) and may be exempt from certain CCPA/CPRA provisions. Where such exemptions apply, your rights are governed by the FCRA and GLBA as described in Sections 9 and 10.

11.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

12. Cookies and Tracking Technologies

12.1 What We Use

We use the following technologies:

1. Essential Cookies: Required for the Service to function, including session management and authentication. These cannot be disabled.
2. Analytics Cookies: Used to understand how you interact with the Service, including pages visited and features used. These help us improve the Service.
3. Pixels and Beacons: Used in emails to track delivery and open rates.

12.2 Your Choices

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

12.3 Do Not Track

Some browsers send a “Do Not Track” (DNT) signal. We honor DNT signals where technically feasible. Regardless of DNT settings, we do not engage in cross-site tracking for advertising purposes.

13. Electronic Communications

By using the Service, you consent to receive communications from us electronically, including:

1. Service notifications (credit alerts, verification status, account updates);
2. Billing and subscription notices;
3. Security and fraud alerts;
4. Policy updates and legal notices; and
5. Responses to support inquiries.

In accordance with the Electronic Signatures in Global and National Commerce Act (E-SIGN Act, 15 U.S.C. § 7001 et seq.), you consent to the use of electronic records and signatures.

You may opt out of non-essential communications (such as promotional emails) at any time. You may not opt out of essential service communications while your account is active.

14. Contact Information

For questions about this Privacy Policy, your personal information, or to exercise your privacy rights:

For credit report disputes: disputes@finfi.app

15. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

The “Last Updated” date at the top of this Privacy Policy indicates when the most recent changes were made.

Prior versions of this Privacy Policy are available upon request by contacting privacy@finfi.app.