Privacy Policy

This Privacy Policy explains how Guilder Funding LLC ("Guilder Funding," "we," "us," or "our") collects, uses, discloses, and protects information about you when you visit our website, take one of our free business-financing intake quizzes, use our calculators, click affiliate offers we feature, or otherwise interact with our services (collectively, the "Services").

Your privacy matters. The Services involve financial decision-making, and we treat the information you share with us accordingly. We do not sell your personal information to data brokers or lead-aggregator networks. We do transfer your intake-form information to the single funding partner we match you with, who pays us a referral fee when they accept the lead. Under California's CCPA and similar state laws, that transfer for monetary consideration qualifies as a "sale" of personal information, and you have the right to opt out at any time.

If you don't read anything else, read this: when you submit our intake form, we send your information to one funding partner (currently Lendzi for small-business financing, or Credit Saint for credit repair, depending on your answers). That partner pays us a referral fee. You can opt out of this sale at any time via our Do Not Sell or Share My Personal Information page, before or after submitting the form.

1. Information we collect

1.1 Information you provide directly

• Quiz answers. When you take a business-financing quiz or other matching tool, we collect your answers (debt level, credit score range, business-financing goal, and similar attributes).
• Email address. To deliver your personalized results and to send you the educational emails you opted into.
• U.S. state of residence. Required so we can match you only with programs licensed and authorized to operate in your state.
• Phone number (only if you choose to provide it for an optional click-to-call feature in the future; we do not currently require a phone number to use our Services).
• Communications with us. If you email or message us, we keep the content of those communications.

1.2 Information collected automatically

• Device and browser information: IP address, user agent, screen size, language, timezone, and approximate geographic location (derived from IP, typically the U.S. state, sometimes city-level).
• Usage data: the pages you visit, links you click, time on page, scroll depth, referring URL, and the UTM/campaign parameters from links you arrive on.
• Identifiers and cookies set by us:
  • pv-cookie-consent, your cookie-consent preference (essential / all).
  • pv-attr (sessionStorage), your campaign-attribution context (variant ID, LP slug, UTM parameters) while you complete the quiz.
  • pv-drawer-dismissed, pv-exit-shown, pv-push-dismissed, UI state for components you've dismissed.
• Identifiers set by Meta (Facebook): the _fbp first-party cookie and the _fbc cookie (set when you arrive via a Facebook/Instagram ad), used for ad measurement.
• Event identifiers: we generate a unique event ID per conversion to deduplicate browser-side and server-side conversion events.

1.3 Information we receive from third parties

• From advertising platforms. Meta Platforms may share aggregated ad-performance data with us. We do not receive individually identifying information from Meta about ad recipients.
• From affiliate partners. When you click through to one of our partners and complete an application or enroll in a program, the partner notifies us (typically via a server-to-server "postback") that a conversion occurred. The postback usually contains: a hashed identifier we sent with the click, the offer name, and (in some cases) a payout amount. It does not include the personal information you provided to the partner directly.
• From IP-geolocation providers. Our hosting and CDN providers (Vercel and Cloudflare) provide approximate location based on IP. We use this to pre-fill your state on quiz forms and to filter offers available in your state.
• From lead-validation providers (if and when we add phone collection). When we collect phone numbers in the future, we plan to use TrustedForm (ActiveProspect) or Jornaya LeadiD to capture proof of TCPA-compliant consent. These providers record metadata about the form submission (time, IP, user agent, the consent language displayed) but do not provide us with additional personal information beyond what you submit.

1.4 Categories of personal information under state privacy laws

The categories below mirror the categories enumerated in the California Consumer Privacy Act (CCPA/CPRA) and equivalent state laws.

1.5 What we do not collect

For clarity, the following common personal-information categories are not collected on our site (you may provide them to a partner you click through to, but that is between you and the partner):

• Full legal name (we collect email only; the partner you click through to may ask for your name on their form)
• Social Security Number, ITIN, or other government identifier
• Date of birth
• Mailing or street address
• Bank account, debit card, or credit card numbers
• Salary or income (we ask for debt level, not income)
• Demographic information (age, race, gender, religion, sexual orientation, national origin)
• Health or medical information
• Biometric data (fingerprints, face recognition, voiceprints)
• Precise GPS location (we use approximate IP-derived location at state level only)

2. How we use information

We use the information described above to:

• Match you with relevant business financing and financial services partners based on your quiz answers, state of residence, and credit profile range.
• Deliver the email results of the quiz and educational follow-up emails if you've opted in.
• Measure performance of our content, landing pages, and advertising campaigns. We use server-side and client-side conversion tracking (Meta Conversions API and Meta Pixel) to attribute conversions to the ads and campaigns that drove them.
• Build and refine audiences for advertising on Meta. We may upload hashed email addresses of users who took a quiz to Meta's Custom Audiences feature to (a) suppress them from seeing the same ads and (b) build lookalike audiences. Hashing is one-way (SHA-256), Meta cannot recover the email from the hash.
• Prevent fraud, abuse, and bot traffic on our forms.
• Comply with our legal obligations, including responses to lawful subpoenas, regulatory requests, and FTC/state AG inquiries.

We do not use your information to make automated decisions that have a legal or similarly significant effect on you. Our quiz-to-offer matching is rule-based and exists solely to surface eligible programs, it does not approve, deny, or score you for any product. The actual eligibility decision is made by the partner you click through to.

3. Who we share information with

We share information with the following categories of third parties. We have written contracts with each that limit how they may use the information they receive.

3.1 Funding partners

When you submit our intake form, we generate a tracking identifier (a "click_id") and route you to one funding partner whose acceptance criteria most closely match your stated revenue, time in business, and goal. The partner receives the information you provided in the intake form so that they can evaluate your application. We send each lead to exactly one partner; we do not blast your information across an open lender network or sell it to data brokers.

Our current funding partners are:

• Lendzi (small-business financing marketplace) - the default destination for leads that meet small-business lending thresholds.
• Credit Saint (credit-repair services) - the destination for leads whose personal credit profile is not yet ready for business financing.

Each partner operates its own privacy policy, which governs what they do with the information once you complete their application. We may add or change partners over time and will update this list within 30 days of any change.

3.2 Service providers (operating the site)

• Hosting and infrastructure: Vercel, Cloudflare
• Database: Supabase (Postgres database for storing leads and conversion events)
• Transactional email: Resend
• Analytics and conversion measurement: Meta Platforms (Pixel + Conversions API)
• Geolocation: Vercel Edge and Cloudflare (IP-to-state mapping)

3.3 Advertising partners

We share certain identifiers (hashed email, the _fbp cookie value, IP address, user-agent, event ID, event time) with Meta Platforms through the Meta Conversions API to measure the effectiveness of our advertising. We also use Meta Custom Audiences to upload hashed email lists for audience-building and exclusion. Read Meta's data-use policy at facebook.com/policy.

3.4 Legal, safety, and compliance

We will disclose information if compelled by valid legal process (subpoena, court order, regulatory request), to protect our rights or the rights of others, or to investigate fraud or abuse of the Services.

3.5 Business transfers

If Guilder Funding is involved in a merger, acquisition, financing, reorganization, or sale of all or part of our assets, your information may be transferred to the acquiring entity as part of that transaction, subject to the same protections in this policy.

4. Sale and sharing of personal information, your opt-out rights

Guilder Funding transfers your intake-form information to one funding partner (currently Lendzi or Credit Saint, depending on your answers) and receives a referral fee when the partner accepts the lead. Under California's CCPA, Virginia's VCDPA, Colorado's CPA, Connecticut's CTDPA, Utah's UCPA, and similar state consumer-privacy laws, that transfer for monetary consideration qualifies as a "sale" of personal information.

We do not sell your personal information to data brokers, lead-aggregator networks, or any party other than the single funding partner we match you with based on your intake answers.

We also share personal information for cross-context behavioral advertising purposes, which qualifies as a separate "sale" or "sharing" under those same state laws. Specifically, we share the following categories of personal information with Meta Platforms (Facebook) for purposes of advertising measurement, custom-audience building, and lookalike-audience generation:

• Identifiers (hashed email address, IP address, Facebook cookies _fbp and _fbc, user agent)
• Internet/network activity (the event that occurred, the URL it occurred on, the event timestamp)
• Approximate geolocation (state-level)
• Inferences (the fact that you engaged with business-financing content)

In the past 12 months we have shared personal information in the categories above for these purposes. We have not shared sensitive personal information (credit-range answers, recent-funding-decline answers) with Meta or any other advertising network for cross-context behavioral advertising purposes; those quiz answers remain on our servers and are transferred only to the matched funding partner when you submit the intake form.

You can opt out of both the funding-partner transfer and the advertising-purpose sharing at any time:

• Use our Do Not Sell or Share My Personal Information page to submit an opt-out request. You can opt out before or after submitting the intake form.
• Enable the Global Privacy Control (GPC) signal in your browser. We honor GPC automatically when detected.
• Choose "Essential only" in our cookie consent banner. This disables Meta Pixel client-side.

Once you opt out, we stop transferring your information to a funding partner for new submissions and stop sharing identifiers with Meta. If you have already submitted a lead, opting out does not retroactively recall the information that was already transferred to the partner, but you can additionally request deletion using the Delete option on the same opt-out page.

4A. Fair Credit Reporting Act (FCRA) notice

Our funding partners may obtain a consumer report (a credit report) about you or your business when you apply for their products. Guilder Funding does not directly obtain consumer reports about you from credit bureaus. We do not run hard credit pulls on the basis of your interaction with our site.

Most small-business lenders perform a soft credit pull at the pre-qualification stage, which does not affect your credit score, but does require your separate consent on the partner's site. A soft pull becomes a hard pull only if you elect to submit a full funding application with the partner, and the partner will disclose this to you at the point of application.

If you are denied a credit product based on information in a consumer report, the partner who made the decision is required by federal law to provide you an adverse-action notice with: the name and contact information of the consumer reporting agency, instructions for obtaining a free copy of your credit report, and instructions for disputing inaccurate information. Guilder Funding is not the entity that makes the credit decision and therefore is not the entity that issues the adverse-action notice.

Under the FCRA, you have the right to:

• Know what is in your consumer report file
• Dispute inaccurate, incomplete, or unverifiable information
• Request a free credit report annually from each of the three nationwide consumer reporting agencies via annualcreditreport.com
• Place a free credit freeze or fraud alert at any time

For more information about your FCRA rights, see the Consumer Financial Protection Bureau's Summary of Consumer Rights.

Some quiz pages and informational pages we operate ask for your approximate credit-score range as a self-reported value (Good 670+, Fair 580-669, Poor under 580). This is not a credit report. We do not verify this self-reported answer against any consumer reporting agency. We use the answer solely to filter and rank offers that may be appropriate for your range.

5. Your rights and choices

Residents of the following states have specific privacy rights under their state laws: California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Iowa (ICDPA), Minnesota (MCDPA), Montana (MCDPA), Nebraska (NDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Oregon (OCDPA), Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA). The specific scope of each right varies by state law, but the rights below apply to most residents of those states.

• Right to know / access: request a copy of the personal information we hold about you, and information about how we use and share it.
• Right to delete: request that we delete your personal information, subject to legal exceptions (e.g., we may retain records of conversion events for tax and audit purposes for the period legally required).
• Right to correct: request that we correct inaccurate personal information.
• Right to data portability: request a copy of your personal information in a portable format (where applicable under your state's law).
• Right to opt out of sale/sharing: as described in Section 4 above.
• Right to opt out of targeted advertising: use the cookie banner on our site to refuse advertising cookies, enable GPC, or submit a request via our CCPA opt-out page.
• Right to opt out of profiling in furtherance of decisions producing legal or similarly significant effects (we do not currently engage in this kind of profiling).
• Right to limit use of sensitive personal information: California residents and residents of some other states may direct us to limit our use of sensitive personal information to specific permitted purposes.
• Right to non-discrimination: we will not charge you a different price, deny you Services, or provide a different level of quality if you exercise your rights.
• Right to appeal a denial: if we deny your request, you may appeal the decision by emailing us at the address below within 60 days of the denial.
• Right to lodge a complaint with your state attorney general or the FTC.

To exercise these rights, visit our privacy rights request form or email privacy@guilderfunding.com. We will respond within 45 days of receiving a verifiable request (extendable to 90 days where permitted by law). We may need to verify your identity before fulfilling certain requests.

5.1 Email marketing

Every promotional email we send contains a one-click unsubscribe link in the footer. You can also unsubscribe at any time via our unsubscribe page. We will continue to send transactional emails related to a request you've initiated (e.g., your quiz results) even after you unsubscribe from marketing emails.

5.2 Cookies

On your first visit, our cookie banner asks for your preference. You can change your preference at any time using the "Cookie settings" link in the footer of every page. Choosing "Essential only" disables advertising and analytics cookies, including Meta Pixel.

6. Data retention

We retain personal information only as long as needed for the purposes described in this policy, then delete or anonymize it. Specifically:

• Quiz leads and email addresses: up to 36 months from your most recent interaction, or until you ask us to delete the record.
• Conversion events (click logs, postback records): up to 24 months, for affiliate-revenue reconciliation and audit purposes.
• IP addresses in server logs: up to 90 days for security and fraud prevention; aggregated/anonymized after that.
• Email content of correspondence with us: up to 24 months.
• Records required to comply with legal obligations (e.g., tax records, CCPA-request audit logs): for the legally required period, generally 7 years.

7. Security

We use technical and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These include TLS encryption for data in transit, encryption at rest for our database, role-based access controls, and audit logging. No system is perfectly secure, however, and we cannot guarantee absolute security.

8. Sensitive personal information and financial data

Quiz answers may include information about your debts and approximate credit score range. Under California and several other state laws, this is considered "sensitive personal information." We use this information solely for the purpose of matching you with relevant programs, not for inferring characteristics about you, not for advertising-network targeting beyond conversion measurement, and not for any purpose unrelated to the Services. You can request that we limit our use of sensitive information by emailing privacy@guilderfunding.com.

We do not collect your full Social Security number, date of birth, government-issued ID number, or financial-account number on our site. If you choose to provide that information to a partner you click through to, you are providing it to that partner, subject to that partner's privacy policy.

9. Children's privacy

The Services are intended for adults age 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, please email us at privacy@guilderfunding.com and we will delete it.

10. International users (EU / UK / EEA)

The Services are intended for residents of the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have data-protection laws different from those in your country.

We do not target the European Economic Area (EEA), United Kingdom, or Switzerland with our advertising, and we do not run Meta ads to those regions. However, if you arrive on our site from an EEA/UK/Swiss IP address and submit information through a quiz form, we will treat your request as follows:

• We rely on your explicit consent as the legal basis for processing your quiz answers and email address (GDPR Article 6(1)(a)).
• For website analytics and conversion measurement, we rely on our legitimate interest in measuring the effectiveness of the Services (Article 6(1)(f)), balanced against your right to opt out through the cookie banner.
• You have the rights guaranteed under the GDPR (or UK GDPR): access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with your supervisory authority.
• We will respond to data-subject requests from EEA/UK residents within one month of receipt, extendable to up to three months for complex requests as permitted under the GDPR.
• To submit a request, email privacy@guilderfunding.com with "GDPR Request" in the subject line and a description of your request.
• Our data is transferred to and stored in the United States. We rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (where applicable) for any cross-border transfers initiated by EEA/UK users.

If you do not consent to your data being processed in the United States under the framework described above, please do not submit information through our forms.

11. Do Not Track

We do not currently respond to "Do Not Track" browser signals, because there is no industry-standard interpretation of that signal. We do honor the Global Privacy Control (GPC) signal, see Section 4.

12. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will provide a more prominent notice (such as an email to subscribers or a banner on the site) at least 14 days before the changes take effect.

13. Contact us

Guilder Funding LLC
[Business address, replace before launch]
Email: privacy@guilderfunding.com
For California residents: see our CCPA opt-out page.

For the site operator: this Privacy Policy is intentionally substantive, it reflects how the site actually operates (Meta Pixel + Conversions API, Supabase, Resend, IP geolocation, affiliate redirects, state filtering, CCPA workflows). Before launch, you should: (1) have a privacy attorney review it for your jurisdiction and your specific affiliate partner agreements, (2) replace the placeholder business address and email, (3) update the affiliate partner list in Section 3.1 to match the offers you actually run, and (4) confirm the retention periods in Section 6 against your network agreements and any applicable record-keeping rules.