Privacy Policy

1. Introduction

Commercial Lending AI ("we," "our," or "us") operates a platform that connects businesses seeking commercial loans with specialty finance lenders. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Business name, owner name, email address, phone number
• Business Details: Industry, revenue, time in business, business structure
• Financial Documents: Tax returns, bank statements, financial statements, business licenses, identification documents uploaded to our secure document vault
• Loan Applications: Loan amount requested, loan purpose, preferred terms

2.2 Automatically Collected Information

• Usage Data: Pages visited, time spent on platform, features used
• Device Information: IP address, browser type, operating system
• Cookies: We use essential cookies for authentication and preferences (see Cookie Policy below)

3. How We Use Your Information

• Loan Matching: To match your business with appropriate lenders based on your profile and loan needs
• Document Management: To securely store and transmit your financial documents to matched lenders
• Communication: To send loan status updates, lender responses, and platform notifications
• Platform Improvement: To analyze usage patterns and improve our services
• Security: To detect and prevent fraud, maintain platform security, and comply with legal obligations

4. How We Share Your Information

4.1 With Lenders

When you apply for a loan, we share your business information and uploaded documents with lenders that match your loan criteria. You control when documents are released to lenders through our secure portal. Lenders may use this information to evaluate your loan application and make lending decisions.

4.2 Service Providers

We use trusted third-party service providers who assist in operating our platform:

• Supabase: Database, authentication, and file storage (SOC 2 Type II certified)
• Vercel: Application hosting and deployment
• Anthropic: AI-powered document processing (optional, when enabled by you)

These providers are contractually obligated to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Row-level security ensures you can only access your own data
• Document Vault: Financial documents are stored in a private, non-public storage bucket with signed URLs that expire after 15 minutes
• Audit Logging: All document access is logged for security monitoring
• Authentication: Secure session-based authentication with password requirements

Note: While we implement robust security measures, no internet transmission is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Active Accounts: Data retained while account is active
• Deleted Documents: Soft-deleted (archived) for 90 days, then permanently removed
• Closed Accounts: Data retained for 7 years to comply with financial recordkeeping requirements
• Legal Holds: Data may be retained longer if required by legal obligations

7. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Data Portability: Request a machine-readable copy of your data
• Opt-Out: Unsubscribe from marketing communications (we send very few)
• Withdraw Consent: Withdraw consent for data processing where consent was the legal basis

To exercise these rights, contact us at privacy@commerciallending.ai(or your actual support email).

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and platform functionality (cannot be disabled)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand platform usage (optional, requires consent)

You can manage cookie preferences through our cookie consent banner. Essential cookies cannot be disabled as they are necessary for the platform to function.

9. Third-Party Links

Our platform may contain links to third-party websites (e.g., lender websites). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

10. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: