Privacy Policy

Everything You Need to Know About Your Privacy


Rapidly Financial, Inc. (“Rapidly Financial” or the “Company”) and its Board of Directors (the “Board”) adopt this policy (the “Policy”) to evidence Company personnel are committed to the practices of ensuring a consumer’s private information is secure and confidential.

The Company will take prudent steps to ensure we safeguard consumer information from unauthorized use. As such, the Company has implemented safeguards to protect consumer information. These safeguards can be physical (restricted access to buildings), electronic (IT firewalls), or procedural (use of shredding receptacles).

Applicable Federal & State Statutes and Regulations

Gramm Leach Bliley Act (GLBA)

Title V of Gramm-Leach-Bliley Act (“GLBA”) generally prohibits any financial institution, directly or through its affiliates, from sharing non-public personal information about its customers with a non-affiliated third party. Company values its customers and is committed to protecting the privacy of personal information in compliance with GLBA. We are committed to ensuring the continued protection of and the safeguarding of our customers’ nonpublic personal information.

Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (“FCRA”) was designed to ensure an accurate and fair credit reporting system. FCRA ensures the following:

Guarantees the accuracy and fairness of the information gathered by consumer reporting agencies;

Ensures public confidence is not compromised through inadequate, obsolete, or incorrect consumer reports;

Communicates the importance of credit reporting when accessing loans and other services to consumers and lenders;

Communicates that consumer reporting agencies will exercise fairness and impartiality with respect to reporting and consumer privacy;

Ensures that consumer reports are used for legitimate purposes.

Although the Company is not classified as a consumer reporting agency, our policy is to still remain compliant with all requirements for users of consumer reports as outlined in FCRA.

Fair and Accurate Credit Transaction Act (FACTA)

The Fair and Accurate Credit Transaction Act (“FACTA”), which amends the Fair Credit Reporting Act (FCRA), establishes numerous requirements that provide protection for the victims of identity theft, provide more information to consumers about credit reports and credit scoring, limits sharing of information with affiliates, and protects consumer medical and other information.


To help the United States government prevent fraud and fight the funding of terrorism, money laundering and related activities, Federal law, specifically Section 326 of the U.S. Patriot Act, requires that Company obtain, verify and record information that identifies each person who applies for a loan with our Company. We will ask the consumer for his or her name, address, date of birth, and other identification information. We may also inspect and/or copy his or her driver’s license or other identifying documents. If the consumer fails or refuses to provide such information, we may decline to extend credit or establish or continue a customer relationship with said consumer. This policy also extends to signatory individuals added to an existing and/or in-process loan application.


This policy is a general statement of the Company’s objectives, direction and expectations regarding the adherence to Privacy Policy. As such, it is the authority, basis and platform for the development, communication, implementation, interpretation and enforcement of appropriate and applicable operating guidelines that follow in subsequent sections of this policy.

Enforcement & Accountability

The Chief Compliance Officer, or their designee, is responsible for the oversight of ensuring compliance with this policy is maintained. To assist the Chief Compliance Officer, each officer, manager, or supervisor is assigned the responsibility to oversee the day-to-day role of enforcing the Information Security Policy.

Key Terms

Non-public Personal Information (“NPPI”) is any data or information considered to be personal in nature and not subject to public availability.

Personal information includes, but is not limited to:

Individual names

Social Security numbers

Credit or debit card numbers

Bank account and routing numbers

State identification card numbers

Driver’s license numbers

Dates of birth

Health records when the disclosure of the information in question would reasonably be considered to be harmful or an invasion of privacy

Privacy Notice

To Whom and When

We provide our privacy policy statement to each customer to whom we provide financial services.

The notice will, at a minimum, contain the following:

How Company obtains and gathers information;

The circumstances under which Company may share information; and

Instructions on how to limit the information sharing.

Information Sharing

Information Company Collects

Rapidly Financial collects information about its customers to help us better serve their financial needs, to provide them with quality products and services and to fulfill legal and regulatory requirements. We consider non-public information about our customers in our possession to be personal information, even if they cease to be a customer. The personal information we collect about our customers may include among other things:

Identifying information; such as their name, age, address, phone number and social security number;

Employment information; and

Financial information such as their income, assets and liabilities, as well as information about their checking account, dependents, and savings.

Typically, we collect this information on applications and other forms completed by the customer, through conversations he or she may have with Company’ customer support agents, through discussions with other representatives, and, in some cases, via information transmitted over the Company website. Company may also collect information from a wide range of other sources in order to process and/or underwrite a customer’s loan. These sources may include, among others, employers, attorneys, banks, and consumer reporting agencies.

Limiting Information Sharing

We share personal information about our consumers, only as required or permitted by law, with third parties, such as service providers who assist us in the day-to-day operations of our company in the administration, processing, servicing of accounts. These third parties include, but are not limited to software providers, and marketing services.

As permitted by law, a customer has the right to limit or opt-out of certain information sharing. Federal law gives customers the right to limit only the following:

Affiliates’ use of customer information for everyday business purposes – information about a customer’s creditworthiness;

Affiliates’ use of a customer’s information to market to said customer;

Non-affiliates’ use of information to market to the customer; and

Any additional rights as permitted by state law.

If we receive a request from a third party for aggregated data that contains NPPI, the request must be forwarded to the Compliance Department for review and consideration.

Information Sharing Agreements

If the Company enters into an agreement with a non-affiliate, that agreement must be reviewed by the Legal/Compliance Department to confirm that there is a clause concerning NPPI and its acceptable use pursuant to that agreement. No information sharing agreement may be executed without the approval of the Legal Department.

Former Customers

Once a consumer is no longer an active Rapidly Financial customer, we will continue to treat information that he or she has provided as if he or she is still a customer.

Physical and Virtual Protections

Rapidly Financial ’s Information Technology Department (“IT”) provides high-level guidelines in identifying and implementing safeguarding processes to protect customer, confidential and/or proprietary information from misuse, inappropriate transfer, and theft. The safeguarding process also identifies foreseeable internal and external risks to the security, confidentiality, or integrity of any records containing personal and/or proprietary information.

Company has implemented physical, electronic, and procedural safeguards to maintain confidentiality and integrity of the personal information in our possession and to guard against unauthorized access. These include among other things, procedures for controlling access to customer files, building security programs and information technology security measures such as the use of passwords, firewalls, virus prevention, and detection software. These safeguards include:

Limiting Access

Each employee needs appropriate access to do his or her job. Therefore, when a new employee is hired, the new employee’s system and physical access will meet the requirements of his or her job function. In the same manner, as an employee moves into a new position, that employee’s system and physical access requirements could change accordingly. The person authorizing such access (for example, the employee’s direct leader or manager) should be mindful to limit access only to those systems and areas deemed critical for the employee to accomplish their job function.

Technological Safeguards

Company uses a standard SSL (Secure Sockets Layer) encryption. General consumer information is encrypted when stored and encrypted when transmitted. Private information is retained within our processing system as required by federal and state guidelines.

Secure Document Exchange (“SDX”)

Sending a password protected file is one way to safeguard sensitive information that is sent through an e-mail attachment. Though password protecting files makes it harder for someone to view a document, it should not be considered totally secure.

Therefore, when considering sending sensitive data via e-mail, Company employees must consider the following:

Avoid sending social security numbers in a document.

Make sure the file is sent to a limited number of people. The more people who handle the data the more likely for a breakdown in security.

Make sure your intended receiver is a trusted individual who will safeguard your data.

Physical Safeguards

Rapidly Financial relies on technology to do business, we still rely may need to rely on hard-copy documents for day-to-day transactions. Employees must treat physical data with the same high-level care as electronically stored data.

Employees are responsible for maintaining the physical security of Company premises. These precautions include:

Not propping or leaving doors open;

Ensuring that the door (s) are fully closed after your departure;

Directing individuals who enter secured areas without a badge to sign in with a member of management;

Immediately reporting lost or stolen company-issued laptops and/or cellular phones to Information Technology;

Maintaining the security of paper documents. For example:

When information is no longer needed, shred proprietary, confidential and/or customer information;

Do not leave proprietary, confidential and/or customer information lying on copiers or fax machines or in unsecured areas or hallways of Company facilities;

Proprietary, confidential and/or customer information must be within the employee’s physical possession and sight at all times or secured out of sight in a locked area.

Written Restrictions

To show diligence toward the protection of consumer PII, it is the policy of Rapidly Financial that no consumer PII be written on any scrap paper, file folder, or any other writable surface. It is the responsibility of the Chief Operations Officer to ensure compliance with this requirement.

Reporting Requirements

The Compliance Department is responsible for ensuring that these safeguards are being followed. If any employee believes a breach of our safeguards has taken place, or they have reason to believe any non-public consumer information has been unlawfully accessed or delivered to a third party in error, they must contact the Compliance Department for investigation, notification, and resolution.

If a consumer’s information has been compromised, the Compliance Department will notify the consumer(s) of the breach and give them contact information in case they experience identity theft issues.

The Compliance Department will give the consumer instructions on notification procedures and contact information for the three credit bureaus: Equifax, Experian or TransUnion.


By Telephone: (888) 766-0008 or

Visit: https://www.fraudalerts.equifax.com


By Telephone (888) 397-3742 or

Visit: https://www.experian.com/consumer/cac/InvalidateSession.do?code=SECURITYALERT


By Telephone: (800) 680-7289 or

Visit: http://www.transunion.com/corporate/personal/fraudIdentityTheft.page

Compliance Department

The Compliance Department can be reached by:




Rapidly Financial, Inc. Attn: Chief Compliance Officer 995 Market Street Fl 2 San Francisco, CA 94103

Staff Training

It is the responsibility of the Rapidly Financial ’s Chief Compliance Officer and the Compliance Department to ensure that all of Company’s personnel receive appropriate training on the regulation(s) and the directives of this policy.

Rapidly Financial ’s Privacy Program requires that all Company personnel receive ongoing training on the directives of the Privacy Program. Rapidly Financial ’s training program includes:

Regulatory requirements and Rapidly Financial ’s internal Privacy policies, procedures and processes, including any changes;

Current developments and changes to any related regulations;

Company employee monitoring requirements;

Reinforcing the importance that the Board of Directors and Executive Management place on Rapidly Financial ’s compliance with the Privacy Policy and ensure that all employees understand their role in maintaining an effective compliance program;

Understanding and communicating the context and the purpose of the Privacy Policy and Privacy Notice.

Please refer to the Company Learning and Development Policy for details concerning required new hire and annual training time frames and schedules.


Audits/Assessments, Reviewing and Updating Policy

The privacy policy will be re-evaluated annually to determine whether all aspects of the policy are up-to-date and applicable in the current business environment. In the event where changes to regulation are mandatory and require immediate update, the policy will be amended to reflect such changes. Actions to take in the event that fraudulent or illegal activity is discovered may also require revision to reduce damage to Company and its consumers.

The following factors may be considered in exercising discretion in amending the policy:

Company’s experience with identity theft;

Updates in methods of identity theft;

Updates in customary methods used to detect, prevent and mitigate identity theft;

Updates in types of accounts that Company offers or maintains; and/or

Updates in service provider arrangements.

Policy Version Number 1.07192018

Sign up

Keep up to date on RefundNote's products


We're hiring!
Join our talented team in San Francisco.

About RefundNote

RefundNote is working to provide Americans with access to automated, affordable and transparent tax services to benefit their financial future.