Last Updated: November 7, 2025

1. Introduction

FinQuantum Inc  (“we”, “our”, “us”) respects your privacy and is committed to protecting the personal information we collect in the course of our business-to-business (“B2B”) relationships.

This Privacy Policy explains how we collect, use, disclose, and protect personal data relating to professional contacts and business partners — including employees and representatives of mortgage brokers, lenders, and other institutions who use or interact with our technology and services.

Our products and services are provided exclusively to businesses operating in the mortgage and financial services industry. This Policy does not apply to individual mortgage borrowers or consumer clients except to the extent we process borrower/customer’s  Personally Identifiable Information (“PII”) strictly on behalf of our clients under their control.

2. Scope

This Policy applies to personal information collected through:
• Our websites, applications, and platforms;
• Communications with our staff (email, phone, events, support, or onboarding);
• Business development and marketing interactions;
• Account creation, client support, and service delivery processes.

It covers personal information processed in the context of our relationships with mortgage brokers, lenders, financial institutions, and related professional entities.

It also covers borrower or customer personal information collected by our clients through their applications, which we process strictly as a data processor under the instructions of our clients.

3. Information We Collect

We collect limited personal data about business contacts and platform users, including:
• Identity and Contact Information: name, job title, business email, business postal address, phone number.
• Professional Information: company name, role, licensing or registration identifiers (e.g., NMLS ID), professional credentials.
• Account and Access Data: login details, account usage records, and technical logs.
• Usage Data: IP address, browser type, session activity, and interaction data with our systems.
• Marketing and Communications Data: preferences, responses, or participation in events and webinars.
• Transactional Data: billing, payment, and contract details (as applicable).

We do not collect or process consumer borrower data for our own purposes. Any end-customer (borrower) data processed through our platform is handled strictly on behalf of our business clients, under their control, and governed by our Data Processing Addendum (DPA). We do not use such borrower/customer information for marketing, analytics, or any other independent purpose.

4. How We Use Personal Information

We process personal information for the following legitimate business purposes:
• Managing our business relationship with your organisation;
• Providing and supporting our products, technology, and services;
• Communicating service updates, account information, and operational notices;
• Managing billing, invoicing, and payment processing;
• Improving our products, systems, and client experience;
• Meeting legal, compliance, and audit requirements;
• Sending business communications, marketing updates, and event invitations (where permitted).

We do not sell or disclose your information or borrower/customer data to credit bureaus or third parties for their own marketing or profiling purposes.

5. Legal Basis for Processing

Where required under applicable data protection laws, we rely on one or more of the following legal bases:
• Performance of a contract with your organisation;
• Legitimate interests in maintaining and managing business relationships;
• Compliance with legal obligations;
• Consent, where explicitly obtained for certain communications or processing.

For borrower/customer PII, our legal basis is acting as a data processor under the instructions of our clients, who are the data controllers.

6. Sharing and Disclosure

We share personal data only when necessary and in accordance with applicable law:
• With service providers (e.g., hosting, CRM, IT support, analytics) who perform services on our behalf under confidentiality and data protection terms;
• With business partners or affiliates that assist in delivering or integrating our services;
• With professional advisers (e.g., auditors, accountants, legal counsel) under nondisclosure agreements;
• With regulatory or governmental authorities where required by law;
• In the event of a corporate transaction (e.g., merger or acquisition), under proper safeguards.

We do not sell, trade, or share your personal or business information, or borrower/customer data, with credit bureaus or any third party for independent marketing, credit scoring, or data resale purposes.

7. Data Processing Addendum (DPA)

When we process personal data on behalf of our business clients — such as information about mortgage applicants, borrowers, or related third parties — we do so strictly as a data processor under the documented instructions of the client, who acts as the data controller.

This processing is governed by a Data Processing Addendum (DPA) incorporated into our client agreements. Our DPA sets out the following key principles:
• We process client data solely for the purpose of providing our contracted services.
• We maintain appropriate technical and organisational security measures to protect that data.
• We do not sell, transmit, or provide any personal data — including borrower or application data — to credit bureaus, data aggregators, or other third parties.
• We support our clients in fulfilling their own legal obligations under data protection laws (e.g., data subject requests, security notifications, or audits).
• Upon termination of services, we securely return or delete all personal data in accordance with the DPA and applicable law.

Clients may request a copy of our current Data Processing Addendum by contacting us at the address below.

8. U.S.-Based Data Processing

All personal data we process is stored and managed within the United States. We maintain appropriate safeguards to protect personal information in accordance with applicable U.S. law.

9. Data Retention

We retain business contact and account data only as long as necessary to fulfil contractual, legal, or regulatory requirements, or to maintain an ongoing business relationship.

Borrower/customer PII processed on behalf of clients is retained only as instructed by the client and in accordance with the DPA.

When retention is no longer required, data is securely deleted or anonymised.

10. Data Security

We employ administrative, technical, and organisational safeguards to protect personal information against unauthorised access, disclosure, alteration, or destruction. Access is restricted to authorised personnel who require the data for legitimate business purposes.

These safeguards apply equally to borrower/customer PII processed on behalf of clients, in compliance with all applicable regulations.

11. Marketing Communications

We may send relevant updates, newsletters, or invitations to professional contacts.
You can opt out of marketing at any time by following the unsubscribe link in our communications or by contacting us directly.

We do not sell marketing lists or share contact information — including borrower/customer data — with third parties for their independent promotional use.

12. Your Rights

Depending on your jurisdiction, you may have the right to:
• Access a copy of your personal data;
• Request correction or deletion of personal data;
• Object to or restrict certain processing;
• Withdraw consent (where applicable);
• Lodge a complaint with your data protection authority.

Personal information collected on behalf of our clients (e.g., mortgage applicants or borrowers) is processed strictly under client control. Requests regarding such data should be submitted to the client; we will cooperate with client instructions as required under applicable law.

Requests for your own personal/business information can be submitted to the contact details below. We may verify your identity before processing such requests.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.

The “Last Updated” date above indicates the most recent version. Material updates will be communicated to clients or partners as appropriate.

14. Contact Us

If you have questions about this Privacy Policy or our Data Processing Addendum, please contact us at: contact@finquantuminc.com.