Privacy Policy

Effective Date: March 3, 2026

1. Introduction

SerraFi respects your privacy and is committed to protecting it through our compliance with this Privacy Policy and applicable privacy laws and regulations. This policy describes how we collect, process, use, retain, protect, and disclose Personal Information about you when providing services to you through the SerraFi Services. In this Privacy Policy, "SerraFi," "we," "our," or "us" refer to SerraFi, Inc. and its affiliates, and "you" and "your" refer to the business and the business's users applying for or using SerraFi Services.

SerraFi Services are intended for use by business customers and are not intended for personal, family, or household use. SerraFi Services may be integrated with certain Third-Party Service Providers. The privacy policies of these Third-Party Service Providers will govern their collection, use, disclosure, and processing of personal data. SerraFi is not responsible for the privacy practices of Third-Party Service Providers, and users should review their privacy policies separately.

Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with SerraFi Services or providing us with information, you acknowledge that you have read and understood this privacy policy and consent to the collection, use, and sharing of your information as described herein. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the SerraFi Services after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates.

2. Definitions

Unless otherwise specified, defined terms in this Privacy Policy include both the singular and plural forms of such terms.

"Personal Information" means the information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information (for example, your credit card number, social security number, financial account information, transaction data, business identification numbers, tax identification numbers, business formation documents, credit information, real-time financial accounting information, linked account information, and any other identifier we may use to contact you online or offline).
"SerraFi Services" means the platform, services, applications, products, and websites that link to this policy and provided by SerraFi and its affiliates, subsidiaries, and Third-Party Service Providers.
"Third-Party Service Provider" means the service provider whose products or services are used in connection with the SerraFi Services. Third-Party Service Providers include sponsor banks and financial institutions that provide the financial services and products included in SerraFi Services.

3. Applicability of Policy

This policy applies to certain Personal Information we collect:

Through the SerraFi Services;
In communications, including email, text, chat, and other electronic messages, between you and SerraFi or when you use the SerraFi Services; and
When you interact with our advertising and applications (including mobile apps) on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

Us through any other means, including on any other website operated by SerraFi, our affiliates and subsidiaries, or any other third parties, that do not link to or are covered by this policy; or
Our affiliates and subsidiaries and any other third party, including through any application or content (including advertising) that may link to or be accessible from or through the SerraFi Services.

If you wish to exercise your rights regarding information that are not covered by our Privacy Policy, you should contact the entity that collected such information for assistance. If we receive a request intended for another third party, we will attempt to forward communications we receive from you to that entity for resolution. SerraFi is not responsible for the privacy practices of these third parties, which may differ from those in our Privacy Policy.

4. Collection of Personal Information from Persons Under the Age of 18

The SerraFi Services are not intended for, and we do not knowingly collect any personal data from, persons under the age of 18. If we learn we have collected or received Personal Information or any other data or information from a person under 18 years old without verification of parental consent, we will promptly delete that information, unless retention is required by law. If you believe we have inadvertently collected information from a person under 18, please contact us immediately at 1-888-737-7234.

5. Personal Information that We Collect or Process

The types and categories of Personal Information we collect or process may include:

Account and contact information, including name, home address, work address, email address, phone number, and other contact information you provide us;
Payment information, including credit card or debit card information, bank account information, bank routing numbers, and information about the payment methods and services you use in connection with the SerraFi Services, as well as information about linked financial accounts including account names, transactions, transaction history, and account balances of those accounts;
Account history and other transaction data, including information about your subscription, account, transactions, purchases, order history, payment history, financial activity, purchase activity, discounts, and any linked account transactions or balances;
Location data, including general geographic location and precise geolocation data, if you have enabled and consented to location information collection;
Device information, including your IP address, device identifiers, operating system and settings, hardware identifiers, browser type and settings, and other device information;
Content and information you elect to provide as part of your profile or in any reviews you make through the SerraFi Services or emails, chats, or other communications sent to us;
Images, voice recordings, and/or videos collected or stored in connection with the SerraFi Services, if you have consented to such information collection.
Identity document information, such as Social Security numbers, tax identification numbers, business identification numbers, and driver's license numbers. We may also collect information about business formation, including state of incorporation, organizational documents, and information about authorized representatives and beneficial owners.

Some of the information identified above may be considered sensitive data under certain laws. If required under applicable law, we will collect and process sensitive Personal Information only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.

We also collect certain usage data and technical information, which include deriving non-personal statistical or aggregated data from Personal Information that does not directly identify a specific person. Technical information also includes information about your internet connection and usage details about your interactions with the SerraFi Services, such as clickstream information to, through, and from the SerraFi Services (including date and time), products that you view or search for; page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.

If we combine or connect non-personal statistical or technical data with Personal Information so that it directly or indirectly identifies an individual, we treat the combined information as Personal Information.

6. How We Collect Your Personal Information and Other Data

A. Personal Information You Provided to Us Directly

We collect information about you when you interact with the SerraFi Services, such as when you apply for the SerraFi Services and complete account opening and onboarding activities, link external financial accounts or authorize access to third-party financial data, participate in surveys, sweepstakes, contests, or promotions, or undergo identity verification procedures.

B. Automatically Through the SerraFi Services

As you navigate through and interact with the SerraFi Services, we may use automatic data collection technologies to collect information. Information collected automatically may include Personal Information, usage details, IP addresses, operating system, and browser type, and other information collected through cookies, web beacons, and other tracking technologies including details of your interactions with the SerraFi Services, such as traffic data, location data, logs, and other communication data, and which resources and SerraFi Services features that you access and use.

Using automatic collection technologies helps us to improve the SerraFi Services and to deliver a better and more personalized experience. We may use these automatic collection technologies to collect information about your online activities over time and across third-party sites or other online services (behavioral tracking).

The technologies we use for this automatic data collection may include:

Cookies. A cookie is a small file placed on your device when you interact with the SerraFi Services. Cookies, depending on their type, make it easier for you to navigate websites, help to personalize your experience, remember your preferences, and maintain security features.
Web Beacons. Some parts of the SerraFi Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit SerraFi, for example, to count users who have visited those parts or opened an email and for other related statistics.

To the extent any of these automated technologies are considered targeted advertising, or profiling, under applicable laws, depending on where you live, you may opt out from use of these automated technologies for such uses by selecting the appropriate setting on your browser or device. Please note that some Services features may be unavailable as a result.

When you interact with the SerraFi Services, there are third parties, which may or may not include Third-Party Service Providers, that may use automatic collection technologies to collect information about your or your device. These third parties may include advertisers, ad networks, ad servers; analytics companies; your device manufacturer; and your internet or mobile service provider.

These third parties may use tracking technologies to collect information about you when you use the SerraFi Services. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites, apps, platforms, and other online services.

They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control and are not responsible or liable for these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

C. From Third-Party Service Providers and Other Data Sources

We may receive Personal Information and other data and information about you from other sources and combine that with the information we collect directly from you. For example, we may obtain information about you from Third-Party Service Providers that we engage to perform services on our behalf. We may also receive information from public sources, advisors, introducers, referrers, brokers, and other reporting organizations or exchanges that serve the financial services industries. We also may receive Personal Information from business partners that we engage to share consumer information with us, including your personal preferences and demographic information so that we can better provide you with a personalized experience.

7. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Information, to:

Provide you with the SerraFi Services and any contents, features, information, products, or services that we make available through the SerraFi Services. This includes fulfilling and managing accounts, applications, payments, and transactions, assessing creditworthiness and ability to make payments, verifying your identity, preventing fraud and unauthorized activity, conducting research and risk analyses, and complying with anti-money laundering and other banking laws and regulations;
Improve the SerraFi Services, including by analyzing your information and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on the SerraFi Services and their features and how users interact with them;
Promote the SerraFi Services, business, and offerings by publishing advertising on our own Services. We may use your information to model, segment, target, offer, market, and advertise the SerraFi Services. We may also use your information to contact you about goods and services that may be of interest to you. If you do not want us to use your information in this way, please adjust your user preferences in your account profile or by contacting us. Please note that even if you opt out of marketing communications, we will still send you transactional and relationship messages regarding your account and the SerraFi Services;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
Send communications, alerts, and other information to you, including notifying you when SerraFi Services updates are available and about changes to any products or services we offer or provide though them;
Provide customer service including helping to identify and troubleshoot any issues with your account and answer your questions;
In any other way we may describe when you provide the information; and
Fulfill any other purpose for which you provide it or for any other purpose with your consent.

The usage information we collect, whether connected to your Personal Information or not, helps us improve the SerraFi Services and deliver a better and more personalized experience by enabling us to:

Estimate our audience sizes and usage patterns;
Store information about your preferences, allowing us to customize the SerraFi Services according to your individual needs and interests;
Speed up your searches; and
Recognize you when you return to the SerraFi Services.

8. International Transfers

The SerraFi Services and the purposes for which your Personal Information is processed may cause your Personal Information to be processed and/or stored outside of your country of residence, including the United States. The locations to which your Personal Information is transferred may have different privacy protections than those in your jurisdiction of residence.

By supplying your Personal Information to SerraFi either directly or indirectly, you consent to your information being transferred across international borders to SerraFi and its affiliates, Third-Party Service Providers, and other agents. Other outside contractors we engage are subject to our contractual requirements for safeguarding Personal Information.

9. Who We Disclose Your Information To

We may disclose Personal Information that we collect, or you provide as described in this privacy policy:

To our subsidiaries and affiliates.
To Third-Party Service Providers and other contractors, service providers, financial service providers, banking partners, payment processors, and third parties we use to provide the SerraFi Services to you. These may include identity verification services, fraud prevention services, credit reporting agencies, and other entities that support the financial services we provide. These parties are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of SerraFi's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by SerraFi is among the assets transferred.
To law enforcement, government authorities, or other third parties when required by law, legal process, or to comply with regulatory obligations; to protect the rights, property, or safety of SerraFi, our users, or others; to enforce our terms and conditions; or to prevent fraud or illegal activity.
To third parties to market their products or services to you if you have consented to or did not opt out of these disclosures. We contractually require these third parties to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. You may withdraw your consent at any time by contacting us.
To fulfill the purpose for which you provide it.
For any other purpose disclosed by us when you provide the information and/or with your consent.

We may also disclose your Personal Information:

To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
To enforce or apply our Platform Agreement and other agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

The categories of Personal Information we may disclose include:

Account and contact information.
Payment information including linked account information.
Account history and transactional information, including information about your subscription, account, transactions, payment history, or linked account activity.
Demographic information, including employment information.
Location information, including general geographic location and precise geolocation.
Device information.
Content and information you elect to provide to us.
Images, voice recordings, and videos collected or stored in connection with the SerraFi Services, if you have consented to such information collection.
Identity document information, including Social Security numbers, tax identification numbers, business identification numbers, and driver's license information.
Biometric information.

We may use and disclose anonymized and aggregated information about our users without restriction, as permitted by law.

10. Your Rights and Choices About Your Information

This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.

Cookies and Other Tracking Technologies. You can set your browser to refuse all or some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" ("DNT") setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Currently, there is not a common understanding of how to interpret the DNT signal. Therefore, the SerraFi Services will not respond to any DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this Privacy Policy.
Global Privacy Control ("GPC"). Some browsers and browser extensions support the GPC that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.
Mobile Operating Systems Controls. We may use Google Analytics (or third-party web analytics services) to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may opt out at: https://myadcenter.google.com/personalizationoff?hl=en.
Google Analytics and Targeted Advertising. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.
Promotions by SerraFi. If you do not wish us to use your information to promote our own or third parties' products or services, you can opt out by changing your preferences in your browser or device. You can also opt out by sending us an email stating your request to unsubscribe@serrafi.com.
Targeted Advertising by SerraFi. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target audience preferences, you can opt out by changing your preferences in your browser or device. For this opt out to function, you may need to have your browser set to accept all browser cookies.
"Sale" or "Sharing" or Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal data with unaffiliated or non-agent third parties for advertising and marketing purposes, you can opt out by changing your preferences in your browser or device. You can also opt out by sending us an email stating your request to unsubscribe@serrafi.com. We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. This includes opting out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") and/or Digital Advertising Alliance ("DAA"), including adding the NAI GPC browser extension (instructions are available at: https://thenai.org/how-to-opt-out/) and/or adding the DAA browser extension (instructions are available at: https://optout.aboutads.info).
We may record audio or video in connection with sales or support calls and meetings to help us operate, manage, and improve our Business. You will be notified prior to a recording, and if you want to opt out of or don't want to opt in to the recording, as the case may be, you should follow the instructions presented in the notice.

SerraFi does not control these third-party opt-out links or mechanisms or whether any particular company chooses to participate in these third-party opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. We are not responsible for any loss of functionality of the SerraFi Services that result from your decision to opt out.

11. Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your Personal Information and other information and data we collect from you. The exact scope of these rights varies by state. There are also several exceptions where we may not have an obligation to fulfill your request. These rights include:

Access and Data Portability. You may confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request.
Correction. You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.
Deletion. You may request that we delete personal data about you that we maintain, subject to certain exceptions under applicable law.
Opt Out of Using Personal Information for Targeted Advertising, Profiling, and Sales. You may request that we do not use your personal data for these purposes.

To exercise any of these rights, please submit a request by emailing help@serrafi.com with "Privacy Rights Request" in the subject line and include: (1) your full name; (2) your email address or other contact information associated with your account; (3) the specific right you wish to exercise; and (4) sufficient information to allow us to verify your identity. We will respond to your request within the timeframe required by applicable law. In certain jurisdictions, you may have the right to appeal a decision we've made in response to your request. To appeal such a decision, please submit an email to help@serrafi.com with the subject line "Privacy Request Appeal" and include information relevant to the appeal and the original request reference number if available.

12. How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical safeguards designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. These safeguards include physical access security, administrative security measures, data encryption, firewalls, and other appropriate security technologies to protect financial and sensitive information. We review and enhance our security systems as necessary. We offer users multi-factor authentication which is designed to protect accounts, and we encourage you to enable and use this added protection. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the SerraFi Services. In particular, email, texts, and chats sent to or from the SerraFi Services may not be secure, and you should carefully decide what information you send to us via such communications channels. You are solely responsible and liable for the transmission of personal data to the SerraFi Services.

The safety and security of your information also depends on you. You are solely responsible and liable for taking steps to protect your personal data against unauthorized use, disclosure, and access.

13. How We Retain Your Personal Data

We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the SerraFi Services, operating our organization, complying with our legal obligations (including financial recordkeeping and reporting requirements), resolving disputes, and for safety, security, and fraud prevention. For financial and transactional data, we may be required to retain certain information for specific periods under applicable financial services laws and regulations. At the end of the retention period, personal data will be deleted, destroyed, or deidentified.

14. Biometric Information and Retention Policy

This Biometric Information and Retention Policy applies to any individuals about whom we have collected biometric data in connection with our identity verification features and services. "Biometric information" includes "biometric identifiers" and "biometric information" as defined under applicable federal, state, and local laws governing the collection and processing of biometric information.

When you apply for or access certain features of the SerraFi Services, we may ask you to submit (or we may ask your permission to take) a photograph of you and an image or photo of your government-issued identification document (such as your driver's license, state identification card, or passport). We, and our Third-Party Service Providers who assist us under contract in performing identity verification procedures, may use facial recognition technologies to match your photo to your government-issued identification. Facial recognition technology involves the processing of biometric information about the unique features of your facial geometry to perform the verification.

We and our Third-Party Service Providers will only use your biometric information to provide the SerraFi Services. It is our policy to protect, use, transmit, store, and destroy your biometric information in accordance with applicable laws and by using appropriate technical and organizational measures that are the same as or more protective than the manner in which we protect, use, transmit, and store other confidential and sensitive information. We will only disclose your biometric information to other entities with your consent, or where required by applicable law, including in response to legal process (such as a subpoena or warrant).

We and our Third-Party Service Providers will retain your biometric information only until the first of the following occurs: (1) the initial purpose for collecting or obtaining your biometric information has been satisfied; or (2) within three (3) years of your last interaction with us.

Following this timeframe, we and our service providers will delete and permanently destroy your biometric information.

15. Changes to Our Privacy Policy

We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the "last updated" date and posting the updated policy on the SerraFi Services. We may email or otherwise communicate reminders about this policy, but you should check the SerraFi Services periodically to see the current policy and any changes we have made to it. If we make material changes to this Privacy Policy, we will use commercially reasonable efforts to provide you with notice as appropriate under the circumstances, such as by displaying a prominent notice within the SerraFi Services or by sending you an email. Your continued use of the SerraFi Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

16. Notice to Residents in California

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), requires us to provide you with the following additional information about:

The purpose for which we use each category of Personal Information we collect; and
The categories of third parties to which we:
- Disclose such Personal Information for a business purpose,
- "Share" Personal Information for "cross-context behavioral advertising;" and/or
- "Sell" such Personal Information.

Under the CCPA, "sharing" is defined as the targeting of advertising to a consumer based on that consumer's Personal Information obtained from the consumer's activity across websites, and "selling" is defined as the disclosure of Personal Information to third parties in exchange for monetary or other valuable consideration. Our use of third-party analytics services and online advertising services may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a "sale" or "sharing" under the CCPA.

For more information about each category of personal information, purpose of use, and third parties to which we disclose personal information, please see the "Personal Information that We Collect or Process," "How We Collect Your Personal Information and Other Data," "How We Use Your Information," and "Who We Disclose Your Information To" sections of our Privacy Policy.

Your Choices Regarding "Sharing" and "Selling": You have the right to opt out of our sale/sharing of your personal information for purposes of online advertising and related activities.

If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives.

The CCPA also allows you to limit the use or disclosure of your "sensitive personal information" (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.

Please see the "Your Privacy Rights" section of our Privacy Policy above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.

The California "Shine the Light" law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.

17. Contact Us

If you have any questions about this Privacy Policy, you want to make a complaint regarding any breach of your privacy by us, or you want to correct or update your Personal Information in our possession, you may contact us by sending an email to help@serrafi.com.