Trad.Fi

Privacy Policy

Welcome to Trad.fi, the online service of Tradfi Labs Inc. (“Trad.fi,” “we,” or “us”). Our Privacy Policy explains how Trad.fi and its affiliates collect, use, disclose, and protect information that applies to our digital lending and borrowing platform (the "Service"), and your choices about the collection and use of your information. If you do not want your information processed in accordance with this Privacy Policy in general or any part of it, you should not use our Service.

Information we collect

To deliver the best possible Service, Trad.fi may collect the following information:

  1. Information that you provide directly to us
    1. Trad.fi may collect certain information when you open an account, including your email address, phone number, residential and business addresses, business formation, ownership, structuring, or incorporation details, Social Security Number (SSN), banking information, business title or role, and date of birth. This information is required to meet our compliance obligations, perform identity verification, improve platform operations, and facilitate your use of our Services. If you choose not to provide the requested information, we may be unable to approve your account or grant you access to the platform.
  2. Information we receive from third-party applications
    1. We may receive information from third-party applications integrated into the operation of our Services, such as when you link a bank account via Plaid or authenticate through an OAuth provider. These third parties may transmit account details, access tokens, identity verification data, and other information you authorize for sharing in connection with their services. We use this information to support credit analysis and underwriting, strengthen fraud prevention, and enhance our internal models through algorithmic, machine learning, and artificial intelligence processes. This data is handled in accordance with our privacy and security standards and is not used for external marketing or sold to third parties.
  3. Information we receive from other third parties
    1. We may collect information from third parties relating to you or your business that you did not directly provide. This includes credit report information from consumer and/or commercial bureaus, data sharing consortia, know-your-customer (KYC), know-your-business (KYB), anti-money laundering (AML) information, and business information from our corporate affiliates.

      Such data will be applied to verify the correctness of account information to deter fraud, conform to regulatory requirements, improve or effect underwriting, and ensure proper due diligence within our Service.

      If you are not a Trad.fi user, we may have collected your information from social media platforms, our business network, data aggregators, or other data sources to contact you if we think Trad.fi applies to benefiting your business.

  4. Information we collect from you automatically
    1. We may collect information from you automatically, such as click-through data, heat maps, and general website activity data to assist in improving our online experience. This information may extend to other websites you visited Trad.fi from to assist in traffic source attribution related improvements.
  5. Cookies
    1. Trad.fi uses cookies and similar technologies to enhance user experience, analyze site traffic, and support the security and functionality of our platform. These cookies may collect information about your device, browser type, IP address, and interactions with our services to help us optimize performance and comply with regulatory obligations. We do not use cookies to serve third-party advertising, and we do not sell cookie-derived data to external parties. By continuing to use our platform, you consent to our use of cookies as described in this policy; you may adjust your browser settings to manage or disable cookies at any time.
  6. Log file information
    1. Trad.fi automatically collects log file information when you access our platform, including your IP address, browser type, operating system, referring URL, and timestamps of your interactions. We use this data to maintain the security and integrity of our services and to support operational analytics. Log file information is retained in accordance with our data retention policies (see “How long we keep your information”) and is not shared externally except as required by law or to protect our rights.
  7. Device identifiers and location data
    1. Trad.fi collects device identifiers, such as unique device IDs and hardware signatures, to help authenticate users and detect unauthorized platform access. This information is used solely for operational, compliance, and security purposes and is not sold or shared for advertising.

      We also collect location data to ensure proper lien filing, comply with regulatory restrictions, and ensure alignment with our operations. This information is collected at account creation, during loan application submission, and by inferring your location from your IP address.

Categories of processing

  1. Identity and Contact Information
    1. We collect identifiers such as name, email address, phone number, residential and business addresses, date of birth and government-issued identifiers (e.g., SSN) when you open a borrower or lender account. This data underpins identity verification, KYC/AML compliance, account maintenance, and communications regarding critical service updates. Lenders’ identity data is subject to manual AML review, while borrowers’ data is cross-verified via Plaid and credit bureau reports.
  2. Financial and Transaction Data
    1. Account credentials, bank account details, transaction history, and payment records are collected when you connect your bank via Plaid or transact on the platform and may be refreshed on an ongoing basis. We use this information to facilitate deposits, withdrawals, billing, general and account-specific credit underwriting, and the servicing of your credit facility. Credit decision-making (approval, line sizing, interest rate determination) may be automated through our proprietary models, subject to your right to request human review.
  3. Usage, Device and Log Data.
    1. Technical information (IP address, device identifiers, browser and OS data, referrer URLs and log files) is captured automatically to secure our platform, monitor fraud risks, optimize performance and investigate incidents.
  4. Third-Party and Credit Bureau Data.
    1. We receive credit and verification data from Experian (for borrower underwriting) and other service providers (e.g., Plaid for account linking). Such information is used solely for credit analysis, risk scoring, fraud detection and compliance with our legal obligations. This category also includes aggregate analytics used to improve system reliability, user experience and our rule-based and machine-learning algorithms.
  5. Legal, Compliance and Security Processing.
    1. We process personal information as required to comply with CCPA, litigation holds, audits and government inquiries. We also analyze data for anti-fraud, sanctions screening and other risk-management functions. All data is stored on U.S.-based cloud servers; transfers to third parties occur under standards that protect confidentiality and integrity.

Sharing your information

Trad.fi engages only trusted third-party service providers to support our platform operations, such as account funding, bank connecting, payment processing (including ACHq, Bridge.xyz, Circle, and Coinbase), hosting, analytics, underwriting, and customer communications, and we share only the minimum personal data necessary for them to perform those functions under strict contractual obligations consistent with our privacy and security standards.

We may disclose personal information to our corporate affiliates and accredited investors solely in connection with credit underwriting, fraud-detection measures, and the sale or repackaging of debt instruments; however, we exclude highly sensitive data (bank account details, credit bureau reports beyond score ranges, SSNs, home addresses, and phone numbers) from such disclosures. Trad.fi does not engage in any other “sale” of personal information under CCPA definitions and imposes explicit restrictions on secondary use or resale by our partners.

In the event of a merger, acquisition, financing, bankruptcy, or other corporate transaction involving Trad.fi (or any portion of our assets), we may transfer customer information as a business asset; in such cases, we will notify you via email and/or prominent notice on the platform of any material changes to our data-handling practices. We also share personal data when required by law or regulation and where legally necessary to enforce our agreements, protect our rights, or respond to a lawful process. In all instances, Trad.fi adheres to legal standards for confidentiality, data minimization, and security controls.

How we transfer, store, and protect your data

Trad.fi employs industry-standard technical and organizational safeguards via encryption of data in transit (TLS 1.2+) and at rest (AES-256), network firewalls, and role-based access controls to protect the confidentiality of your information. Access to personal data is restricted to authorized personnel and third-party processors under strict contractual obligations. We recommend that you choose a strong, unique password and require multi-factor authentication; you are responsible for safeguarding your credentials and for any activity originating from your account. Although we continually monitor and test our defenses, no system is impervious; in the event of a security incident affecting your data, we will notify you and relevant authorities promptly in accordance with applicable laws and regulatory requirements.

Your choices about your information

You can request access, correction or deletion of the data Trad.fi holds on you by contacting [email protected] although some information may not be deleted until outstanding loans, delinquencies, or defaults have been duly remedied. Some information must be retained to comply with regulatory requirements related to securities offerings and AML standards.

How long we keep your information

All information is retained for as long as is commercially reasonable and for as long as we maintain a valid purpose to do so. This includes model testing and validation as well as legal, compliance, archival, and audit purposes. For lenders and applicants to the Trad.fi investment service, information will be retained for a minimum period of 5 years from the date of last interaction with the Service.

External websites and services

Trad.fi is not responsible for the privacy or security practices of any external websites, platforms, or applications, even when accessible via links from our social media or Services, or for how those third parties collect, use, or disclose the information you provide to them. Your interactions with or through any third-party site, including integrations you authorize (for example, payment or document-sharing applications), are governed solely by that party’s terms and privacy policies. If you grant a third party access to your Trad.fi account or User Content, you do so at your own risk; Trad.fi does not control, endorse, or warrant any aspect of their operations or data handling. This Privacy Policy applies only to information collected directly by Trad.fi through the use of our Services.

Additional information for users in the United States

If you are a California resident, you have the right to request that Trad.fi disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business or commercial purposes for which we use it, and the categories of third parties with whom we share it. You may also request deletion of your personal information to the extent we are not required to retain it by law. Although Trad.fi does not “sell” personal information as defined under the CCPA, you have the right to opt out of any future disclosure of personal information that could constitute a sale; to exercise this right or any other CCPA entitlement, please contact us at [email protected]. We will not discriminate against you for exercising any CCPA right.

In the event of a security incident that compromises the confidentiality, integrity, or availability of your personal information, we will notify you and any applicable regulatory authorities “in the most expedient time possible and without unreasonable delay,” consistent with legal requirements. Notifications will be sent to the email address you have provided or by prominent notice on our platform, and will include details regarding the nature of the breach, the types of information affected, and the steps we are taking to remediate and prevent recurrence.

Our Services are not directed to anyone under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will promptly delete that information from our systems.

Changes to this policy

Trad.fi may revise this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material updates, we will post the revised policy on our platform with a new “Last Updated” date and, where appropriate, send you an email notification. Unless otherwise specified, changes will take effect 30 days after publication, and your continued use of our Services constitutes acceptance of the updated terms. We encourage you to review this policy periodically to stay informed about how we collect, use, and share your information.

Contact us

For questions, requests, or concerns about this Privacy Policy or your personal information, please contact our Privacy & Compliance team by email at [email protected]. You may also submit written inquiries or data‐subject requests to:

Data Protection Officer
Trad.fi Labs Inc.
1661 North Swan Road
Suite 100
Tucson, Arizona 85712

We strive to respond to all privacy‐related requests within 30 days, or within any shorter timeframe required by applicable law.