💡 Summary #
Your privacy and security are central to how Factor & Fund operates.
We handle sensitive financial and business data every day, and we protect it using bank-grade encryption, secure storage, and strict access controls in compliance with California DFPI, CCPA, and federal data protection laws.
⚙️ Our Data Protection Framework #
1. Encrypted Data Transmission #
All documents and data submitted through our portal or email system are protected using SSL/TLS 256-bit encryption — the same level of security used by major financial institutions.
- Protects data in transit from interception or tampering.
- Ensures all uploads and digital signatures are fully secure.
🟦 You’ll always see “https://” in our URLs — confirming encrypted connections.
2. Secure Storage Infrastructure #
- Files are stored in encrypted cloud servers with multi-factor authentication.
- Access is restricted to authorized compliance and underwriting staff only.
- Every login, edit, or download is automatically logged for audit purposes.
- No data is stored on personal devices or shared across external systems.
💡 We use professional-grade security protocols — not consumer-level tools.
3. Controlled Document Access #
- All uploads through our portal are tagged by client name and timestamped.
- Documents are locked once verified — they can’t be altered or deleted.
- Sharing permissions are managed internally to prevent unauthorized access.
- After account closure, your files are archived securely for compliance retention only.
4. Data Retention & Deletion #
We retain your data only for as long as legally required.
- Under California DFPI and UCC law, transaction records are held for 7 years for audit purposes.
- After that, all digital files are securely deleted or anonymized.
- Upon written request, non-required documents can be deleted sooner.
✅ We never sell, rent, or share your information with third parties.
5. E-Signature Security #
All agreements are executed via DocuSign or equivalent encrypted e-sign platforms.
Each document includes:
- Timestamped audit trail
- IP tracking for signers
- Tamper-proof digital certificate
This ensures authenticity and legal enforceability under ESIGN and UETA acts.
6. Compliance Standards We Follow #
| Standard / Regulation | Purpose |
|---|---|
| CCPA | California Consumer Privacy Act – data rights and privacy. |
| DFPI | State financial compliance and data handling oversight. |
| GLBA | Gramm-Leach-Bliley Act – protects consumer financial data. |
| UCC Article 9 | Regulates secured transactions and data handling in finance. |
🧩 Client Responsibility #
To maintain full security:
- Only use your official company email for submissions.
- Never share login credentials with unauthorized staff.
- Report any suspicious emails or upload requests immediately.
- Always verify emails come from an official @factorandfund.com address.
✅ Our Promise #
- Your business data stays private, encrypted, and protected.
- No unauthorized sharing or cross-marketing.
- Full transparency and compliance with all applicable laws.
- Dedicated support if you have any privacy or security concerns.
❓ FAQ #
Is my information shared with my buyers?
Only the details necessary for verification (e.g., invoice numbers or NOA notices) — never your financial documents.
Do you store my credit card or bank login details?
No. We only store static business banking information for funding and ACH purposes.
Can I request deletion of my records?
Yes. After your account is closed and all legal retention periods expire, you can request data deletion.
