Private Policy

This Privacy Policy explains how RightLenderMatch.com (“RightLenderMatch“, “we“, or “us“) collects, uses, discloses, and protects your personal information when you use our website and services. We are committed to maintaining your trust and confidence, and we want you to understand how your data is handled and what rights you have regarding your information. This policy is designed to be thorough, transparent, and accessible to all users, and it addresses our data practices and your privacy rights under various laws and jurisdictions. By using RightLenderMatch.com, you agree to the practices described in this Privacy Policy.

We encourage you to read this Privacy Policy carefully. If you have any questions or need further information, please contact us through our online Contact Form. We are here to help and to ensure that you feel confident in how we safeguard your privacy.

Effective Date: May 1, 2025. This Privacy Policy may be updated from time to time (see the “Changes to This Privacy Policy” section below). We will post any changes on this page and indicate the date of the latest revision. Continuing to use our services after a revised policy is posted signifies your acceptance of the changes.

Information We Collect

We collect various types of information from and about users of our website. This includes information you provide directly, information we collect automatically through technology (such as cookies and similar tracking tools), and information we may receive from third parties. Below we outline the categories of personal information we collect:

  • Personal Identifiers and Contact Information: When you use RightLenderMatch, you may provide personal details such as your name, email address, postal address, phone number, and other contact information. For example, if you fill out a form to request loan offers or create an account, we will collect information like your full name and contact details.

  • Financial and Loan-Related Information: To match you with appropriate lenders or offers, we might ask for information related to your financial situation or loan needs. This could include data such as your income, employment status, credit score range, desired loan type or amount, property value or mortgage details (for home loans), or other financial details that you choose to provide. We only collect this information if you voluntarily submit it as part of using our services.

  • Demographic Information: In some cases, we may collect demographic details such as your age, date of birth, residence, or household information, especially if relevant to loan qualification or required by a lender. We do not ask for sensitive characteristics (like race, ethnicity, religion, or health status) unless necessary for a specific service and with appropriate consent or legal basis.

  • Government Identifiers (Limited): Generally, RightLenderMatch.com does not require sensitive government-issued identifiers like Social Security numbers or driver’s license numbers just to use our site. However, if such information becomes necessary (for example, if a particular lender requires it during the loan pre-qualification process), we will only collect and process it with your explicit submission and consent. We treat such sensitive information with enhanced security and only use it for the purposes for which it was provided.

  • User Communications and Submissions: If you communicate with us (for example, via customer support inquiries, emails, or the contact form on our site), we will collect and retain the information you provide in those communications. This may include your contact information and the content of your message, and any other information you choose to provide when contacting us. We use this information to respond to you and to improve our services.

  • Device and Usage Information: Like most websites, we automatically collect certain information about your device and how you interact with our site. This may include your IP address, browser type, device type (e.g., mobile or desktop), operating system, unique device identifiers, and general location information (such as city or region, which we infer from your IP address). We also gather details about your usage of our site, such as the pages or content you view, the dates and times of your visits, the features you use, the links or advertisements you click, and the webpage that referred you to our site. This information helps us understand how our website is being used and enables us to optimize our user experience.

  • Cookies and Tracking Technologies Data: We and our third-party partners use cookies, web beacons, pixels, session replay tools, and similar tracking technologies to collect information about your browsing actions and preferences over time and across our site. For example, cookies allow us to remember your preferences, keep you logged in, and understand which parts of our site are popular. We may collect analytics data (such as through Google Analytics or similar tools) about how users navigate our site, which helps us improve design and content. Our Cookies and Tracking Technologies section below provides more detail on our use of these technologies and your choices.

  • Information from Third Parties: We may receive personal information about you from third parties in the course of our business. For example, if you click on an advertisement for RightLenderMatch on a third-party site and are directed to our site, we might receive information that you came from that third-party. If we partner with credit bureaus or financial service partners, we might, with your authorization, obtain information such as credit reports or verification of certain data to facilitate matching you with lenders. Additionally, if you interact with our social media pages or interact with us through a third-party platform, the social media platform may share certain information with us as governed by their privacy policies and your account settings.

  • Aggregated or De-Identified Data: We also collect, use, and disclose information in aggregate or de-identified form, which cannot reasonably be used to identify you. For example, we may compile statistics about how many users in a certain city are looking for home loans, or we may aggregate usage data to identify trends. This policy does not restrict our use or disclosure of aggregated or de-identified information, because it is not considered personal information under applicable laws.

We collect the above information for the purposes described in the “How We Use Your Information” section below. In all cases, we seek to collect only what we need to provide our services and to operate our business, as outlined in this policy. If we ask for optional personal information, we will make clear that it is optional and you can choose not to provide it.

How We Use Your Information

We use the personal information we collect for various business and operational purposes in order to provide our services to you, improve our offerings, and comply with legal obligations. The purposes for which RightLenderMatch.com uses your information include:

  • Providing and Personalizing Our Services: We use your information to operate the RightLenderMatch service and to match you with lenders or financial products that may be suitable for you. For example, we use the financial and loan-related information you provide to identify potential lenders from our network who may offer loans that meet your needs. We may also personalize your experience on our site, such as by tailoring the content, search results, or recommendations you see. This can include remembering your preferences, such as saved searches or preferred loan types, so we can present you with more relevant options.

  • Communication and Responding to Requests: We use contact information (like your email address and phone number) to communicate with you about your use of our services. This includes sending service-related messages such as confirmations, reminders, status updates on loan matches, or responses to inquiries you send us. If you contact us via email or the contact form, we will use the information you provided to respond to you. We may also send you informational newsletters, updates, marketing communications or promotional offers about our services or our partners, but you will have the ability to opt out of such marketing communications as described below.

  • Facilitating Transactions and Partner Services: If you decide to pursue a loan offer through a lender match we provide, we will use your personal information to connect you with the appropriate lender or partner and to assist in the process. This may include sharing necessary information with that lender (with your consent or at your direction) so they can process your application or inquiry. We use your data to ensure that when you request a rate quote or pre-qualification, the relevant partners receive accurate information to provide you with a quote or service.

  • Advertising and Marketing: We may use your information to provide you with advertisements or marketing about services that we believe could be of interest to you. This can include showing you ads on our own site or on third-party platforms (such as social media or other websites) that are tailored to your interests, which is often called interest-based or behavioral advertising. For instance, if you searched for mortgage lenders on our site, we might later show you a related advertisement for home loan offers. We may also use cookies and tracking technologies to measure the effectiveness of our ads and to reach users with relevant messages. (See the “Behavioral Advertising” section below for more details on our use of data for advertising.) If required by law, we will obtain your consent before sending marketing communications or engaging in certain advertising practices.

  • Analytics and Product Improvement: We analyze how users interact with our website and services to understand what is working well and what could be improved. For example, we examine aggregate usage data and metrics (like how many users visit a certain page, or how users navigate the site) to identify trends and preferences. This information helps us troubleshoot issues, develop new features, and refine the user experience. We may also conduct surveys or solicit feedback from you to understand your needs and expectations. All of this is aimed at making RightLenderMatch more useful and effective for our users.

  • Security and Fraud Prevention: We use information (including device and usage data) to maintain the security of our website, systems, and users. This includes detecting, investigating, and preventing fraudulent transactions, spam, abuse, or other malicious activities. For example, we may use IP addresses and other identifiers to identify potential fraudsters or bots, and we may use activity logs to verify that accounts are being used legitimately. If we detect security incidents or attempts to compromise our systems, we will use relevant data to mitigate and prevent such incidents.

  • Legal Compliance: We may use your personal information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For instance, we might retain certain transaction records to meet financial reporting or audit requirements, or use your data to respond to a subpoena or defend against legal claims. If you exercise privacy rights under any law (such as requesting access or deletion of your data), we will use your information to verify your identity and fulfill your request as required by law.

  • Enforcement of Our Policies and Rights: We also use information as necessary to enforce our Terms of Service or other agreements, to detect or investigate violations, and to protect the rights and safety of our users, our partners, or others. For example, if we suspect that someone is misusing our platform or violating laws, we may analyze their usage data to confirm and take appropriate action.

  • Other Purposes with Consent: If we intend to use your personal information for a purpose that is not listed in this Privacy Policy, we will explain that purpose to you at the time of collection and, if required, obtain your consent. We will not use or disclose your personal information in ways that are incompatible with the purposes described above without updating this Privacy Policy or obtaining additional consent as appropriate.

In summary, we collect and use personal information only as needed for legitimate business purposes or as required by law. We take steps to ensure that our processing of your data is consistent with the context in which it was collected, and that we have a valid legal basis (such as your consent, performance of a contract, compliance with a legal obligation, or our legitimate interests) for each use of personal information. We do not use your data for fully automated decision-making that has legal or similarly significant effects without human involvement, unless explicitly allowed by law and with your knowledge.

How We Share Your Information

We do not sell your personal information to data brokers or mass marketers for monetary compensation. However, in the normal course of providing our services, we do share certain personal information with third parties for the business and legal purposes described below. When we disclose information, we do so in accordance with applicable privacy laws and with appropriate safeguards in place. The categories of third parties with whom we may share your information include:

  • Lending Partners and Financial Institutions: A core part of RightLenderMatch’s service is to connect you with lenders or financial partners who may offer the loans or products you’re looking for. With your permission (for example, when you submit a request or application through our platform), we share relevant personal information with selected lenders, brokers, or financial institutions so they can evaluate your request and provide tailored loan offers or services. The information shared can include the details you provided about yourself and your loan needs (such as your contact information, desired loan amount, income, credit range, etc.). These third-party lenders will use your information to process your inquiry or application in accordance with their own privacy policies. We only share with those partners necessary data to fulfill your requests, and we contractually require partners to protect your information and use it only for providing you with their services.

  • Service Providers (Processors): We employ trusted third-party companies and individuals to perform functions on our behalf and to assist us in operating our website and delivering our services. These service providers may include hosting and cloud infrastructure providers, data analytics companies, customer support tools, email service providers, advertising networks, payment or billing processors (if applicable), and other IT or security service providers. We share information that is necessary for them to perform their services for us. For example, we may use a cloud storage provider to store data, an email platform to send out communications, or analytics providers to analyze site usage. These service providers are contractually bound to keep personal information confidential and to use it only for the purposes of providing their specific services to RightLenderMatch.

  • Advertising and Marketing Partners: We may share certain limited information with third-party advertising networks, social media companies, or marketing partners to help us with our advertising efforts. For example, we might upload a list of customer email addresses (in a secure, hashed format) to a social media platform to create a “custom audience” for RightLenderMatch advertisements. Similarly, if we run a joint marketing campaign with a business partner, we might share information (like your name, contact details, or interest in a particular loan product) to ensure you receive relevant messaging. These partners are also expected to protect your data, and any such sharing will be done in compliance with applicable laws (for instance, we will obtain consent for sharing where required by certain state laws or international laws). You have choices regarding how your data is used for advertising – see the “Behavioral Advertising” section for opt-out information.

  • Affiliates and Corporate Group: If RightLenderMatch.com is part of a corporate family or if we have affiliate companies under common ownership or control, we may share your information within that corporate group. This can help us streamline services or provide you with a seamless experience across related services. For instance, if RightLenderMatch expands into related financial services through an affiliate, we might share basic customer information with that affiliate to simplify your onboarding to a new service (subject to applicable legal requirements). Any affiliated entities will honor the commitments made in this Privacy Policy or provide you with notice and choice if their practices differ.

  • Business Transfers: In the event that we consider or undergo a merger, acquisition, reorganization, sale of assets, bankruptcy, or other corporate transaction, your personal information may be disclosed to or transferred to the relevant third-party acquirer or successor entity as part of that transaction. We would seek to ensure that any such party is bound to respect your personal information in a manner consistent with this Privacy Policy. You will be notified via a prominent notice on our website or via email (if we have your contact info) of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information in such an event.

  • Legal Compliance and Protection: We may disclose your information when we believe disclosure is necessary or appropriate to: (a) comply with applicable law, regulation, subpoena, or legal process (for example, responding to a court order or a request from a government regulator); (b) enforce or apply our Terms of Service and other agreements, including for billing and collection purposes; or (c) protect the rights, property, or safety of RightLenderMatch, our users, our employees, or others. This can include exchanging information with other companies and organizations for fraud protection and credit risk reduction. If we receive requests for user information from law enforcement or regulators, we will carefully review them and only provide the necessary data when required by law.

  • With Your Consent or At Your Direction: In addition to the scenarios above, we may share your personal information with third parties if you request or direct us to do so, or if you otherwise consent to such sharing. For example, if you ask us to connect you with a particular third-party advisor or program, we will share information as needed to fulfill your request. Similarly, if we ever want to share your information for a new purpose not covered by this Privacy Policy, we will obtain your consent before doing so.

We want to reassure you that we do not sell personal information to third parties for monetary gain, and we do not share personal information with unaffiliated third parties for their own direct marketing purposes, unless you have given us permission. Any sharing of personal information is done with care and only as outlined above. If in the future our sharing practices change, we will update this Privacy Policy and notify you as required by law, and we will honor your choices regarding your data.

Cookies and Tracking Technologies

Cookies and similar tracking technologies help us provide, protect, and improve our services. Here we explain what these technologies are, how we use them, and what options you have.

What Are Cookies? Cookies are small text files that websites place on your device (computer, smartphone, etc.) when you visit. Cookies contain information that can later be read by the website that placed them or, in some cases, by other websites. Cookies serve various purposes: they can make certain features work (like keeping you logged in or remembering items in a cart), help us understand how you navigate our site, and enable advertising to you on other platforms. In addition to cookies, we (and our partners) may use similar technologies such as web beacons (also known as pixel tags or clear GIFs), which are tiny graphics embedded on webpages or emails that track whether you’ve opened an email or visited a certain page. We may also use device identifiers and local storage or other tracking technologies for similar purposes.

Types of Cookies We Use: RightLenderMatch.com uses both first-party cookies (set by us) and third-party cookies (set by partners or providers) for several reasons:

  • Necessary Cookies: These cookies are essential for the website to function. They enable core features such as security, network management, and accessibility. For example, necessary cookies might help authenticate your login, keep your session active as you navigate between pages, or remember your privacy preferences. Without these, the site might not perform properly.

  • Preferences and Functional Cookies: These cookies allow our site to remember choices you make and provide enhanced, more personal features. For instance, a functional cookie might remember your location selection or your preferred loan category so that we can provide you a more tailored experience on your next visit. They can also be used to provide services you have asked for, like live chat support or remembering if you’ve already completed a survey.

  • Analytics and Performance Cookies: We use these to collect information about how visitors use our site, such as which pages are most frequently visited, how users move from one page to another, and if they encounter errors. Analytics cookies allow us to see overall patterns of usage at an aggregated level. For example, we use tools like Google Analyticsusercentrics.com and similar services to analyze user behavior. The information gathered (such as your IP address and clickstream data) helps us improve the website’s performance and design. We configure these analytics tools to anonymize IP addresses where possible and we do not allow the analytics providers to use the data for their own purposes beyond providing services to us.

  • Advertising and Tracking Cookies: These cookies are used to deliver advertisements that may be relevant to you and your interests, both on our site and on other websites or apps. They can also limit the number of times you see an ad and help measure the effectiveness of our marketing campaigns. For example, advertising cookies might remember that you visited our site and what you looked at, and then later enable the display of a RightLenderMatch advertisement to you on a different website. These cookies are often placed by third-party advertising networks with our permission. They may collect information about your online activities over time and across different websites to infer your interests. We also may use social media cookies that allow you to share content or log in via social networks, and these can track your browser across other sites to build a profile of your interests.

Why We Use Cookies: In summary, we use cookies and similar technologies to:

  • Ensure our website functions properly and securely.

  • Save your preferences and enhance user experience.

  • Analyze site traffic and user interactions to improve our services.

  • Serve and measure the performance of personalized ads (with appropriate consent where required).

  • Enable certain third-party features or integrations (such as social media plug-ins or video players) when you choose to use them.

Third-Party Tracking and Do-Not-Track: We want to be transparent that third parties (like analytics providers, ad networks, and social media platforms) may set cookies or use tracking technologies on our site. These third parties may collect information about your online activities over time and across different websites. For example, a partner might use cookies to recognize your device when you visit RightLenderMatch and when you visit other sites, enabling them to understand your interests and serve relevant ads to you. We do not control these third-party technologies, but we do contractually require certain partners to honor privacy commitments and we provide you with choices (described below) to limit such tracking.

Some web browsers offer a “Do Not Track” (DNT) feature that lets you signal to websites that you do not want to be tracked. However, there is currently no universal standard for how to interpret the DNT signal. As a result, our website does not respond to generic DNT browser signalsusercentrics.com. Please note that this is common across many online services. Instead, we provide you with the tools and choices described in this policy to manage tracking and advertising preferences. That said, certain privacy regulations (like California’s CCPA/CPRA) recognize signals such as the Global Privacy Control (GPC) for specific opt-out purposes. If we detect a GPC signal from your browser, we will treat it as a valid request to opt out of the “sale” or “sharing” of personal information for targeting purposes as required by California law.

Your Choices Regarding Cookies: You have several options to control or limit how cookies and similar technologies are used:

  • Browser Settings: Most web browsers allow you to refuse new cookies, disable existing cookies, or alert you when new cookies are being sent. Please note that if you disable or delete cookies, some features of our site might not function as intended (for example, you might not be able to stay logged in or see personalized content). The method for managing cookies varies by browser – check your browser’s help section for instructions. For mobile devices, you can also manage cookies through your device settings (look for privacy or browser settings).

  • Cookie Banner & Preferences: If our website uses a cookie consent banner or preferences center, you can use that tool to customize your cookie settings. For instance, you might choose to allow only required cookies and disable those used for advertising or analytics. We honor the choices you make through any consent tool on our site.

  • Analytics Opt-Out: To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on, which is available for most browsersusercentrics.com. This tool prevents Google Analytics from using your data from that browser. Other analytics providers we use may offer similar opt-out mechanisms on their websites.

  • Advertising Choices: For information on opting out of interest-based advertising, please see the “Behavioral Advertising” section below, which describes industry opt-out programs and other steps you can take to reduce targeted advertising.

  • Clearing Local Storage: You can typically clear information stored in local storage (such as HTML5 localStorage) via your browser settings, similar to clearing cookies.

Keep in mind that even if you opt out of certain cookies, you may still see generic ads (not based on your personal data) and some tracking may still occur (for instance, for site analytics). However, your choices will be respected as per the tools and laws described. We also do not use cookies to track you across websites for any purpose other than those stated.

For more detailed information on our use of cookies and tracking technologies, or if you have any questions about how to manage them, you can contact us via our contact form. We’re happy to provide additional guidance or clarification.

Behavioral Advertising

As described above, we and third parties may use cookies and other tracking technologies to collect information about your online activities and infer your preferences in order to provide you with targeted advertising. This practice is commonly known as interest-based advertising or behavioral advertising. We want to explain how this works and what choices you have.

When you visit RightLenderMatch.com or interact with our content, advertising cookies or pixels may record information about your browsing behavior (e.g., pages visited, links clicked, time on page) and technical information (e.g., IP address, device ID). Our advertising partners can use this data to create a profile of your interests. For instance, if you explore pages on our site about auto loans, you might later see ads for car financing either on our site or on other websites. Advertisers can also combine data from multiple sources – for example, they might link your web activity with information collected from your mobile device or with offline data (like loyalty programs) – to better tailor ads to you.

We may partner with advertising networks like Google Ads, Facebook/Meta, or other ad exchanges that facilitate the placement of ads on websites. These partners use their own cookies or identifiers to track your interactions with our site and other sites. They then use that information to display ads that are believed to be relevant to you. For example, we might use Google’s advertising services to show you ads for RightLenderMatch on other websites after you visited our site, a process known as retargeting. Similarly, if we run ads on social media, those platforms may use information collected on our site (via their pixels or SDKs) to help target those ads to the right audience.

We want to emphasize that any such advertising use of your data is subject to applicable privacy laws. For example, certain laws define the sharing of personal data for behavioral advertising as a “sale” or “sharing” of information. Where that is the case (such as under California’s CCPA/CPRA for cross-context behavioral advertisingusercentrics.com), we honor opt-out requests accordingly. In practice, this means if you opt out of cookies or use a browser signal like the Global Privacy Control as discussed above, we will stop using or sharing your data for targeted advertising to the extent required by law.

Your Choices for Targeted Ads: If you prefer not to receive interest-based ads from us or our partners, there are several steps you can take:

  • Use Privacy Controls on Our Site: If available, adjust your cookie preferences to disable advertising cookies as mentioned in the Cookies section. This will limit our ability and our partners’ ability to track your activity on our site for advertising purposes.

  • Industry Opt-Out Tools: You can opt out of many (but not all) third-party advertisers’ tracking via industry-supported websites. The Network Advertising Initiative (NAI) offers an opt-out page where you can selectively opt out of participating companies’ targeted ads (see http://optout.networkadvertising.org). Similarly, the Digital Advertising Alliance (DAA) provides a WebChoices tool for opting out of interest-based advertising on websites (see http://optout.aboutads.info) and an AppChoices mobile app for opting out in mobile apps. These tools can be used to opt out of many of the ad networks and third-party partners that may be involved in our site’s advertising.

  • Device and Browser Settings: On your mobile device, you can often limit ad tracking by adjusting your device’s privacy settings (for example, on iOS, selecting “Limit Ad Tracking,” or on Android, opting out of Ads Personalization). In web browsers, you can use tracker-blocking extensions or privacy modes that limit third-party cookies. Keep in mind that using ad-blocking or tracker-blocking browser plugins may interfere with some functionality on sites (including ours), but they can significantly reduce tracking.

  • Opting out of Specific Platforms: Some advertising partners provide their own opt-out mechanisms. For instance, Google allows users to adjust their ad settings (see Google Ad Settings to control personalized ads on Google’s network), and Facebook allows you to adjust your ad preferences in your user settings on their platform. If you want to specifically opt out of our use of a particular platform for targeted ads, you may need to adjust your settings on that platform as well.

Please note that opting out of interest-based advertising through the above methods does not mean you will no longer see advertisements. You will still see generic ads that are not tailored to your interests. However, those ads will be less relevant to you. Also, if you delete cookies or use a different browser/device, you may need to renew your opt-out choices, as those preferences might not carry over.

We do not engage in invasive profiling or automated decision-making that would deny you significant services without human involvement. The profiling we (or our partners) do for advertising is intended to group users into interest categories to show them relevant ads; it does not involve making determinations about eligibility for services or credit decisions by automated means. If you have any questions or concerns about our advertising practices, you can always contact us for more information or to exercise any applicable rights (such as those provided under state laws or GDPR, discussed below).

Third-Party Integrations and Links

Our website may include links to third-party websites or integrate third-party services and content. It’s important to note that if you click on those links or use those integrations, you may be providing information directly to those third parties, and their privacy practices will govern that information. We encourage you to review the privacy policies of any third-party site or service that you visit or use.

  • Links to External Sites: If RightLenderMatch.com provides links or references to other websites (for example, to lender websites, partner offers, articles, or other resources), those sites are not operated by us. Clicking on such a link will take you to a site we do not control. We are not responsible for the content, security, or privacy practices of third-party sites. If you submit personal information on an external site, that information is governed by the third party’s privacy policy. We recommend that you read the privacy statements of every website you visit, especially if you provide personal data there.

  • Third-Party Widgets and Plug-ins: Our site may include features or widgets provided by third parties, such as a social media “Share” button, a chat support widget, or interactive maps. For example, if we have a Facebook “Like” or “Share” button on a page, that button might allow Facebook to collect information about your browser’s interaction (Facebook could receive the information that a user with your IP address visited a certain page). Similarly, if we integrate a “live chat” feature from a provider, that provider might process any information you enter into the chat. These third-party features may set their own cookies or use other tracking technologies. Using these features is voluntary; if you choose to use them, your interaction with them is governed by the privacy policy of the company providing the feature.

  • Partner and Affiliate Programs: In some cases, we might partner with other companies to offer co-branded services or promotions. For example, if we run a special loan program in partnership with a bank, there might be a section on our site that is jointly operated by RightLenderMatch and that bank. If that occurs, we will clearly indicate the partnership and whose privacy policy applies to the information you provide. If the partner site is basically part of our site, this Privacy Policy will continue to apply to our handling of your data, but if you are directed to the partner’s own site or system, then their policy will apply for that portion.

  • Social Media Pages: RightLenderMatch maintains official pages or accounts on social media platforms such as Facebook, Twitter, LinkedIn, or others to engage with our users and share information. If you visit or interact with our official social media pages, any information you post or provide (such as your comments, likes, or messaging us) is subject to that platform’s privacy policy. We may collect information from our social media pages (for instance, we may keep track of the number of “likes” or what content is popular) in aggregate form. We might also repost or feature testimonials or comments you make on our social media pages, but if we do so on our website, we would only do it in compliance with the terms of the platform and after removing any sensitive personal information.

In summary, while we strive to partner only with reputable third parties, we want you to be aware that any data you provide to those parties is not covered by this Privacy Policy. We are not responsible for how those third parties collect, use, or share your information. If you have questions about how a third party handles your data, please review their privacy policy and contact them directly if needed.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, as outlined in this Privacy Policy, and for other legitimate business or legal purposes. The length of time we keep your information can vary depending on the type of information and the context in which it was collected. Here are some general guidelines we follow:

  • User Accounts: If you create an account with RightLenderMatch, we will retain the personal information associated with your account for as long as your account is active or as long as needed to provide you with our services. If you decide to close your account, we will delete or de-identify the personal information associated with it upon your request, except for information we are required or permitted to retain by law (for example, for tax, audit, or legal compliance).

  • Service Inquiries and Matches: If you submit an inquiry for lender matches or receive offers through our service, we will retain the information related to that inquiry (including the data you provided and any offers or communications exchanged) for a period necessary to complete the matching process and as required to maintain a record of our transactions. Typically, we might retain such records for a few years to have an accurate history for customer service, to resolve disputes, or to satisfy regulatory requirements related to financial service inquiries.

  • Marketing and Communications Data: If you have consented to receive marketing emails or newsletters, we will retain your contact information and marketing preferences until you unsubscribe or ask us to delete that information. If you opt out of marketing, we may keep your contact details on a suppression list (a record that ensures we don’t send you further marketing) to honor your opt-out decision.

  • Usage Data: We generally retain website usage data (such as log files and analytics information) for a shorter period, typically in aggregated or anonymized form. Raw logs may be kept for a brief period (e.g., a few months) except where needed for security investigations; aggregated analytics data may be retained longer to identify long-term trends without directly identifying users.

  • Legal Obligations and Disputes: We may need to retain certain information for longer periods if required by law or if we are resolving a dispute or enforcing our agreements. For instance, if a law requires us to keep records of transactions or communications for a certain period (e.g., financial regulations might require retaining loan-related communications for a number of years), we will comply with those requirements. Additionally, if we are involved in litigation or receive a legal request (like a subpoena), we might need to preserve relevant information until the issue is resolved.

  • Criteria for Retention: When determining retention periods, we carefully consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure if we keep it too long; the purposes for which we process it and whether we can achieve those purposes through other means; and the applicable legal requirements (such as statutes of limitations, regulatory guidelines, or contractual obligations).

When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely dispose of it. This might involve deleting it from our active databases, anonymizing it so that it no longer can be associated with you, or securely storing it and isolating it from further use until deletion is possible. For example, we might archive certain data offline for a period before final deletion, in order to protect it during the process of removing it from all our systems.

If you have specific questions about our data retention practices for a particular type of information, you are welcome to contact us. We will provide you with more detailed information if possible, and we will honor any applicable rights you have to request deletion of your data (see the “Your Rights” sections for more information on deletion requests and other rights).

Data Security

We take the security of your personal information seriously and implement a variety of administrative, technical, and physical safeguards to protect it from unauthorized access, loss, misuse, or alteration. While no website or electronic transmission is completely secure, we strive to use industry best practices appropriate to the sensitivity of the data.

Security Measures: Some of the measures we have in place include:

  • Encryption: We use encryption protocols to protect data transmitted to and from our site. For instance, any personal information you enter on RightLenderMatch.com is transmitted over a secure HTTPS connection. This means data is encrypted in transit, helping to prevent eavesdropping. In addition, for particularly sensitive information (like a Social Security number, if ever collected), we would also encrypt that data at rest in our databases.

  • Access Controls: We limit access to personal information to those employees, contractors, and service providers who have a business need to know it. We employ access controls such as strong password protection, multi-factor authentication for administrative access where possible, and the principle of least privilege (granting the minimum access necessary) to reduce the risk of unauthorized access to data.

  • Network & System Security: Our systems are protected by firewalls and monitoring systems that are designed to detect and prevent unauthorized access. We regularly update our software and systems to address potential security vulnerabilities. We also use anti-virus and anti-malware tools, and we monitor our systems for possible attacks or intrusions.

  • Employee Training and Policies: We maintain internal policies and conduct training for our team on the importance of confidentiality and privacy of user data. Our employees are instructed on how to handle personal data securely and are bound by confidentiality obligations. If we work with contractors or service providers who might have access to personal information, we require them to adhere to appropriate security standards.

  • Incident Response: We have an incident response plan in place to address any suspected data breach or security incident. This plan outlines the steps to take in identifying, containing, investigating, and remediating incidents, as well as procedures for notifying affected individuals and authorities when required by law.

No Absolute Guarantee: Despite our efforts to safeguard your information, no security measures are infallible. The internet is not 100% secure, and we cannot guarantee that personal information will never be accessed or used in an unauthorized way. Factors like your own effort to secure your personal devices, and safe handling of your account credentials, also play an important role in security. We urge you to take precautions as well: for example, use a strong and unique password for our site (if you create an account) and do not share it with others. Notify us immediately if you suspect any unauthorized access to your account or any security vulnerabilities in our Service.

Data Breach Notifications: In the unfortunate event of a data breach that compromises the security or confidentiality of your personal information, we will notify you and the appropriate authorities as required by applicable law. Notification may occur via email, website notice, or other means permitted or required. We will also take all reasonable steps to contain the breach, mitigate harm, and prevent a recurrence.

Our commitment to security is ongoing. We periodically review and update our security practices to address new threats and changes in regulatory requirements. If you have any questions about the security of our website or suspect a vulnerability, please contact us through our contact form. We appreciate your input in helping keep our community safe.

International Users and Data Transfers (GDPR)

RightLenderMatch.com is operated from the United States, and our services are primarily intended for users in the U.S. However, we recognize that our website may be accessed by individuals around the world. If you are visiting or using our services from outside the United States, particularly from the European Economic Area (EEA), United Kingdom (UK), Switzerland, or other regions with data protection laws, you may have additional rights and protections under those laws. We aim to comply with all applicable data protection regulations, including the EU/UK General Data Protection Regulation (GDPR) where it applies.

Data Controller: For the purposes of European data protection law, RightLenderMatch.com (the company operating this website) is the “data controller” of your personal information. This means we are responsible for deciding how and why your personal data is processed, and for complying with applicable privacy laws. You can find our contact information in the “Contact Us” section of this policy if you need to reach our data protection contact.

Legal Bases for Processing: The GDPR requires that we inform you of the legal grounds we rely on to process your personal data. We generally rely on the following legal bases:

  • Contractual Necessity: If you sign up for our services or request to be matched with lenders, we process your personal data to fulfill our contract with you. For example, using your information to connect you with a lender or to provide customer support would fall under this basis.

  • Legitimate Interests: We may process your data for our legitimate business interests, provided those interests are not overridden by your data-protection rights. For instance, it is in our legitimate interest to use certain data to improve our services, to secure our website, or to engage in limited direct marketing to our customers. When we rely on this basis, we carefully consider and balance any potential impact on your rights.

  • Consent: In some cases, we rely on your consent. For example, if we place non-essential cookies (like for analytics or advertising) on your device, we will seek consent where required by law. Similarly, if we send you promotional emails and you are in a jurisdiction that requires consent for such communications, we will only do so with your consent (which you can withdraw at any time). When we rely on consent, we will make clear what you are consenting to, and you have the right to withdraw your consent at any time.

  • Legal Obligation: We may process personal data as necessary to comply with our legal obligations, such as maintaining records for tax purposes or responding to lawful requests by public authorities.

International Data Transfers: If you are located outside the United States, please be aware that your personal information will be transferred to and processed in the United States and possibly other countries. These countries may have data protection laws that are different from (and potentially less protective than) the laws of your country. For example, personal data of EU users is typically stored on servers in the U.S. When we transfer personal data from the EEA/UK to the U.S. or other countries, we take steps to ensure appropriate safeguards are in place to protect your information. This may include using standard contractual clauses approved by the European Commission, relying on an adequacy decision (if applicable), or obtaining your explicit consent for certain transfers. By using our site or services and providing us with your information, you acknowledge that your information will be transferred to our facilities (and to those third parties with whom we share it as described in this policy) in the United States or elsewhere.

Your Rights (GDPR and Similar Laws): If you are an individual in the EEA, UK, or certain other jurisdictions, you have specific rights regarding your personal data. These rights, subject to certain exceptions and limitations, may include:

  • Right of Access: You have the right to request that we confirm whether we are processing your personal data, and if so, to provide you a copy of that data along with certain other details (similar to the information provided in this Privacy Policy).

  • Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data or complete any data that is incomplete.

  • Right to Erasure: You can ask us to delete or remove your personal data in certain circumstances, such as if it’s no longer needed for the purposes for which it was collected, or if you withdraw consent and no other legal basis for processing applies. This is sometimes called the “right to be forgotten.” Please note that we may not be able to delete data that we are required to retain by law, but we will inform you if that is the case.

  • Right to Restrict Processing: You can request that we limit the processing of your personal data in certain situations—for example, while we are verifying the accuracy of your data or if you have objected to our processing and we are considering that objection.

  • Right to Data Portability: You have the right to request a copy of certain personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another data controller, where technically feasible. This right applies to personal data you provided to us and that we process by automated means based on your consent or a contract with you.

  • Right to Object: You have the right to object to our processing of your personal data when we are relying on legitimate interests as the legal basis. If you make such an objection, we will evaluate whether our legitimate interests in processing your data are overridden by your privacy rights; if they are, we will cease processing that data for those purposes. You also have the right to object at any time to processing of your data for direct marketing purposes, which includes profiling related to such marketing.

  • Right not to be Subject to Automated Decisions: The GDPR provides that you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you, unless certain exceptions apply. RightLenderMatch does not make such automated decisions without human review regarding eligibility for our services or loan offers; any significant decisions involving your data will involve appropriate human intervention.

  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing that was done before you withdrew consent, and it won’t affect processing under other legal bases. For example, if you consented to receive marketing emails, you can opt out later, and we will stop sending them.

  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority, particularly in the country where you live or work, or where the alleged violation occurred. For instance, in the EU you could contact the Data Protection Authority in your country. In the UK, this would be the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns directly before you do this, so we encourage you to contact us first.

You may contact us at any time to exercise the above rights. We may need to verify your identity (for example, by asking you to provide information to confirm your identity) before fulfilling certain requests, as a security measure to ensure that personal data is not disclosed to someone who does not have the right to receive it. We will respond to your request within the time frame required by law (generally within one month for GDPR, although this can be extended in certain complex cases). There is no fee for making such requests, though if requests become excessive or repetitive, we are allowed by law to charge a reasonable fee or decline to act on the request.

If you are a resident of a country like Canada, Australia, or others with privacy laws, you may also have similar rights under those laws. We strive to honor all applicable rights to the extent required by each jurisdiction. This Privacy Policy focuses primarily on U.S. and EU/UK laws, but regardless of where you are, we are committed to respecting your privacy and will work with you to address any concerns about your personal information.

By using our services from outside the U.S., you acknowledge that your information may be transferred to and processed in the U.S. as described above. We will take all measures reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law. If you have any questions about how we handle international data or if you need more information about our data transfer safeguards, please reach out to us via the contact form.

Children’s Privacy

Our services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 13. RightLenderMatch.com is intended for use by adults (typically, individuals 18 years of age or older) who are interested in seeking loan products or financial services. Minors are not eligible to use our service, and we ask that anyone under the age of 18 not submit any personal information to us or use our platform.

Children Under 13: In compliance with the U.S. Children’s Online Privacy Protection Act (COPPA) and other applicable laws, we do not knowingly solicit or collect personal data from children under 13 years old. We do not offer services to children of this age and our website is not designed to attract their interest. If you are under 13, please do not use our site or send us any information about yourself. If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete that information from our records.

Minors Under 18: While our focus is on users who are at least 18, we recognize that someone between 13 and 17 might visit the site (for example, a teenager researching loans for educational purposes). Our policy is that minors under 18 should only use the site with the involvement of a parent or guardian and should not submit personal information or applications through our service. We do not knowingly enter into contracts or provide services directly to minors. If you are a parent or guardian and you believe your child (under 18) has provided personal information to us or engaged our services inappropriately, please contact us. We will take steps to remove the information and (if applicable) terminate the child’s account or participation.

We also want to note that certain laws (like the California Consumer Privacy Act) provide special protections for minors’ data. We do not sell personal information, including the personal information of consumers we know to be younger than 16, without affirmative authorization as required by applicable law. If in the future we were to implement any platform or feature directed at teenagers or children (which we do not plan at this time), we would do so in compliance with all relevant child privacy and safety laws.

If you have questions about our practices with respect to children’s privacy, or if you become aware of any child under 13 (or under 18, for that matter) providing personal data to us, please reach out to us through the contact form immediately so we can investigate and address the issue. Protecting children’s privacy is important to us, and we are committed to taking appropriate actions to ensure that children’s information is not mishandled.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will post the updated policy on this page and update the “Effective Date” at the top of the policy. Any changes will become effective when the revised Privacy Policy is posted, unless otherwise required by applicable law.

If we make any material changes to how we collect, use, or share your personal information, we will endeavor to provide additional notice to you. This could include posting a prominent notice on our website (for example, a banner or pop-up notification), or contacting you via the email address we have on file (if you have provided one) prior to the changes taking effect. We do this so that you have the opportunity to review the revised terms and understand how your information will be handled going forward.

We encourage you to periodically review this Privacy Policy to stay informed about our data practices and the ways you can protect your privacy. For example, if you have an account with us, consider checking this page occasionally or whenever you receive a notice of update from us. By continuing to use RightLenderMatch.com after an update to this Privacy Policy, you are indicating that you accept the revised policy. If you do not agree with any changes to the policy, you should stop using our services and inform us of your concerns (you always have the option to request that we delete your data, as described in the relevant sections of this policy).

In summary, your privacy is an ongoing priority, and we will not reduce your rights under this Privacy Policy without obtaining the necessary consents or as otherwise permitted by law. If you have any questions about any changes made to this Privacy Policy, please contact us via the contact form, and we will be happy to explain any changes.

U.S. State Privacy Rights and Notices

Alabama

As of the current date, Alabama has not enacted a comprehensive consumer data privacy law that provides specific rights like those described in other states above. That means there is no state law in Alabama that, for example, gives you an automatic right to access or delete personal information held by companies (beyond any rights you might have under federal law or general principles).

Alabama has enacted certain sector-specific privacy laws, such as the Alabama Genetic Information Privacy Act (2024), which protects the privacy of consumers’ genetic datainsideprivacy.com. However, this is not a comprehensive consumer privacy law and only applies to direct-to-consumer genetic testing services. Lawmakers in Alabama have considered consumer privacy legislation (and as of 2025, privacy bills have been introduced in the Alabama legislature), but no such law has been passed yet. Residents of Alabama are protected by applicable federal privacy laws (and industry-specific laws) even in the absence of a state-specific privacy statute. Additionally, RightLenderMatch.com applies a high standard of privacy protection to all users, regardless of state. This means that even without a state law in Alabama, you have the ability to request information or deletion by contacting us, and we will do our best to honor reasonable requests in line with our policies and applicable law. If Alabama enacts a comprehensive privacy law in the future, we will update this Privacy Policy to inform you of your new rights under that law.

Alaska

As of now, Alaska has not enacted a comprehensive consumer privacy law that provides state-specific privacy rights like those described in other sections of this Policy. This means that in Alaska, unlike in California or some other states, there isn’t a state law granting you the right to demand access to your data, deletion of your data, or to opt out of data sales by businesses (beyond whatever rights are provided by federal law).

Legislators in Alaska have shown interest in privacy issues, and there have been proposals to adopt a consumer privacy law (as of the latest sessions, such bills have been introduced but not passed). That said, residents of Alaska still have privacy protections under federal laws (for example, laws governing credit reporting, health information, financial data, etc., where applicable). Additionally, RightLenderMatch.com voluntarily extends many of the privacy practices described in this policy to all users nationwide. This means you can contact us with requests about your data (such as asking what information we have or requesting deletion), and we will do our best to accommodate you even if Alaska law doesn’t mandate it. If and when Alaska enacts a comprehensive privacy law, we will update our Privacy Policy to inform you of any new rights or choices you have.

Arizona

As of now, Arizona has not enacted a comprehensive consumer privacy law that provides state-specific privacy rights like those described in other sections of this Policy. This means that in Arizona, there is currently no state law granting residents general rights such as accessing personal data, requesting deletion, or opting out of the sale of personal data held by companies (aside from rights provided under federal law).

Legislators in Arizona have considered privacy legislation in recent years, but to date no broad consumer data protection law has been passed in the state. Arizona does have various privacy-related statutes in specific areas (for example, laws regarding data breaches, security of personal information, and protections for certain types of data like biometric identifiers or telephone records), but these do not confer the kind of consumer rights (access, deletion, etc.) seen in comprehensive privacy laws elsewhere.

That said, Arizonan residents still benefit from federal privacy protections (like those under HIPAA for health data or the Gramm-Leach-Bliley Act for financial data, where applicable) and our commitment to privacy. RightLenderMatch.com extends many of the core privacy options described in this Policy to all our users. Even without a state law in Arizona, you can contact us to inquire about what data we have about you or to request deletion or correction of your information, and we will strive to honor such requests consistent with our legal obligations and this Policy. If Arizona enacts a comprehensive privacy law in the future, we will update this Policy to outline the new rights available to Arizona residents.

Arkansas

As of now, Arkansas has not passed a comprehensive consumer privacy law that provides residents with broad rights over their personal data. This means that Arkansas residents do not currently have state-granted rights to access personal information held by companies, request deletion of that information, or opt out of its sale or sharing (beyond any rights provided by federal law).

Arkansas has implemented some privacy-related laws in specific contexts. For example, Arkansas law contains protections for biometric data in certain situations and has requirements for safeguarding personal information (such as statutes addressing the proper disposal of data and breach notification requirements). In 2023, Arkansas also passed a law regarding children’s use of social media (focused on parental consent and age verification) and other targeted laws, but these are not general consumer data privacy laws granting rights like access or deletion of personal data across the board. The Arkansas legislature has considered broader privacy legislation in recent sessions (and as of 2025, privacy bills have been introduced), but no comprehensive law has been enacted yet.

Even without a specific state privacy law, Arkansas residents are protected by federal privacy statutes relevant to certain data (for example, FERPA for student records, HIPAA for health information, etc.) and can rely on our general privacy commitments. RightLenderMatch.com treats all user data with care, and you are welcome to contact us with questions or requests about your information. We will do our best to accommodate reasonable requests (like providing a copy of your data or deleting information) consistent with our obligations. If Arkansas passes a comprehensive consumer privacy law in the future, we will update our practices and this Privacy Policy to ensure compliance and to inform Arkansas residents of their new rights.

California

California has enacted a comprehensive privacy law known as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (effective since 2020 (CCPA), amended effective 2023 (CPRA)). This law provides California residents with a number of privacy rights regarding their personal information. These rights includeoag.ca.govoag.ca.gov:

  • Right to Know (Access): You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you. This includes the right to know the categories of sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you have provided to us (and in many cases, the personal data we have collected about you) in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity.

  • Right to Delete: You can request that we delete personal information we have collected from you, subject to certain exceptions (for example, we may retain information as required by law or for legitimate business needs such as completing transactions you requested).

  • Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you. Upon verification of your identity and the inaccurate information, we will correct it as required.

  • Right to Opt Out of Sale or Sharing: California residents can direct us not to “sell” their personal information to third parties (as “sell” is defined under California law) and not to share their personal information for cross-context behavioral advertising purposes. We do not sell personal data for monetary gain; however, if any data sharing we do (such as with marketing partners) is deemed a sale or sharing under California law, you have the right to opt out of that. We honor Global Privacy Control (GPC) signals as an opt-out request for online data sharingusercentrics.com.

  • Right to Limit Use of Sensitive Personal Information: If we collect information that California defines as “sensitive personal information” (for example, precise geolocation, social security number, or certain financial information), you have the right to limit our use and disclosure of that sensitive information to purposes that are necessary to provide the services. In practice, this means we will not use sensitive personal data for additional purposes (like targeted advertising) without your consent.

  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your California privacy rights. This means we will not deny you services, charge different prices, or provide a different level of quality just because you exercised your rights. (However, note that if you ask us to delete data that is necessary for providing a service, we may not be able to continue providing that service.)

California residents can exercise these rights by contacting us as described in the “Contact Us” section. When you submit a request, we will take steps to verify your identity (for instance, by asking for additional information). California law allows you to designate an authorized agent to make a request on your behalf, but the agent must provide proof of their authority and we will still need to verify that your identity is legitimately represented. We will respond to your request within 45 days, or notify you if we need more time. If we cannot fulfill your request, we will explain the reasons (for example, we might deny a deletion request if we are legally required to keep certain data).

Colorado

Colorado has enacted a comprehensive consumer privacy law known as the Colorado Privacy Act (CPA) (effective July 1, 2023). This law provides Colorado residents with several privacy rights regarding their personal information. These rights include:

  • Right to Access: You may request confirmation of whether we are processing your personal data and to access that data. We will provide you with the categories of personal information we have about you and, where required, the specific pieces of information, upon verified request.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you provided to us (and in some cases, other personal data about you) in a portable, commonly used format that you can transfer to another service.

  • Right to Delete: You can request that we delete personal information we have collected from or about you, subject to certain exceptions (for example, if the information is needed to complete a transaction you initiated, to comply with a legal obligation, or for internal uses aligned with your relationship with us).

  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you. Upon verification of your request, we will correct any inaccuracies as required by law.

  • Right to Opt Out of Sale of Personal Data: You can direct us not to sell your personal data to third parties (as “sell” is defined under the law). We generally do not sell data for monetary gain; however, if any sharing of data is considered a sale under Colorado law, you have the right to opt out of it.

  • Right to Opt Out of Targeted Advertising: You can opt out of the processing of your personal data for targeted advertising (also called interest-based advertising). This means we will not use or share your data for the purpose of showing you personalized ads if you exercise this right.

  • Right to Opt Out of Profiling: You can opt out of certain types of profiling using your personal data—specifically, the kind of automated processing that evaluates personal aspects about you in order to make significant decisions (for example, credit eligibility or similar). RightLenderMatch does not engage in such profiling without human review, but this right means you can object to any automated decision-making based on profiling if it were to occur.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising the above rights. We will not deny you services, charge you a different price, or provide a lower quality of service just because you exercised your privacy rights. (However, the law may allow offering different prices or benefits if the difference is reasonably related to the value of your data, which we would explain and seek consent for if applicable.)

Colorado’s law also provides extra protection for certain sensitive personal data (such as biometric identifiers, health information, precise geolocation, or information about minor children). In general, businesses must obtain your consent before collecting or using sensitive data, or at least give you a clear opportunity to opt out of such use. RightLenderMatch will handle any sensitive personal data in compliance with these requirements, ensuring it is only used for necessary services or with appropriate permission.

To exercise any of these rights as a Colorado resident, you can contact us using the methods described in this Privacy Policy (see Contact Us). We will need to verify your identity when you make a request, and we will respond within the timeframe required by Colorado law (typically within 45 days). If we cannot fulfill a particular request (for example, if an exemption applies), we will provide you with an explanation. Furthermore, if Colorado law allows you to appeal our decision regarding a privacy request (as is the case in some states), we will inform you of how you can submit an appeal and we will re-evaluate your request promptly. Rest assured, you will not be charged for making any such requests.

Connecticut

Connecticut has enacted a comprehensive consumer privacy law known as the Connecticut Data Privacy Act (CTDPA) (effective July 1, 2023). This law provides Connecticut residents with various privacy rights regarding their personal information. These rights include:

  • Right to Access: You may request confirmation of whether we are processing your personal data and to access that data. We will disclose the categories of personal data we have about you and, upon request and verification, the specific pieces of personal data.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you have provided to us (and, in many cases, personal data about you that we have collected from other sources) in a portable and usable format that can be transmitted to another entity.

  • Right to Delete: You can request that we delete personal data we have collected from or about you. We will honor such requests unless an exemption applies (for example, we may retain data needed to complete a transaction you requested, for security purposes, or to comply with a legal obligation).

  • Right to Correct: You have the right to request that we correct inaccuracies in the personal information we maintain about you. Once we verify your identity and the accuracy of the new information, we will correct our records as required.

  • Right to Opt Out of Sale of Personal Data: If we engage in the sale of personal data (as defined by Connecticut law), you have the right to opt out of such sales. We do not sell personal data for monetary value, but if any data transfers are considered “sales” under the law, you can opt out and we will cease those transfers for your data.

  • Right to Opt Out of Targeted Advertising: You can opt out of the processing of your personal data for targeted advertising purposes. This means we will not use or share your data to serve you personalized ads based on your online behavior once you have opted out.

  • Right to Opt Out of Profiling: You can opt out of certain forms of automated profiling using your personal data if it’s in furtherance of decisions that produce legal or similarly significant effects on you. (As noted elsewhere, RightLenderMatch currently does not make significant decisions about individuals without human involvement, but this right is there to protect you should that change or in interactions with third-party services.)

  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your rights under the CTDPA. We will not deny goods or services, charge different prices, or provide a different level of quality just because you exercised your Connecticut privacy rights.

Connecticut’s law also provides heightened protections for sensitive personal data (like precise geolocation, biometric data, health information, and data about children). Businesses must obtain your consent before collecting or using sensitive personal data or provide a clear opportunity to opt out of such use. We will follow these rules by seeking affirmative consent if we ever need to process your sensitive data for purposes beyond what is necessary, and by giving you opt-out choices where required.

If you are a Connecticut resident, you can exercise your privacy rights by reaching out to us via the contact methods in this Privacy Policy. We will verify your identity and respond within the timeframe set by Connecticut law (usually within 45 days). If we cannot comply with a request due to an exemption or other reason, we will explain that in our response. Connecticut’s law, like Virginia’s, allows consumers to appeal a decision we make regarding their privacy request. If you are dissatisfied with how we handled your request, let us know that you would like to appeal the decision. We will have a different reviewer examine your request and our response, and then inform you of the outcome of the appeal (generally within 60 days). We will not charge you for making requests or appeals under Connecticut law.

Delaware

Delaware has enacted a comprehensive privacy law called the Delaware Personal Data Privacy Act (effective January 1, 2025). This law provides Delaware residents with several rights concerning their personal data. These rights include:

  • Right to Access: Delaware residents can request confirmation of whether we are processing their personal data and obtain access to that data. We will inform you of the categories of personal information we have collected about you and, upon request, provide the specific pieces of personal data, along with details like the categories of sources and third parties to whom we disclosed the data.

  • Right to Data Portability: You have the right to receive a copy of personal data you have provided to us, in a format that is portable and, if technically feasible, readily usable, so you can transmit it to another entity. If you make such a request, we will provide your data in a commonly used electronic format.

  • Right to Delete: You can request deletion of personal data that we have collected from or about you. We will delete such data from our records and direct our service providers to do the same, unless a specific exemption applies (for example, if the data is needed for completing a transaction you requested, detecting security incidents, exercising legal rights, etc.).

  • Right to Correct: You have the right to ask us to correct any inaccurate personal information we hold about you. After verifying your identity and, if necessary, validating the correct information, we will update our records accordingly.

  • Right to Opt Out of Sale of Personal Data: You have the right to opt out of the sale of your personal information to third parties. Under Delaware’s law, a “sale” broadly includes sharing personal data for monetary or other valuable consideration. We do not sell personal data for money, but if any of our data sharing practices were to fall under the definition of a sale, Delaware residents can opt out, and we will honor that request.

  • Right to Opt Out of Targeted Advertising: Delaware residents can opt out of the processing of their personal data for targeted advertising purposes. Once you opt out, we will cease using or disclosing your data for serving you personalized advertisements.

  • Right to Opt Out of Profiling: You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. This covers automated processing of personal data to evaluate or predict personal aspects (like work performance, economic situation, health, etc.) when it’s used to make important decisions about you. If we were ever to engage in such profiling-based decisions, you could opt out. (At present, RightLenderMatch does not make significant decisions about consumers using automated profiling alone.)

  • Right to Non-Discrimination: Delaware law entitles you to exercise your privacy rights without being discriminated against. We will not deny you our services, charge you different rates, or provide a lesser experience because you chose to exercise your privacy rights. If we offer any financial incentives related to your personal data (for example, discounts in exchange for data, which we do not currently do), participation would be optional and based on your consent.

Additionally, Delaware’s law treats certain information as sensitive personal data (e.g., data about racial or ethnic origin, health conditions, precise geolocation, biometric identifiers, etc.). Businesses must obtain your consent before processing this sensitive data or provide a clear opt-out mechanism. We will comply with these requirements, meaning that if we ever need to collect sensitive data from Delaware residents, we will seek affirmative consent (opt-in) or otherwise ensure we have your permission as required by law.

Delaware residents can exercise their rights by contacting us (see the Contact Us section below). We will need to verify your identity to ensure we’re dealing with the correct person (for instance, we may ask you to confirm parts of your personal information we have on file). Once verified, we will respond to your requests within the timeframe Delaware law stipulates (typically within 45 days, with a possible extension of an additional 45 days if necessary). If we decline to take action on your request, we will provide our reasoning. Delaware’s law also allows you to appeal our decision if you are unsatisfied. If you wish to appeal, please inform us, and someone not involved in the initial response will review your request and our decision. We will then notify you of the outcome of your appeal (generally within 60 days). You will not be charged for making requests or appeals. Any information gathered as part of verifying your request will be used only for that purpose.

Florida

Florida has enacted a consumer privacy law as part of the Florida Digital Bill of Rights (SB 262, 2023) (effective July 1, 2024). This law provides Florida residents with certain rights over their personal data. These rights include:

  • Right to Access: Florida residents can request that we confirm whether we are processing their personal data and to access such personal data. Upon a verified request, we will provide you with your personal information that we maintain, and details about how we have used it, subject to any exceptions under Florida law.

  • Right to Data Portability: You have the right to obtain a copy of personal data you provided to us, in a portable and readily usable format that allows you to transfer it to another entity. We will supply this information electronically (or in another format you request, if feasible) after verifying your request.

  • Right to Delete: You can request deletion of the personal data we have collected from you. We will delete your personal information from our records (and direct our service providers to do the same), unless retaining the information is permitted or required by law (for example, some data may need to be kept for fraud prevention or record-keeping purposes).

  • Right to Correct: Florida’s law gives you the right to request correction of inaccuracies in the personal data we hold about you. When you make such a request and we verify your identity, we will correct the information in our systems as needed.

  • Right to Opt Out of Sale of Personal Data: Florida residents can opt out of the sale of their personal data. Under Florida’s law, “sale” is defined in a specific way (generally the exchange of personal data for monetary consideration by a controller to a third party). RightLenderMatch does not sell personal data in exchange for money. However, if any sharing of personal data could be interpreted as a sale under Florida law, you have the right to opt out of that, and we will honor your request.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the processing of your personal data for targeted advertising purposes. If you opt out, we will not use your information to show you personalized ads, nor will we share it with third parties for that purpose.

  • (No Explicit Right to Opt Out of Profiling): Florida’s law, at this time, does not explicitly enumerate a separate right to opt out of automated profiling decisions like some other state laws do. However, Florida’s law focuses on data sales and targeted advertising. Regardless, RightLenderMatch does not engage in automated decision-making without human involvement for significant decisions (such as credit approval or denial strictly by algorithm). If that ever changes, we would ensure compliance with all relevant laws and provide notice to users.

  • Right to Non-Discrimination: Florida residents are entitled to exercise their privacy rights without suffering discrimination. We will not deny you goods or services, charge you a different price, or provide a different level of quality based solely on your decision to exercise any rights under Florida law. However, the law does allow for loyalty programs or promotions that might involve different pricing, provided they are offered in a way that is compliant with the law (and any such program would require your informed consent to participate).

Florida’s law (the Digital Bill of Rights) applies primarily to certain larger businesses that meet specific thresholds (such as very high revenues or user counts). Whether or not RightLenderMatch falls under its scope, we aim to extend these rights to Florida residents as a matter of good practice. The law also imposes requirements regarding “sensitive personal data” (like precise geolocation, biometric data, information about health, etc.), generally requiring that businesses not sell or share sensitive data without consent. We will treat any sensitive personal information with special care, and if we were ever to handle such data, we would do so in compliance with Florida’s requirements (for example, obtaining consent for certain uses of sensitive data).

If you are a Florida resident and wish to exercise your privacy rights, you can contact us through the methods outlined in the Contact Us section of this policy. We will verify your identity (which may involve matching information you provide with data we have on file, or using a verification service) and respond within the timeframe set by Florida law. Under SB 262, the response time is generally 45 days, with the possibility of an extension when reasonably necessary. If we cannot comply with your request, we will provide an explanation (for example, certain requests may be denied if an exemption applies). At this time, Florida’s law does not outline a formal appeal process as some other states do, but if you have concerns about how we handled your request, please let us know and we will do our best to address them. You will not be charged for exercising your rights.

Georgia

As of now, Georgia has not enacted a comprehensive consumer data protection law. This means that Georgia residents do not have state-specific rights like accessing personal data or requesting deletion of data under a Georgia law (beyond what general federal laws provide). In recent years, Georgia lawmakers have considered privacy legislation, but as of 2025 no broad consumer privacy law has passed in Georgia.

That being said, Georgia does have some laws related to privacy and data security in specific contexts. For example, Georgia law requires businesses to implement reasonable security measures to protect personal information and to notify individuals in the event of certain types of data breaches. Georgia also has laws limiting how certain types of data (like social security numbers) can be disclosed and laws addressing privacy in specific industries (such as healthcare or finance, aligning with federal requirements).

Even without a comprehensive Georgia privacy law, residents of Georgia are protected by relevant federal privacy statutes (for example, HIPAA for medical information, GLBA for financial information, and others). Additionally, RightLenderMatch.com extends many of the same privacy practices and courtesies described in this Policy to all users, regardless of state. This means you can contact us with requests about your personal information (for instance, asking what data we have about you, or requesting that we delete data), and we will strive to honor such requests to the extent possible and consistent with our legal obligations.

In summary, while Georgia law at present does not grant explicit consumer data privacy rights like some other states do, we are committed to respecting your privacy. If Georgia enacts a comprehensive privacy law in the future (there are ongoing discussions and proposals in the Georgia legislature), we will update this Privacy Policy and our practices to ensure compliance and to inform you of your new rights.

Hawaii

Hawaii has not yet enacted a comprehensive consumer privacy law that provides specific rights over personal data (such as rights to access, delete, or opt out of the sale of personal information). In recent legislative sessions, Hawaii has explored various privacy-related bills, but as of now, none of those broader consumer data protection bills have become law.

Hawaii does have certain privacy protections enshrined in other laws. For example, the state constitution of Hawaii explicitly recognizes a right to privacy, and Hawaii law includes various sector-specific privacy rules (for instance, laws related to medical records, financial information, and protections for social security numbers and other sensitive information). Hawaii also has laws governing the security of personal data (such as requiring organizations to notify individuals of security breaches involving their unencrypted personal information, similar to other states’ breach notification laws).

Even in the absence of a general Hawaii consumer privacy statute, individuals in Hawaii benefit from federal privacy laws and the privacy practices of companies like ours. RightLenderMatch.com is committed to protecting the privacy of all our users. Hawaii residents can reach out to us with privacy-related requests (for example, to see what data we have or to ask for deletion of their data) and we will do our best to accommodate those requests in line with our legal obligations and this Privacy Policy.

It’s also worth noting that Hawaii has been considering consumer privacy legislation (sometimes similar to California’s CCPA or the Virginia model) and could enact a law in the future. If Hawaii were to pass a comprehensive privacy law, we will update this section of our Privacy Policy to outline the rights granted to Hawaii residents and ensure our compliance.

Idaho

Idaho does not currently have a comprehensive consumer privacy law that provides residents with specific rights over their personal information. This means there is no Idaho state law that broadly grants rights such as accessing personal data held by companies, requesting deletion of that data, or opting out of the sale of data, outside of what federal laws cover.

Idaho, like many states, has a variety of narrower laws and regulations related to privacy and data security. For instance, Idaho law addresses privacy in contexts such as financial information (aligning with federal GLBA requirements), healthcare (aligning with HIPAA for medical information), and student data in educational settings. Idaho also has laws requiring businesses and state agencies to protect personal information and to notify individuals in the event of certain data breaches. In 2023 and recent years, Idaho legislators have shown interest in privacy issues, but no omnibus consumer data privacy legislation has been enacted as of this writing.

Idaho residents should know that even without a state privacy law, their personal information is still protected by relevant federal statutes and by the practices of companies committed to privacy. RightLenderMatch.com applies strong privacy and security measures for all users. If you are an Idaho resident, you can contact us if you have questions about your data or if you would like to request access, correction, or deletion of personal information we may have about you. While these actions are not mandated by Idaho law, we will do our best to honor reasonable requests consistent with our obligations and the scope of services.

If Idaho passes a comprehensive privacy law in the future, we will update this Privacy Policy to reflect any new rights and obligations. We stay attentive to changes in privacy legislation nationwide and will ensure compliance with any new Idaho privacy requirements if they come into effect.

Illinois

Illinois has not yet enacted a comprehensive consumer data protection law like California’s CCPA or similar laws in other states. This means Illinois residents do not have a single state law granting broad rights such as the ability to request access to all their data or deletion of data from companies (aside from rights under federal law). However, Illinois is notable for having some of the strictest sector-specific privacy laws in the nation, particularly regarding biometric information and certain other data types.

Most prominently, Illinois’s Biometric Information Privacy Act (BIPA)nbcchicago.com, enacted in 2008, provides Illinois residents with strong protections for their biometric data (such as fingerprints, faceprints, iris scans, etc.). Under BIPA, private companies must obtain informed written consent from individuals before collecting their biometric identifiers or biometric information, and they must disclose the purpose and duration for which the data will be used. BIPA also grants individuals a right of action (meaning Illinois residents can sue for violations) and has led to significant enforcement through the courts. While BIPA is focused on biometrics, it exemplifies Illinois’s commitment to privacy in specific areas.

In addition to BIPA, Illinois has other privacy-related laws. For instance, Illinois has laws governing the privacy of genetic information, protections for Social Security numbers, and the “Right to Know Act” which requires certain businesses to disclose how they share personal information for marketing purposes upon request. Illinois also has the Student Online Personal Protection Act (SOPPA) to safeguard student data, and the Personal Information Protection Act (PIPA) which includes data breach notification requirements and mandates reasonable security measures for personal data.

Even without an overarching Illinois consumer privacy law, Illinois residents are protected by these targeted statutes and by federal privacy laws. RightLenderMatch.com complies with relevant Illinois laws like BIPA (though we typically do not collect biometric data in our services) and others as applicable. Moreover, we strive to honor the spirit of comprehensive privacy rights. If you are an Illinois resident, you may contact us to inquire about personal information we have about you or to request deletion or correction of such information. We will treat such requests in line with our general practices and legal requirements. Note that if your request involves a type of data specifically covered by an Illinois law (for example, biometric data under BIPA), we will handle it strictly under the requirements of that law.

Illinois is actively considering broader privacy legislation (there have been proposals in the Illinois General Assembly for comprehensive privacy bills), so it’s possible that more expansive privacy rights will be granted in the future. If Illinois enacts a comprehensive consumer privacy law, we will update our Privacy Policy to reflect those new rights and obligations for Illinois residents.

Indiana

Indiana has enacted a comprehensive privacy law known as the Indiana Consumer Data Protection Act (effective January 1, 2026). Although this law was passed in 2023 and has an effective date in the future, we are preparing to comply and to extend its rights to Indiana residents. Under this law, Indiana residents will have several key privacy rights regarding their personal data, which closely mirror those provided in other states like Virginia and Colorado. These rights include:

  • Right to Access: You will have the right to confirm whether we are processing your personal data and to access that data. This means you can ask us to provide the personal information we have about you, and we will supply you with that information (after verifying your identity) along with relevant details such as the categories of data and purposes of processing.

  • Right to Data Portability: Indiana’s law will allow you to obtain a copy of the personal data you provided to us, in a format that can be easily re-used or transferred to another service or provider. If you request such a copy, we will provide it in a commonly used electronic format.

  • Right to Delete: You can request deletion of personal data that we have collected from or about you. We will delete your personal information upon a verified request, unless an exemption applies (for example, if the data is needed for fraud prevention, to complete a transaction you initiated, to comply with a legal obligation, or other exceptions specified by law).

  • Right to Correct: You will have the right to request that we correct any inaccurate personal information we hold about you. Upon verifying your identity and the correctness of new information, we will update our records accordingly.

  • Right to Opt Out of Sale of Personal Data: Indiana residents can opt out of the sale of their personal data. “Sale” is generally defined in these laws as the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal data for money, but if any of our data sharing practices were considered a “sale” under Indiana law, you would have the right to opt out and we would cease such activity for your data.

  • Right to Opt Out of Targeted Advertising: You can opt out of the use of your personal data for targeted advertising purposes. This means if you exercise this right, we will stop processing or sharing your data for advertising that is targeted to you based on your browsing behavior or interests.

  • Right to Opt Out of Profiling: You have the right to opt out of any processing of your personal data that constitutes profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. If we were to use algorithms to make important decisions about you (like decisions related to eligibility for a loan, etc.) without human involvement, this right would allow you to opt out of such profiling. (Currently, RightLenderMatch does not engage in automated decision-making with legal or similarly significant effects without human review.)

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of the above rights. We will not deny goods or services, charge you different prices, or provide a different quality of service just because you exercised your privacy rights under Indiana law.

Additionally, Indiana’s law requires businesses to give special attention to sensitive personal data. Sensitive data (such as precise geolocation, racial or ethnic origin, health information, or personal data of children) cannot be collected or processed without obtaining your consent, in most cases. We will ensure that if we ever need to handle sensitive personal data of Indiana residents, we do so only with your opt-in consent or as otherwise permitted by law.

Though the Indiana Consumer Data Protection Act becomes effective in 2026, RightLenderMatch intends to honor these rights for Indiana residents proactively. Indiana residents can start contacting us with privacy requests (access, deletion, etc.), and we will treat those requests in alignment with the forthcoming law’s principles. To exercise your rights, use the contact methods provided in the Contact Us section. We will verify your identity (to protect your privacy) and respond within the timeline specified by the law (typically within 45 days). If we decline to act on your request for a valid reason, we will explain why. Indiana’s law will also require that we provide an appeal process. This means if you are dissatisfied with our initial decision on a privacy request, you can appeal by contacting us again, and we will have a different team member review your request and respond (generally within 60 days of your appeal). We will inform you of how to appeal in our response if we deny a request.

In summary, Indiana residents will soon enjoy robust privacy rights. We are committed to respecting those rights and have measures in place to comply with Indiana’s law. If you have any questions or want to exercise any privacy rights in Indiana, please reach out to us.

Iowa

Iowa has enacted a comprehensive privacy law called the Iowa Consumer Data Protection Act (effective January 1, 2025). This law grants Iowa residents certain rights regarding their personal data, although it has some differences compared to other states’ laws. The rights provided to Iowa residents include:

  • Right to Access: You have the right to confirm whether we are processing your personal data and to access that data. Upon your request, and after verifying your identity, we will provide you with the personal information we have about you, along with relevant details such as the categories of data and purposes for processing.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you provided to us, in a format that can be easily transferred to another service or platform. We will provide this data in a readily usable electronic format (for example, a CSV or JSON file) that allows you to transmit the data to another entity if you choose.

  • Right to Delete: You can request that we delete personal data you have provided to us. Iowa’s law specifically allows you to ask for deletion of personal information you gave us (and in practice, we will also consider deleting other personal data about you that we have collected, subject to legal exceptions). Once we verify your request, we will delete the information from our records unless an exemption applies (for instance, if the information is needed to complete a transaction, to detect security incidents, to exercise legal rights, or to comply with a legal obligation).

  • (No Explicit Right to Correct in Statute): It’s important to note that Iowa’s law does not include a specific right to correct inaccurate personal information. However, even though it’s not mandated, if you are an Iowa resident and you believe that some information we have about you is incorrect, you can still contact us and request a correction. We will make reasonable efforts to accommodate such correction requests as part of our commitment to data accuracy, even though it’s not a formal right under Iowa law.

  • Right to Opt Out of Sale of Personal Data: Iowa residents have the right to opt out of the sale of their personal data. Under Iowa’s law, a “sale” generally means the exchange of personal data for monetary consideration by us to a third party. We do not engage in selling personal data for money. If our practices were ever interpreted to constitute a sale, you can opt out and we will honor that request.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the processing of your personal data for purposes of targeted advertising. This means you can tell us not to use your information to show you personalized ads, and we will refrain from sharing your data with third-party advertisers or using it ourselves for advertising profiles. Notably, Iowa’s law doesn’t explicitly list “targeted advertising” in the consumer rights section, but it does require companies to provide a way to opt out of targeted ads. We comply by allowing you to opt out of cookies and similar tracking (as described in our Cookies section) which will, in effect, opt you out of interest-based advertising.

  • (No Explicit Right to Opt Out of Profiling): Iowa’s law also does not explicitly provide a right to opt out of profiling decisions (automated decisions) as some other states do. However, as mentioned elsewhere, RightLenderMatch does not use profiling to make significant automated decisions without human review. If that ever changes, we would ensure compliance with all applicable laws and offer appropriate choices to consumers.

  • Right to Non-Discrimination: Iowa residents have the assurance that we will not discriminate against them for exercising the above rights. We won’t deny you services, charge different prices, or provide a different quality of service just because you exercised your privacy rights. (If we offer any rewards or discounts as part of a data incentive program, participation would be voluntary and based on separate consent.)

Additionally, Iowa’s law requires that we be transparent about sensitive personal data and in certain cases obtain consent or allow opt-outs. While Iowa’s statute does not mandate an opt-in for sensitive data processing, it does obligate us to disclose if we process sensitive data and to present an opportunity to opt out of certain uses of that data. In practice, RightLenderMatch will handle any sensitive personal information (like precise geolocation, racial or ethnic origin, health information, etc.) with heightened care and will seek consent or provide opt-outs in line with both Iowa’s requirements and industry best practices.

To exercise any of these rights under Iowa law, you can contact us via the methods listed in the Contact Us section of this Privacy Policy. We will first verify your identity (for example, by matching information you provide with information we have on file) to ensure the security of your data. Once verified, we will respond to your request within 90 days as provided by Iowa’s law (Iowa allows up to 90 days to respond, which is a bit longer than some other states; if necessary, we may take an additional 45 days, and we will inform you if an extension is needed). If we decline to take action on your request (for example, if an exemption applies or the request is unfounded), we will inform you of our decision. Iowa’s law does not explicitly mention an appeal process for refused requests as some other states do. However, if you are dissatisfied with our decision, please reach out to us again or provide feedback, and we will certainly re-evaluate to ensure we’ve made the correct decision. We value your privacy and want to make sure your concerns are addressed.

In summary, while Iowa’s privacy law is somewhat limited compared to some others (omitting a formal correction right and profiling opt-out), RightLenderMatch aims to provide Iowa residents with a high level of privacy protection. We treat all consumer requests with seriousness and will continue to improve our practices in line with evolving laws and consumer expectations.

Kansas

Kansas has not passed a comprehensive consumer privacy law as of the current date. Kansas residents therefore do not have state-specific privacy rights (like general rights to access or delete personal data held by companies) beyond those provided by federal law. In recent years, Kansas lawmakers have discussed privacy and data security issues, but no broad consumer data privacy bill has become law.

Kansas does have a number of laws and regulations that touch on privacy in specific contexts. For instance, Kansas law includes provisions on the confidentiality of certain personal information (such as financial records, medical records under state health privacy rules, and educational records in line with federal law). Kansas also has a data breach notification law that requires companies to inform individuals if certain sensitive personal data (like social security numbers or financial account information) is compromised in a security breach. Additionally, Kansas has laws addressing online privacy in specific areas (for example, protections for library users’ records, protections of student data in schools, etc.), and it requires reasonable safeguards for personal information held by certain businesses.

Without a comprehensive privacy law, Kansas residents rely on these specific statutes and federal laws (like HIPAA, GLBA, COPPA, etc.) to protect their personal information. Nevertheless, RightLenderMatch.com is committed to protecting the privacy of all users, including those in Kansas. We adhere to strict data security standards and honor privacy-related requests from users as outlined in this Privacy Policy. If you are a Kansas resident and you want to know what information we have about you, or if you have a request such as deletion of your data or opting out of marketing, you can contact us. While these actions aren’t mandated by Kansas state law, we will do our best to accommodate reasonable requests in line with our general practices and legal obligations.

In summary, Kansas currently does not offer state-level consumer privacy rights akin to states like California or Colorado. However, we apply consistent privacy principles for all our users. If Kansas enacts a broad privacy law in the future (discussions in the state suggest interest in privacy matters), we will update this policy to outline Kansas residents’ new rights and ensure our compliance with that law.

Kentucky

Kentucky has enacted a comprehensive privacy law known as the Kentucky Consumer Data Privacy Act (which was passed in 2024 and is set to become effective January 1, 2026). This law is similar to privacy laws in other states and grants Kentucky residents specific rights regarding their personal data. Although the law is not yet in effect as of the date of this policy, RightLenderMatch is preparing to comply and extend these rights to Kentucky residents. The key privacy rights under Kentucky’s law include:

  • Right to Access: Kentucky residents will have the right to confirm whether we are processing their personal data and to access that data. When you exercise this right, we will provide you with the personal information we have about you, along with details like the categories of data, sources of that data, and the purposes for which we use it.

  • Right to Data Portability: You will have the right to obtain a copy of the personal data you provided to us, in a portable and (when feasible) readily usable format, so that you can transfer it to another service if desired.

  • Right to Delete: You can request the deletion of personal data that we have collected from or about you. We will delete your information upon a verified request, unless a specific exception applies (for example, if retaining the data is necessary to complete a transaction you requested, detect security incidents, exercise free speech or another legal right, comply with a legal obligation, etc., as outlined by the law).

  • Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you. After verifying your identity and, if needed, confirming the correct information, we will correct our records.

  • Right to Opt Out of Sale of Personal Data: Kentucky residents can opt out of the sale of their personal data. “Sale” in this context usually means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal information in exchange for money, but if any of our information sharing practices were considered a sale under Kentucky law, you have the right to opt out and we will cease such activity for your data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of processing of your personal data for targeted advertising purposes. If you exercise this right, we will not use or share your personal data for showing you personalized ads based on your browsing behavior or interests.

  • Right to Opt Out of Profiling: Kentucky’s law allows you to opt out of any processing of your personal data that is considered profiling in furtherance of decisions producing legal or similarly significant effects on you. In practice, this protects you from purely automated decisions that could seriously affect you (like decisions about eligibility for loans, housing, etc. made without human involvement). RightLenderMatch does not currently engage in such automated decision-making, but the right is there for your protection.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights under Kentucky law. We will not deny you goods or services, charge you different prices, or provide a different level or quality of service just because you exercised your rights. If we ever offer a loyalty program, discount, or other incentive that involves your personal data, participation would be voluntary and based on your informed opt-in consent (and we would provide details of how the incentive relates to your data, as required by law).

Kentucky’s law, like those of several other states, also has provisions regarding sensitive personal data. Sensitive data (which includes things like precise geolocation, racial or ethnic origin, health information, biometric identifiers, and personal data of children) generally cannot be processed without your consent. We will comply by obtaining affirmative consent from Kentucky residents before processing any sensitive personal data (unless an exemption applies). For example, if we ever needed to collect something like precise location data for a feature, we would ask you first and explain why we need it.

If you are a Kentucky resident, you may exercise these rights by contacting us through the methods described in the Contact Us section. Although the law’s effective date is in the future, we intend to honor legitimate requests as early as possible in the spirit of the law. When you submit a request, we will verify your identity (which may involve asking you to provide information that matches our records). We will respond to your request within the time frame required by Kentucky law (generally within 45 days, with a possible 45-day extension if necessary). If we need an extension, we will let you know the reason. If we cannot fulfill your request because an exemption applies or it conflicts with another law, we will explain that to you. Kentucky’s law will require an appeals process if we deny your request: this means if you’re unhappy with our decision, you can submit an appeal asking us to reconsider. If you appeal, we will have a fresh review of your request (by a different person or team) and inform you of the outcome within a reasonable time (the law suggests 60 days). We will also tell you how to contact the Kentucky Attorney General’s office if you have concerns that we did not resolve.

In summary, Kentucky’s new privacy law will empower you with rights similar to those in many other states. RightLenderMatch is committed to implementing those rights and safeguarding the data of Kentucky residents. If you have questions about your privacy or want to make a request, please reach out to us — we’re here to help.

Louisiana

Louisiana has not passed a comprehensive consumer privacy law as of the current date. This means Louisiana residents do not have broad state-granted rights like the ability to request a copy of all their personal data from companies or to demand deletion of their data under a Louisiana law. However, Louisiana has various laws addressing privacy and data protection in specific contexts.

For example, Louisiana law includes strong protections for certain types of personal information:

  • Louisiana’s Database Security Breach Notification Law requires entities that collect personal information to implement reasonable security measures and to notify individuals if certain sensitive personal data (like social security numbers, driver’s license numbers, or financial account information) is compromised in a security breach.

  • Louisiana has specific laws related to medical information that work in conjunction with HIPAA for healthcare providers, ensuring medical privacy.

  • The state has enacted the Genetic Information Privacy Act for direct-to-consumer genetic testing companies, requiring consent for the disclosure of genetic data and providing privacy protections in that niche area.

  • In the realm of children’s privacy, Louisiana, like some states, has laws requiring parental consent for the use of internet services by minors under certain conditions (for example, Louisiana’s 2022 law addressing minors’ access to certain online material also touches on age verification and data usage).

  • Louisiana law also puts limits on the use of certain technologies, such as requiring consent for the use of surveillance and tracking devices in some contexts.

Additionally, Louisiana consumers are protected by federal privacy laws relevant to financial data (GLBA), credit information (FCRA), health data (HIPAA), and more.

Even though there isn’t a single omnibus privacy law in Louisiana, RightLenderMatch.com remains committed to protecting our Louisiana users’ privacy. We treat personal data in line with high standards of security and confidentiality. If you are a Louisiana resident and you have questions or requests about your data (for example, if you’d like to know what information we have about you or want us to delete certain information), you can contact us. While such actions aren’t specifically mandated by Louisiana state law, we will try to honor reasonable requests as outlined in our Privacy Policy, taking into account our legal and operational obligations.

In summary, Louisiana does not currently provide state-wide consumer privacy rights like some other states do. However, we ensure compliance with the targeted Louisiana laws that do exist (such as those for genetic data, data breaches, etc.), and we voluntarily extend many privacy-friendly practices to all users. Louisiana’s legislature has considered consumer privacy issues (and as of 2025, there is growing interest nationwide in privacy laws), so it’s possible Louisiana may enact broader privacy legislation in the future. If that happens, we will update our Privacy Policy to detail any new rights for Louisiana residents and adjust our practices to ensure compliance.

Maine

Maine has not enacted a broad consumer privacy law akin to California’s CCPA or similar laws; however, Maine is known for a specific strong privacy law that protects the data of certain consumers. Notably, Maine passed an Online Privacy Law in 2019 that applies to broadband internet service providers (ISPs). This law (often referred to as Maine’s ISP privacy law) requires ISPs to obtain opt-in consent from customers before using, disclosing, or selling their sensitive personal information, such as browsing history, precise geolocation, or internet usage dataoag.ca.gov. While this law significantly protects Maine broadband customers’ privacy, it’s targeted at ISPs and does not extend rights to consumers regarding all businesses or websites.

As of now, Maine does not provide a general right for consumers to request data access or deletion from all businesses. There have been proposals for broader privacy legislation in Maine (for example, bills similar to other states’ consumer privacy acts have been introduced in the Maine Legislature), but none has become law yet. Maine has also implemented laws focusing on specific areas of privacy, such as regulations on telemarketing, student data privacy in schools, and stringent data breach notification and security requirements for businesses handling personal data.

Even without a comprehensive law, Maine residents benefit from strong federal and state sectoral protections. For example, Maine’s Department of Motor Vehicles protects driver information, health providers in Maine follow HIPAA, and financial institutions follow GLBA. Maine was also the first state to require by law that ISPs treat customer data as confidential by default.

RightLenderMatch.com extends its standard privacy practices to users in Maine. We don’t treat your data any less carefully just because Maine hasn’t passed a CCPA-style law. If you are a Maine resident and have questions or requests about your personal information in relation to our services, you are welcome to reach out via our contact methods. We will be transparent about the data we have and will honor requests, such as opting out of marketing communications or deleting an account, consistent with this Privacy Policy and applicable law.

In summary, Maine’s current privacy landscape includes a very protective law for internet service provider data and other niche protections, but not a comprehensive consumer control over personal data across all industries. If Maine enacts a broader consumer privacy statute in the future (and Maine’s legislative discussions indicate interest in privacy issues), we will update our Privacy Policy accordingly to inform Maine residents of their new rights and ensure compliance.

Maryland

Maryland has enacted a new comprehensive privacy law called the Maryland Online Consumer Protection Act (effective October 1, 2025). This law introduces a range of privacy rights for Maryland residents, similar to those found in other states’ privacy laws. Although at the time of writing this policy the law is not yet in effect, RightLenderMatch.com is committed to complying with it and extending its protections to Maryland users. Key rights under Maryland’s privacy law include:

  • Right to Access: Maryland residents will have the right to confirm whether a business is processing their personal data and to access that data. Upon request and once we verify your identity, we will provide you with the personal information we have about you, including details like the categories of data collected, purposes of processing, and any third parties with whom we have shared it.

  • Right to Data Portability: You will have the right to obtain a copy of your personal data in a portable format. This means we will give you your data in a commonly used electronic form that you can take to another service or store for your own purposes.

  • Right to Delete: You can request that we delete personal data we have collected from or about you. We will honor deletion requests for your personal information, except where keeping the information is allowed or required by law (for example, if it’s necessary to complete a transaction you requested, detect security incidents, comply with a legal obligation, etc.).

  • Right to Correct: Maryland’s law provides that you have the right to have inaccurate personal data corrected. If you discover that some information we have about you is incorrect, you can ask us to fix it. We’ll verify your identity and the new information, and then update our records accordingly.

  • Right to Opt Out of Sale of Personal Data: Maryland residents can opt out of the sale of their personal information. “Sale” is generally defined as the exchange of personal data for monetary or other valuable consideration. We do not sell your personal data in the traditional sense, but if we ever engaged in an activity that falls under the law’s definition of a sale, you have the right to opt out and we will cease that activity for your data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of your personal data being used for targeted advertising. If you exercise this right, we will not use or share your personal information to serve you personalized ads. We will also signal to third-party advertising partners (if any) that your data should not be used for targeted advertising on or off our site.

  • Right to Opt Out of Profiling: You have the right to opt out of automated profiling in furtherance of decisions that produce legal or similarly significant effects on you. This pertains to algorithms making important decisions (like on credit, insurance, employment, etc.) without human involvement. RightLenderMatch does not currently make such automated decisions about individuals. If we ever utilize such profiling, Maryland residents could opt out of it.

  • Right to Non-Discrimination: Maryland’s law ensures that we cannot discriminate against you for exercising your privacy rights. This means we won’t deny you our services, charge you a different price, or provide a different level of service just because you invoked your privacy rights. We may offer different levels of service or promotions to consumers who opt in to certain data uses (for example, if there was a loyalty program involving personal data, which you can choose to join or not), but any such program would comply with the law and be based on your consent.

Maryland’s law, like others, also highlights protections for sensitive personal data. Sensitive data (covering things like social security numbers, precise geolocation, biometric info, health data, and more) generally requires a higher level of protection. Businesses must usually obtain consent before collecting sensitive data (opt-in) or allow consumers to opt out of its processing. In compliance, RightLenderMatch will ensure that if we collect any sensitive personal information from Maryland residents, we will do so only with your explicit consent or as allowed by law, and we will clearly inform you about it.

If you are a Maryland resident, you can exercise your privacy rights by contacting us as detailed in the Contact Us section of this policy. We will verify your identity to make sure we’re responding to the correct person, and then we will fulfill your request within the time frame provided by Maryland law (which is typically 45 days, with a possible extension if necessary). If we cannot fulfill your request due to an exemption or other legal reason, we will explain that in our response. Maryland’s law also requires an appeals process for consumers: if you’re dissatisfied with our decision on your privacy request, you can appeal by contacting us again and indicating that you’d like to appeal our decision. We will have a different team member or a designated appeals officer review your request and our prior decision, and we will notify you of the outcome of the appeal within the period set by law (likely 60 days for a response to appeals). We’ll also let you know, if applicable, how to contact the Maryland Attorney General if you have concerns about the outcome.

In conclusion, Maryland’s new privacy law will empower you with significant rights over your personal information. We fully support these rights and are updating our systems and practices to be ready to honor them. Whether you’re reaching out now or after the law is in effect, your privacy is important to us, and we encourage Maryland residents to contact us with any privacy-related inquiries or requests.

Massachusetts

Massachusetts has not yet enacted a comprehensive consumer privacy law, although there have been notable efforts to do so. Over the past several years, Massachusetts lawmakers have proposed legislation such as the Massachusetts Information Privacy Act (MIPA), which aimed to grant consumers broad rights over their personal data. As of this writing, however, those proposals have not been passed into law. Therefore, Massachusetts residents do not currently have state-granted rights like a general right to access personal information or request deletion from businesses, outside of existing federal law protections.

Despite the lack of an omnibus privacy law, Massachusetts is known for strong data protection regulations in specific areas. Notably, Massachusetts was one of the first states to implement strict data security regulations for businesses. Massachusetts law (201 CMR 17.00) requires any company that owns or licenses personal information of Massachusetts residents to develop and maintain a comprehensive written information security program and to implement specific data security controls (such as encryption of personal data transmitted over the internet, firewalls, and up-to-date system security agent software). These regulations effectively protect Massachusetts residents by imposing strict standards on how companies handle their personal data, even though they don’t give individual rights to access or delete data.

Furthermore, Massachusetts has other laws relevant to privacy:

  • The state has a data breach notification law that mandates organizations to inform Massachusetts residents, as well as the Attorney General and the Office of Consumer Affairs and Business Regulation, in the event of a security breach involving personal information.

  • Massachusetts also has laws safeguarding specific types of information (for example, laws related to the confidentiality of library records, and protections against the misuse of telephone records or credit card data).

  • Additionally, Massachusetts recognizes privacy rights through its robust consumer protection laws (Chapter 93A) and via common law (Massachusetts courts have acknowledged certain privacy torts).

For our Massachusetts users: RightLenderMatch.com complies with the stringent Massachusetts data security regulations mentioned above. We have a comprehensive security program in place and employ administrative, technical, and physical safeguards to protect personal information, which benefits Massachusetts residents and all our users.

Even though Massachusetts hasn’t given residents explicit rights like data access or deletion through a specific privacy statute, we at RightLenderMatch strive to be transparent and responsive. If you are a Massachusetts resident and you want to know what information we hold about you, or if you have concerns or requests about that information, you can always reach out to us. We will do our best to provide you with insight into your data and accommodate requests such as opt-outs from marketing, deletion of account information, etc., consistent with our obligations and as outlined in this Privacy Policy.

Massachusetts is actively engaged in the national conversation around privacy, and it’s possible that a comprehensive law could be passed in the future. Should Massachusetts enact a consumer privacy law granting new rights, we will update this Privacy Policy to outline those rights and ensure our compliance.

Michigan

Michigan has not enacted a comprehensive consumer privacy law to date. This means that Michigan residents do not currently have state-specific rights such as a broad right to access personal data or request deletion of data from companies (beyond rights provided by federal law). However, Michigan law does include various privacy and data protection provisions in different contexts.

For instance:

  • Michigan has laws addressing the privacy of certain communications and records (e.g., the Michigan Internet Privacy Protection Act which limits employers and educational institutions from asking for social media account access; the Michigan Video Rental Privacy Act which is similar to the federal VPPA and protects video rental viewing history).

  • The state has a robust Identity Theft Protection Act, which, among other things, requires entities to notify individuals of data breaches involving personal information and sets guidelines for the secure destruction of personal data.

  • Michigan also has implemented data security measures through statutes that encourage or require businesses to safeguard personal information. It doesn’t prescribe specific technical measures like Massachusetts does, but businesses are generally expected to protect sensitive personal information of Michigan residents.

  • In sector-specific areas, Michigan complies with federal standards (for example, health providers follow HIPAA, financial institutions follow GLBA, etc.), and Michigan has additional laws for particular areas such as protections for library records and school records.

Recently, Michigan has seen increased interest in consumer privacy (for example, proposed legislation like a Michigan Privacy Act has been introduced but not passed as of yet). This indicates that Michigan may pursue comprehensive privacy legislation in the coming sessions. For now, though, no sweeping privacy law is in force.

For Michigan residents using RightLenderMatch.com: We handle your personal information with care and security, even if Michigan law doesn’t mandate specific privacy rights. If you have inquiries about your data or requests such as opting out of marketing communications, updating your information, or deleting your account, you can contact us at any time. We aim to honor reasonable requests in accordance with this Privacy Policy and our legal obligations. For example, if you no longer wish to use our service, we can delete your account information (except any data we’re required to keep for legal or compliance reasons). If you’re curious what information we have about you, we can describe the types of data we maintain (as outlined in the “Information We Collect” section of this Policy).

Even without Michigan-specific rights, remember that general U.S. protections (like the FTC Act’s prohibition on unfair or deceptive practices, which includes certain privacy and data security practices) and specific federal laws safeguard your privacy. We abide by these standards and strive to exceed them when it comes to transparency and user control.

Should Michigan pass a comprehensive privacy law in the future (and if so, it likely would grant rights similar to those in California, Virginia, etc.), we will update this Privacy Policy accordingly, detailing the new rights of Michigan residents and how to exercise them. Until then, please know that we treat your personal information with the same respect as we do for all users, no matter their state.

Minnesota

Minnesota has recently passed a comprehensive consumer privacy law known as the Minnesota Consumer Data Privacy Act (effective July 31, 2025). This law will provide Minnesota residents with rights over their personal data similar to those found in other state privacy laws. Key rights under Minnesota’s privacy law include:

  • Right to Access: Minnesota residents have the right to confirm whether an organization is processing their personal data and to access that personal data. When you request access, after verifying your identity, we will provide you with the personal information we have about you, as well as details like the categories of sources of that data, and the purposes for which we use it.

  • Right to Data Portability: You have the right to obtain a copy of personal data you provided to us, in a portable and readily usable format that allows you to transfer it to another service. If technically feasible, and upon your request, we will provide your data in a common format (such as CSV or JSON).

  • Right to Delete: You can request deletion of personal data that we have collected from or about you. We will delete such data from our systems and instruct our service providers to do the same, except to the extent we have a legitimate need or legal obligation to retain it (for instance, to complete a transaction you initiated, to detect security incidents, to comply with a legal obligation, etc., as delineated by law).

  • Right to Correct: You have the right to request that we correct inaccuracies in the personal information we hold about you. We will take into account the nature of the data and purpose of processing. Once your identity is verified and the correct information is confirmed, we will update our records accordingly.

  • Right to Opt Out of Sale of Personal Data: Minnesota residents can opt out of the sale of their personal data. A “sale” typically means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal data for money, but if any of our practices were deemed a sale under Minnesota law, you have the right to opt out and we will cease those activities for your data.

  • Right to Opt Out of Targeted Advertising: You can opt out of your personal data being processed for targeted advertising purposes. After you opt out, we will not use your data (or share it with third parties) for the purpose of serving you personalized ads based on tracking your behavior across different websites or apps.

  • Right to Opt Out of Profiling: Minnesota’s law allows you to opt out of any profiling based on your personal data that leads to legal or similarly significant effects on you. In simpler terms, if we were using algorithms to make important decisions about you without human intervention (like decisions about eligibility for services, creditworthiness, etc.), you could opt out of that automated profiling. Currently, RightLenderMatch does not make significant decisions about individuals in this automated way, but this right ensures you’re protected if that changes or in interactions with automated tools.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights. We won’t deny you our services or provide a different level of service just because you invoked your privacy rights under Minnesota law. (If we offer any special deals or incentives that involve your personal data, participation will be optional and based on your consent, and we’d explain the terms to you.)

Minnesota’s privacy law also requires extra safeguards for sensitive personal data. This includes things like data about your health, race or ethnic origin, precise geolocation, personal data of a known child, and others. Generally, businesses must obtain your consent before collecting or using sensitive data, or at least provide a clear notice and an opportunity to opt out (depending on the category of sensitive data). RightLenderMatch will comply by not collecting or using sensitive personal data of Minnesota residents without proper authorization or an opt-out opportunity, as the law dictates.

If you are a Minnesota resident, you will be able to exercise these rights by contacting us through our established channels (see Contact Us below). Even before the law’s effective date, we are working towards honoring these principles. Upon receiving a request, we’ll verify your identity (for example, by asking for information that matches our records) to ensure we protect your data from unauthorized access. We will respond to your request within the timeframe required by the law (which is typically 45 days, with one possible 45-day extension, similar to other states). If we need an extension, we’ll let you know the reason. If we decide not to fulfill a request (perhaps due to an exemption in the law or inability to verify your identity), we will explain our reasoning. Minnesota’s law will also provide for an appeal process: if you disagree with our decision on a privacy request, you can appeal by contacting us again and indicating that you’d like to appeal the decision. We’ll have a fresh set of eyes review the request and respond to you within the time frame the law sets (likely 60 days for appeals). If after the appeal you remain dissatisfied, the law may give you the right to contact the Minnesota Attorney General’s office to submit a complaint.

In summary, Minnesota’s forthcoming privacy law will give consumers substantial control over their personal information. We fully support these changes and are dedicated to upholding the rights of Minnesota residents. If you have any questions or want to exercise any of these rights, please reach out to us — we are here to assist you.

Mississippi

Mississippi has not, as of now, enacted a comprehensive consumer data privacy law. This means Mississippi residents do not have a state law granting broad rights like accessing personal data or requesting deletion of data from companies (apart from whatever rights are provided under federal laws). However, Mississippi law does include certain protections for personal information in specific contexts.

For example:

  • Mississippi has data breach notification requirements similar to many other states. If certain personal information (like Social Security numbers, driver’s license numbers, or financial account numbers) is compromised in a security breach, businesses must notify affected Mississippi residents so they can take steps to protect themselves.

  • Mississippi law also has provisions to safeguard particular types of data. For instance, there are state laws regarding the confidentiality of library user records and protections of personal information held by state agencies.

  • Mississippi, like other states, enforces general protections through its consumer protection statutes. The Mississippi Attorney General can take action against unfair or deceptive business practices, which could include egregious privacy violations or data security failures in certain cases.

  • Additionally, any specific industries operating in Mississippi (like healthcare providers, financial institutions, educational institutions) must adhere to applicable federal privacy regulations (HIPAA, GLBA, FERPA, etc.), which indirectly protect Mississippi residents’ data in those sectors.

It’s worth noting that Mississippi has considered privacy legislation (for example, bills that would address social media privacy or biometric identifiers), but as of this time, no broad privacy law has been passed. The state tends to rely on a combination of federal law compliance and general consumer protection for privacy matters.

RightLenderMatch.com applies uniform privacy and security practices across all users, so Mississippi residents are afforded the same safeguards as others. We secure personal data with industry-standard measures and we are transparent in our Privacy Policy about how we handle data. If you are a Mississippi resident and have questions or requests about your personal information, you can certainly contact us. While Mississippi doesn’t mandate it, you can ask what data of yours we have, request deletion of your data, or opt out of marketing communications, and we will accommodate such requests as best as we can consistent with our services and legal obligations.

For example, if you stopped using RightLenderMatch and wanted your account and personal details removed, you could ask us, and we would delete your information (except for any we must keep for legal/regulatory reasons, such as records of transactions or communications in compliance with law). If you wanted to correct or update your information (like your contact info), you could reach out and we’d assist with that. If you simply want to opt out of marketing emails, you can do so via the unsubscribe link in our communications or by contacting us, as described in this Policy.

In summary, while Mississippi may not yet provide state-level privacy rights like some other states, we strive to give all our users meaningful control and transparency over their data. Should Mississippi enact any new privacy laws in the future, we will update our Privacy Policy to reflect those changes and ensure that we comply fully with any new requirements.

Missouri

Missouri has not passed a comprehensive consumer privacy law as of the current date. Missouri residents thus do not have a state law that grants broad rights (such as accessing personal data or requesting deletion of data held by businesses) beyond the rights provided by federal laws. However, Missouri law, like that of other states, does include various privacy and security provisions on specific topics.

For instance:

  • Missouri has a data breach notification law requiring that individuals be notified if certain personal data (like social security numbers, driver’s license numbers, financial account numbers, etc.) is compromised due to a breach. This ensures that Missourians can take protective action (like monitoring credit or changing account numbers) if their data is involved in a breach.

  • Missouri law protects certain types of communications and records. For example, Missouri statutes preserve the confidentiality of library records and limit disclosure of video rental records (reflecting federal VPPA influences).

  • The state has laws against identity theft and imposes penalties for misuse of personal identifying information.

  • Missouri’s Merchandising Practices Act, a consumer protection law, can be used by the Attorney General to address deceptive business practices, which could encompass deceptive privacy practices or data security misrepresentations by businesses in Missouri.

  • In specialized areas, Missouri follows federal guidelines (like HIPAA for health information, FERPA for student records, and GLBA for financial information security), thereby safeguarding data in those domains.

Recently, like many states, Missouri’s legislators have explored consumer privacy bills (some akin to California’s law or other states’ proposals), but as of now, none has become law. We remain attentive to legislative developments.

For Missouri residents using RightLenderMatch.com: We treat your personal information with care and respect for your privacy. Even though Missouri doesn’t have an overarching privacy statute, our own policies give you control. You can contact us to inquire about what data we have about you, to correct your data, or even to delete your data in certain circumstances. For example, if you no longer want us to have your personal information, you can request deletion of your account. We will honor such requests to the extent possible (we may need to retain some information if required by law or for internal purposes like preventing fraud, but we’ll communicate with you about that if it arises).

Additionally, you can opt out of any marketing emails or newsletters from us — simply use the unsubscribe link provided or contact us directly and we’ll remove you from promotional lists. Our goal is to be transparent and responsive regardless of the state you live in.

In summary, Missouri doesn’t currently grant explicit consumer privacy rights via state law, but through our Privacy Policy and practices, we strive to provide Missouri users with clear information and options regarding their personal data. If Missouri enacts a broad privacy law in the future, we will update this section to outline those specific rights and ensure our compliance with new obligations.

Montana

Montana has enacted the Montana Consumer Data Privacy Act (effective October 1, 2024). This comprehensive privacy law grants Montana residents rights over their personal data, and it closely mirrors the rights provided by other recently enacted state privacy laws. Key rights under Montana’s law include:

  • Right to Access: Montana residents have the right to confirm whether we are processing their personal data and to access that data. Upon verifying your request, we will provide you with your personal information that we maintain, as well as details such as the categories of personal data, sources of that data, and the purposes for which we use it.

  • Right to Data Portability: You can request a copy of the personal data you have provided to us, in a portable and (when technically feasible) readily usable format that you could transfer to another service. We will provide this data in a commonly used electronic form (for example, a CSV file) upon request and identity verification.

  • Right to Delete: You have the right to request deletion of personal data that we have collected from or about you. Once we verify your identity, we will delete your personal information from our systems and direct our service providers to do the same, unless retaining the information is necessary for certain purposes allowed by law (such as completing a transaction you requested, detecting security incidents, exercising free speech or other rights, or complying with a legal obligation, among other exceptions).

  • Right to Correct: Montana’s law grants you the right to request that we correct inaccuracies in the personal data we hold about you. If you believe some of the information we have is incorrect, you can ask us to fix it. After verifying your identity and, if needed, confirming correct information, we will update our records.

  • Right to Opt Out of Sale of Personal Data: Montana residents can opt out of the sale of their personal data. “Sale” generally means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal data for monetary gain, but if any of our data sharing practices were considered a sale under the law, you have the right to opt out and we will honor that by ceasing such sharing for your data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the processing of your personal data for targeted advertising purposes. This means we will not use or share your information for showing you personalized advertisements once you opt out. Montana’s law also recognizes a universal opt-out mechanism: if you have a browser setting or extension (like the Global Privacy Control) indicating your desire to opt out of data sales or sharing for targeted ads, we will treat that as a valid opt-out requestusercentrics.com for your Montana rights.

  • Right to Opt Out of Profiling: You have the right to opt out of any profiling based on your personal data that leads to legal or similarly significant effects for you. For example, if we used algorithms to make decisions about you (like creditworthiness or job eligibility) without human intervention, this right allows you to opt out of that processing. (Currently, RightLenderMatch does not engage in that kind of automated decision-making without human review, but this right is there to protect you if that changes or in dealings with any third-party services.)

  • Right to Non-Discrimination: Montana residents have the right not to be discriminated against for exercising any of their privacy rights. We will not deny you services, charge you different prices, or provide a different quality of service because you invoked your rights. However, the law permits businesses to offer different prices or service levels if that difference is reasonably related to the value of your data and you’ve been informed of and consented to it (for example, in a bona fide loyalty or rewards program, which we would clearly explain if we had one).

Montana’s law also puts a spotlight on sensitive personal data. Sensitive data includes information like precise geolocation, racial or ethnic origin, health information, biometric identifiers, and personal data of a known child. Under the Montana law, businesses must obtain your consent before collecting or using sensitive personal data (with a few exceptions). In compliance, RightLenderMatch will only process sensitive personal data of Montana residents if we have obtained the required opt-in consent (or if an exception applies, such as the data being necessary for legal compliance).

To exercise any of your Montana privacy rights, you can contact us using the information provided in Contact Us below. We will verify your identity (to protect your data from unauthorized access) and then respond to your request within 45 days (the standard timeframe in the law). If necessary, we may extend this by another 45 days (for a total of 90 days), but if we do so, we will inform you of the extension and the reason. Should we deny your request for a lawful reason, we will explain our justification. Montana’s law also grants you the right to appeal our decision if you’re dissatisfied. If you submit an appeal (by contacting us again and indicating that you’re appealing our decision on your initial request), we will have a different team member or a higher-level reviewer examine your request and our prior response. We will then inform you of the outcome of the appeal within 60 days. If we ultimately deny your appeal, we will provide you with an option to contact the Montana Attorney General’s office if you wish to submit a complaint.

In summary, Montana’s new privacy law is robust and gives you significant control over your personal information. RightLenderMatch is committed to honoring these rights and protecting your privacy. Montana residents should feel free to reach out with any privacy-related questions or to exercise their rights — we are here to help facilitate that.

Nebraska

Nebraska has enacted the Nebraska Consumer Data Privacy Act (effective January 1, 2025). This law grants Nebraska residents rights over their personal data, in line with the privacy rights seen in other states’ laws. Key rights provided by Nebraska’s privacy law include:

  • Right to Access: Nebraska residents have the right to confirm whether a business is processing their personal data and to access that personal data. Upon a verifiable request, we will disclose the personal information we have collected about you, and provide details such as the categories of sources of that data, the purposes for which we use it, and the categories of third parties with whom we have shared it.

  • Right to Data Portability: You have the right to obtain a copy of personal data you provided to us, in a portable and commonly used format that can be transferred to another entity easily. When you request it, and once your identity is verified, we will provide your information in a readily usable format (for example, a CSV or JSON file that you could download).

  • Right to Delete: You can request that we delete personal information that we have collected from or about you. Once we verify your identity, we will delete your personal data from our active systems and direct our service providers to do the same, unless retaining the data is necessary for certain reasons permitted by law (such as completing a transaction you requested, detecting or preventing fraud, exercising free speech or another legal right, complying with a legal obligation, or other exceptions under the law).

  • Right to Correct: Nebraska’s law gives you the right to request correction of inaccurate personal information we maintain about you. If you become aware that some of your data in our records is incorrect, you can ask us to fix it. After verification and, if necessary, validation of correct information, we will update our records to correct any inaccuracies.

  • Right to Opt Out of Sale of Personal Data: Nebraska residents can opt out of the sale of their personal data. “Sale” in the context of the law generally means the exchange of personal data for monetary or other valuable consideration to a third party. RightLenderMatch does not sell your personal data for money, but if any of our sharing practices were considered a sale under Nebraska law, you have the right to opt out, and we will cease such activity for your information.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of processing of your personal data for targeted advertising purposes. If you opt out, we will not use or share your personal information for the purpose of showing you ads tailored to your behavior or interests across different websites. You can also use browser-based opt-out signals (like Global Privacy Control) if available; if we detect such a signal and it’s understood to express your intent to opt out of sales or sharing for behavioral advertising, we will treat it as a valid opt-out request for Nebraska as well.

  • Right to Opt Out of Profiling: You have the right to opt out of any profiling based on your personal data that leads to decisions that produce legal or similarly significant effects on you. In practice, this protects you from significant decisions made about you by algorithms without human intervention (e.g., automated denial of a loan or housing based solely on a computer algorithm). RightLenderMatch doesn’t engage in such automated decision-making about our users currently, but if that changes, Nebraska residents can opt out of it.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of the above rights. This means we won’t deny you our services, charge you different prices, or provide a different level of service just because you exercised your privacy rights. Nebraska’s law allows that if we offer a different price or rate in connection with a financial incentive program (like a loyalty or rewards program involving personal data), that’s permitted as long as it’s not unjust, and we would provide you with the details and get your consent to any such program if we ever offered one.

Nebraska’s privacy law also emphasizes protections for sensitive personal data. Sensitive data includes things such as precise geolocation, racial or ethnic origin, health information, biometric data, and personal information about minors. Typically, businesses need to obtain consent (opt-in) before processing sensitive data, or provide a clear notice and opt-out opportunity, depending on the type of data and context. RightLenderMatch will comply by ensuring we do not collect or use sensitive personal data from Nebraska residents without obtaining proper consent or providing an opt-out, in accordance with what the law requires.

If you are a Nebraska resident and want to exercise any of your privacy rights, you can contact us using the methods listed in the Contact Us section of this Privacy Policy. We will need to verify your identity to make sure the request is legitimate and to protect your information. After verification, we will respond to your request within the timeframe Nebraska law specifies (likely within 45 days, with a possible 45-day extension if necessary). If we decline to action your request for a valid reason (for example, if an exemption applies), we will inform you of that and explain our reasoning. Nebraska’s law, like many others, will provide for an appeals process. If you disagree with our decision on your privacy request, you can appeal by contacting us again and indicating that you are appealing our decision. We will have a different staff member or team review your case and make a determination, which we will then communicate to you (generally within 60 days of your appeal request). If your appeal is denied, we will also inform you how you can submit a complaint to the Nebraska Attorney General if you choose to do so.

In summary, Nebraska’s new privacy law gives you strong control over your personal information. RightLenderMatch is dedicated to implementing these rights for Nebraska residents and safeguarding personal data. Please don’t hesitate to reach out with any questions or to exercise your rights — we are ready to assist you.

Nevada

Nevada has a privacy law that gives consumers a limited right regarding their personal data. Under Nevada law (NRS 603A, as amended by SB 220 in 2019), Nevada residents have the right to direct online businesses not to sell certain personal information that the site has collected or will collect about themiapp.org. The term “sale” in this context is defined narrowly (generally, it means the exchange of personal data for monetary consideration with a third party for that third party to license or sell the data). RightLenderMatch.com does not sell personal information for monetary consideration; however, if you are a Nevada resident, you may still send us a request to opt out of any future sale of your personal data, and we will record and honor that request as required by Nevada law.

Nevada’s law applies specifically to what it calls “operators” of internet websites or online services that collect certain information from Nevada consumers. The right it provides is more limited than the rights in laws like California’s CCPA. Essentially, if we were going to sell a Nevada consumer’s personal information, that consumer can tell us “no, do not sell it.” We provide a method to submit such requests (through our contact form or email as listed in the Contact Us section).

To clarify, “personal information” under Nevada’s law includes things like your name, address, email, phone number, Social Security number, or any identifier that can be used to contact you physically or online, which is collected through our site.

RightLenderMatch’s current business practices do not involve selling personal information to third parties for profit. We use personal information primarily to provide our matching service (connecting you with potential lenders) and to improve your experience. We share data only as outlined in this Privacy Policy (for instance, with service providers or with lenders at your direction), and such sharing is not considered a “sale” under most privacy laws. However, Nevada’s definition of “sale” is quite strict and even some limited exchanges of data could potentially fall under it.

So, if you are a Nevada resident, you have the option to instruct us at any time not to sell your personal information, even though we don’t currently do so. We maintain a designated address (email) for receiving these requests. If you submit a request, we will respond and make a record of your preference. From that point on, if our practices change or if there’s any question about sharing your data in a way that might constitute a sale under Nevada law, we will exclude your data from that.

Apart from this opt-out-of-sale right, Nevada law does not currently provide additional consumer rights such as the right to access data or delete data (those rights might be available to you under other states’ laws if you are also a resident of those states, or under our general policy for all users). We treat the privacy of Nevada residents with the same care described in this policy for everyone. That means we protect your data with strong security measures and respect your privacy choices.

If Nevada law changes or new privacy rights become available to Nevada residents, we will update this Privacy Policy accordingly. For instance, if Nevada were to introduce rights to access or delete data in the future, we would adapt to ensure compliance and inform you of those rights here.

In summary, if you are a Nevada resident and wish to exercise your right under Nevada law to opt out of the sale of your personal information, please contact us via the methods in the Contact Us section. Let us know that you are a Nevada consumer requesting to opt out of sales of personal data, and we will apply that preference to your information. If you have any questions about this or how we handle consumer data in Nevada, feel free to reach out as well.

New Hampshire

New Hampshire has enacted a comprehensive privacy law known as the New Hampshire Consumer Data Privacy Act (effective January 1, 2025). Under this law, New Hampshire residents will have specific rights regarding their personal information. These rights include:

  • Right to Access: New Hampshire residents can request confirmation of whether we are processing their personal data and gain access to that data. Upon verifying a consumer request, we will provide information about the personal data we have collected about you and how we have used or shared it.

  • Right to Data Portability: You have the right to obtain a copy of your personal data from us in a format that is portable and commonly used. This will enable you to transfer your data to another service or platform if you wish. Once verified, we will produce your data (that you have provided to us) in a readily usable electronic format.

  • Right to Delete: You can request that we delete personal data we have collected from or about you. Upon receiving a verified deletion request, we will delete your personal data from our systems (unless an exemption applies). Some exceptions that might prevent deletion include when the data is necessary to complete a transaction you requested, to detect or prevent security incidents, to exercise or ensure the rights of another, to comply with a legal obligation, or other reasons allowed by law. We will inform you if any such exception applies.

  • Right to Correct: You have the right to request corrections to any inaccurate personal information we maintain about you. If you believe that some information we have (like your contact details or other personal data) is incorrect, you can ask us to correct it. After verifying your identity and confirming the correct information, we will update our records to rectify any inaccuracies.

  • Right to Opt Out of Sale of Personal Data: New Hampshire residents can opt out of the sale of their personal data. “Sale” typically means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal data in exchange for money, but if any of our data-sharing practices are deemed a sale under New Hampshire law, you have the right to opt out. If you exercise this right, we will not sell your personal data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the processing of your personal data for targeted advertising purposes. If you choose to opt out, we will not use your data or share it with third parties for the purpose of serving you tailored ads based on your browsing behavior or interests.

  • Right to Opt Out of Profiling: You can opt out of any profiling that uses your personal data to make automated decisions that produce legal or similarly significant effects on you. For instance, if decisions about you (like credit approvals or similar) were being made by algorithms using your data without human involvement, this right would allow you to object to that processing. (Currently, RightLenderMatch does not make significant automated decisions without human review regarding individual consumers, but this right is there in case that changes or in case it applies to any service we utilize.)

  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your rights. We will not deny you our services, charge different prices, or provide a different quality of service because you invoked your privacy rights under New Hampshire law. If we ever offer a financial incentive or a benefit related to the use of your personal data (such as a discount program), participation would be optional and based on your prior consent, with terms clearly explained.

Like other state privacy laws, New Hampshire’s law has provisions for sensitive personal data. Sensitive personal data may include information like precise geolocation, racial or ethnic origin, health information, biometric identifiers, or data about children. Under the law, businesses often must obtain consent (opt-in) before processing sensitive personal data, or provide a clear notice and opportunity to opt out of such processing. We will handle sensitive data in compliance with those requirements by seeking your affirmative consent if we ever need to collect it or by limiting our activities to those allowed by law.

If you are a New Hampshire resident and want to exercise your privacy rights, you can contact us as described in the Contact Us section. We will verify your identity to ensure the security of your data (for instance, we might ask you to confirm certain personal details we have on file or use a verification email). Once verified, we will respond to your request within the timeframe mandated by New Hampshire law (generally within 45 days, with a possible extension of another 45 days if needed). If we cannot fulfill your request due to an exemption, we will provide you with an explanation of why.

New Hampshire’s law also includes an appeals process. If you are dissatisfied with our response to a privacy request (for example, if we deny your request to delete data because an exemption applies and you believe that’s mistaken), you can appeal our decision. To do so, just reply to our response or contact us again indicating that you would like to appeal. A higher-level review or a different team member will re-evaluate your request and our prior decision. We will notify you of the outcome of your appeal within the time frame set by law (usually within 60 days of the appeal). If your appeal is denied, New Hampshire law may give you the right to contact the state Attorney General’s office to submit a complaint, and we will inform you how to do so.

In conclusion, New Hampshire’s Consumer Data Privacy Act gives you substantial rights over your personal data. RightLenderMatch is committed to implementing these rights and protecting the privacy of New Hampshire residents. If you have any questions about your New Hampshire privacy rights or wish to make a request, please reach out to us – your privacy is important, and we are here to help.

New Jersey

New Jersey has enacted a data privacy law referred to here as the New Jersey Data Privacy Act (NJDPA), which took effect on January 16, 2024. Under this law, New Jersey residents are provided with a range of rights concerning their personal information held by businesses. These rights include:

  • Right to Access: New Jersey residents have the right to know whether we have personal information about them and to obtain access to that information. If you submit an access request (and after we verify your identity), we will tell you whether we are processing your personal data and provide you with the data we have about you. This includes categories of personal information collected, categories of sources, purposes for collection, and categories of third parties with whom we share the data.

  • Right to Data Portability: You have the right to receive a copy of personal data that you have given us, in a portable and readily usable format. Upon your request, and once verified, we will furnish your data in a commonly used digital format, which you could then transfer to another entity if you so choose.

  • Right to Delete: You have the right to request deletion of personal information that we have collected from or about you. When you make a deletion request, we will verify your identity and then delete your personal information from our records (and instruct our service providers to do the same), unless retaining the information is necessary for certain permitted purposes. Those purposes might include: completing a transaction or service you requested, detecting or preventing fraudulent or illegal activity, exercising our legal rights or ensuring another’s rights, complying with a legal obligation, or other internal uses aligned with your relationship with us. If an exception applies, we will let you know.

  • Right to Correct: If you believe that any personal information we have about you is inaccurate or outdated, you have the right to request that we correct it. Once we verify your identity and validate the correct information, we will update our records to fix any inaccuracies.

  • Right to Opt Out of Sale of Personal Data: New Jersey residents have the right to opt out of the sale of their personal data. “Sale” generally means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal information for money to third parties. In the event any of our data sharing could be considered a “sale” under New Jersey’s law, you can opt out and we will cease such activity related to your data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of having your personal information used for targeted advertising. This means you can tell us not to use your data, or share it with others, to send you personalized ads that are based on your online behavior or interests. Once you opt out, we will not use your data for such targeted marketing activities. Additionally, New Jersey’s law may recognize browser or device signals that indicate a consumer’s choice to opt out (like the Global Privacy Control); if so, we will honor those signals as opt-out requests.

  • Right to Opt Out of Profiling: You have the right to opt out of the use of your personal data in automated profiling decisions that produce legal or similarly significant effects on you. If we were to use algorithms to evaluate or predict aspects of your life (such as your creditworthiness or job performance) in a way that significantly affects you, you could opt out of that. At present, RightLenderMatch does not engage in such automated decision-making without human intervention. If this changes, or if we incorporate such third-party services, New Jersey consumers would have the right to opt out.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of the rights above. We will not deny you our services, charge you different prices, or provide a different level of service simply because you invoked your privacy rights. If we offer any incentives (like discounts or rewards) that require the collection of personal data, those will be offered in compliance with the law and will be optional — we would provide you with information about them and get your consent.

New Jersey’s law also likely includes special rules for sensitive personal data, similar to other states’ laws. Sensitive personal data might encompass information like social security numbers, driver’s license numbers, precise geolocation, health status, biometric identifiers, or information about children. Typically, businesses must obtain consent (opt-in) before processing sensitive personal data, or at least allow consumers to opt out of its processing. RightLenderMatch will treat any sensitive personal data with enhanced protection as required: for instance, if we needed to use precise geolocation for a feature, we’d ask your permission first.

If you’re a New Jersey resident and want to exercise your privacy rights, you can contact us through the methods described in Contact Us at the end of this policy. We will verify your identity (for example, by asking you to provide information that matches our records) to ensure we’re dealing with the correct person. Once verified, we will respond to your request typically within 45 days, as the law requires. If necessary, we may extend that period by another 45 days (to a total of 90 days), but if we do, we’ll inform you of the reason. If we cannot fulfill your request, we will explain the reason (e.g., a legal exception).

New Jersey’s law also provides a mechanism for you to appeal our decision if you’re not satisfied. For example, if we deny a deletion request because an exception applies and you believe more should be done, you can appeal. To appeal, you would contact us again (using the same channels) and indicate that you are filing an appeal regarding your prior request. We will have a different member of our team review the case, and we will inform you of the outcome of your appeal within the timeline specified by law (usually 60 days from when the appeal is received). If after the appeal you still have concerns, we will provide you with information on how you might lodge a complaint with the New Jersey Division of Consumer Affairs or the appropriate entity as per New Jersey regulations.

In summary, the New Jersey Data Privacy Act provides robust rights for you to control your personal information. We at RightLenderMatch are dedicated to respecting those rights and have processes in place to comply with New Jersey’s law. Please feel free to reach out with any questions or to make any privacy-related requests — your privacy is important to us, and we’re here to help.

New Mexico

New Mexico has not enacted a comprehensive consumer privacy law (as of the current date). This means New Mexico residents do not have state-level privacy rights like the right to access personal data or request deletion of data from companies, apart from what is provided by federal laws. However, New Mexico has taken steps in various ways to protect consumer information and privacy on specific issues.

For example:

  • New Mexico’s Data Breach Notification Act requires businesses to notify individuals if there is a security breach involving their personal identifying information (such as social security numbers, driver’s license numbers, or financial account information). This helps New Mexicans stay informed and protect themselves after a breach.

  • New Mexico has laws addressing the privacy of electronic communications and data in certain contexts. For instance, the state has been progressive in digital privacy; in 2019, New Mexico passed a law requiring law enforcement to obtain a warrant to access someone’s electronic communications or location data.

  • The state also upholds privacy through general consumer protection under the New Mexico Unfair Practices Act, which could be applied to deceptive or unfair handling of personal data (for example, misrepresenting how a company uses personal data might be considered an unfair practice).

  • Sector-specific laws also contribute: health providers follow HIPAA, financial companies follow GLBA, and schools adhere to FERPA, giving New Mexico residents protection under these domains.

New Mexico has shown interest in broad privacy legislation; bills akin to CCPA have been introduced but not passed. One example was a 2021 effort to establish privacy rights and requirements for businesses, though it did not become law. The conversation in New Mexico about privacy is ongoing.

If you are a New Mexico resident using RightLenderMatch.com, even though your state doesn’t guarantee certain rights by law, we strive to give you control over your data. You can always request to see what information we have about you or ask to delete your account or data associated with you. We handle such requests as described in this Privacy Policy, typically as part of our service standards rather than due to state law requirement. For instance, if you stop using our service and want your personal info removed, we can delete your account and associated data (unless we need to keep some for legal compliance or legitimate internal purposes, in which case we’d let you know). If your information changes or is incorrect, you can ask us to update it. Also, if you prefer not to receive marketing communications, you can opt out anytime.

We maintain high security standards for all user data, including data of New Mexico residents. This includes using encryption, limiting access to data, and training our staff on protecting personal information.

To summarize, New Mexico currently relies on a mix of specific laws and general protections instead of one big privacy law. RightLenderMatch is committed to privacy for New Mexico residents through our own policies and compliance with applicable federal and state laws. If New Mexico enacts a comprehensive privacy law in the future (which is certainly possible as more states adopt such laws), we will update our Privacy Policy to reflect any new rights or obligations specific to New Mexico residents.

New York

New York, as of now, has not passed a comprehensive consumer data privacy law like California’s CCPA or similar laws in other states. Various comprehensive privacy bills (such as the proposed New York Privacy Act) have been introduced in the New York State Legislature over the past few years, reflecting ongoing discussions about data privacy, but none have become law yet. Therefore, New York residents do not currently have a state law granting them broad rights like a general right to access personal data or request deletion of data held by companies, beyond the rights provided by federal law and specific state laws.

However, New York has taken significant steps to protect personal data through other means:

  • NY SHIELD Act (Stop Hacks and Improve Electronic Data Security Act): Enacted in 2019, this law strengthened New York’s data breach notification requirements and imposed data security obligations on businesses. The SHIELD Act requires businesses that hold New Yorkers’ private information to implement reasonable administrative, physical, and technical safeguards (even if the business is located outside of NY). It also expanded the definition of “private information” (for breach purposes) and ensures that in the event of a data breach, affected New York residents are timely notified and the state authorities are informed.

  • Data Broker Registration Law: In 2022, New York passed a law requiring companies that collect and sell personal data (data brokers) to register with the state and allow individuals to opt out of the sale of their personal information. This adds oversight and a layer of consumer protection in the data broker industry.

  • Biometric Privacy Law (NYC and potential state law): While there isn’t a state-wide BIPA equivalent yet, New York City enacted a biometric identifier information law in 2021 that requires businesses (like stores and restaurants) to post notices if they’re collecting biometric info (like facial recognition or fingerprints) and prohibits the sale of biometric data. At the state level, proposals have been introduced to regulate biometric data, indicating a focus on that sensitive area of privacy.

  • Other sector-specific laws: New York has laws protecting specific categories of data, like student data (New York’s Education Law includes privacy protections for student educational records) and laws that complement HIPAA for medical confidentiality. The state also has a strong history of consumer protection enforcement through the NY Attorney General’s office, which can act against companies for privacy violations under general consumer protection statutes.

If you’re a New York resident using RightLenderMatch.com, you benefit from these laws and our company’s commitment to privacy. For example, under the SHIELD Act, we have a legal duty to protect your personal information with reasonable security measures, which we do. If there were ever a data breach affecting your personal data, we would notify you as required by New York law (and by our own internal policies which likely go beyond that).

Beyond legal compliance, RightLenderMatch extends courtesy and control to all our users. That means New Yorkers can contact us to inquire about their data, or ask us to delete or update information, similar to the rights you might expect under other states’ laws. For instance, if you want to know what information we have about you in our systems, we can let you know the categories of data and why we have it. If you decide you no longer want to use our services and prefer that we remove your personal details, we will delete your account information (except for any we need to retain for legal reasons, like transaction records or to comply with regulatory requirements). Also, if you prefer not to get marketing emails from us, you can opt out at any time (via the link in the email or by contacting us) and we will honor that.

We also support emerging technologies like the Global Privacy Control (GPC), which is a browser setting some consumers use to signal their privacy preferences globally. Even though New York doesn’t yet have a law mandating recognition of such signals, we respect privacy-forward practices; so, if you have GPC enabled, we treat it as a signal of your general desire to limit data sharing/selling (applicable in states where it’s law, and as a courtesy even where not required).

In summary, while New York has not (yet) enacted an overarching consumer privacy law giving rights like access or deletion on request, our company follows New York’s existing laws like the SHIELD Act and the data broker law, and voluntarily provides New York consumers with transparency and choices about their data. Should New York pass a comprehensive privacy law in the future, we will update this Privacy Policy to detail the new rights and ensure our compliance so that New York residents know exactly what they can do with regard to their personal information.

North Carolina

As of now, North Carolina has not adopted a comprehensive consumer privacy law. That means residents of North Carolina do not have broad state-granted rights such as requesting a full accounting of their personal data or deletion of their data from companies, beyond the scope of federal law and specific state statutes. However, North Carolina has several laws and initiatives that protect consumer data in certain contexts:

  • Data Breach Notification Law: North Carolina law requires any business that owns or licenses personal information of North Carolina residents to notify those residents, as well as certain state agencies, if there is a breach of security leading to unauthorized access of personal information (like Social Security numbers, driver’s license numbers, or financial account information). This ensures North Carolinians are made aware of breaches so they can take protective measures.

  • Social Security Number Protection: North Carolina law places limits on how Social Security numbers can be communicated (for example, generally prohibiting businesses from intentionally communicating SSNs to the general public or printing them on cards, etc.). This adds a layer of protection for a key piece of personal data.

  • Cybersecurity Standards: While not directed to granting consumer rights per se, North Carolina’s Identity Theft Protection Act requires businesses to safeguard personal information and properly dispose of records containing personal information (for instance, by shredding documents or wiping electronic media).

  • Automated Decision-making Transparency (Proposed): North Carolina has considered legislation that would address fairness and transparency in automated decision-making and algorithms used by businesses, reflecting concern about how data and profiling might affect citizens (though comprehensive legislation hasn’t been passed as of this writing).

  • General Consumer Protection: The North Carolina Attorney General can pursue companies for unfair or deceptive trade practices under the state’s Unfair and Deceptive Trade Practices Act (UDTPA). Misrepresenting privacy practices or mishandling consumer data in a way that is considered deceptive or egregious could fall under this in some cases.

If you’re a North Carolina resident using RightLenderMatch.com, know that we treat your personal information with care and respect for your privacy. Even if not mandated by a specific NC privacy law, we are transparent about the personal data we collect and how we use it (as outlined in this Privacy Policy). You have control via the choices described here: you can opt out of marketing, you can manage cookies via our Cookies section or your browser settings, and you can contact us with any inquiries or requests about your data.

For example, you may reach out to ask what personal information of yours we have stored. While not required by NC law, we think it’s good customer service and transparency to provide you with an overview of your data, which typically includes contact information and any details you provided when using our service (like loan preferences), as well as information we may have gathered automatically (like website usage data via cookies, etc.). If you find any of it inaccurate or wish to update it, we’ll help you correct it. If you no longer want us to retain your data (perhaps you matched with a lender and have no further need for our services), you can request deletion of your account. We will comply with such requests to the extent feasible — removing your personal details from our active databases, except data we might need to keep for legal compliance (e.g., proof of transactions or communications as required by law) or legitimate internal purposes (like preventing fraud or honoring opt-out records).

North Carolina has been actively exploring privacy issues and it’s possible the state will enact more expansive privacy legislation in the near future. We keep an eye on these developments. If North Carolina does pass a law granting new privacy rights or imposing new obligations on businesses, we will update our Privacy Policy to inform you of those changes and to comply fully.

In summary, North Carolina currently relies on targeted laws and general consumer protections for privacy rather than a broad consumer privacy law. We abide by those requirements and go further by voluntarily offering transparency and choices about personal data to our North Carolina users, treating them on par with users in states with dedicated privacy statutes. If you have any questions or privacy-related concerns as a North Carolina resident, you’re welcome to reach out via the contact information provided in this policy.

North Dakota

North Dakota has not enacted a comprehensive consumer privacy law as of the current date. That means there isn’t a single North Dakota statute granting residents broad rights such as requesting access to all their personal data held by companies or demanding deletion of such data, aside from the protections afforded by federal law and narrower state laws. However, North Dakota has a few laws and legal principles that touch on privacy and data protection in certain areas:

  • Data Breach Notification: North Dakota law requires any person or business that conducts business in ND and that owns or licenses computerized data including personal information to disclose any breach of the security of the system to North Dakota residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Essentially, if a company experiences a data breach exposing personal data like Social Security numbers, driver’s license numbers, etc., they must notify affected individuals in North Dakota.

  • Social Security Number Protections: North Dakota places some restrictions on the use of Social Security numbers to guard against misuse (for example, prohibiting intentional communication of SSNs to the public, printing them on certain cards, etc., similar to many other states).

  • General Consumer Protection: The North Dakota Attorney General’s office can enforce the state’s consumer protection laws (like the Unlawful Sales or Advertising Practices law) to address deceptive or unfair trade practices. If a company’s privacy practices were misleading or a company misrepresented how it handles personal data, that might be considered a deceptive practice in some circumstances, although ND doesn’t have specific precedent on privacy as an unfair practice that I’m aware of.

  • Sectoral and Federal Laws: North Dakotans also benefit from the application of federal privacy laws (HIPAA for health, GLBA for finance, FERPA for education, etc.) when relevant, as well as industry-specific state laws (for example, ND has laws regarding privacy of library records, which is a niche but important area).

For North Dakota residents using RightLenderMatch.com: Even though North Dakota doesn’t have its own version of CCPA or similar laws, we aim to be transparent and fair with all users’ personal information. You have tools at your disposal to control your data with us much like users in any state. You can request to unsubscribe from marketing emails, adjust your cookie preferences, or reach out to us to ask about your personal information.

If you contact us with questions about what data we have collected from you or how it’s used, we’ll provide as much detail as we can, consistent with verifying your identity and our internal records. If you find an error in your personal information (like a misspelled name or outdated contact info), we will correct it upon request. If you want your account deleted and your personal data removed from our active systems, we can do that too (except we may retain some records if needed for legal compliance or legitimate internal purposes like evidence of a transaction or opt-out, but we will let you know if that’s the case). Our default policy is to not keep personal data longer than necessary for the purposes described, so if your account becomes inactive or you withdraw consent (where applicable), we’ll cease using your data and delete or anonymize it after a reasonable period or upon request.

It’s also worth noting that North Dakota was an early adopter of certain data protection ideas; e.g., ND is one of the few states that historically required a social media platform (like Twitter) to remove accounts or posts if requested by a person who is being impersonated or harassed (this was a unique ND law passed in the 2009 era of social media). While that specific law may not directly affect how we handle data at RightLenderMatch, it shows ND’s interest in protecting its residents from certain online harms.

If North Dakota in the future passes a broader consumer privacy law granting specific rights (like one similar to laws in CA or VA), we will update this policy to outline those rights for North Dakota residents. In the meantime, we continue to handle your personal information in line with our overarching commitments to privacy and data security, as described throughout this Privacy Policy.

In conclusion, North Dakota doesn’t currently offer specific consumer privacy rights by law, but RightLenderMatch’s practices ensure you still have insight and influence over your personal data. We abide by all applicable laws regarding data security and breaches. If you have any privacy-related questions or requests, we encourage you to reach out via the contact details in this policy, and we’ll be glad to assist you.

Ohio

Ohio has not yet enacted a comprehensive consumer privacy law that gives residents general rights like accessing or deleting personal data (as of the current date). However, Ohio has shown some movement towards privacy regulation and has laws in place touching on privacy and cybersecurity in certain contexts.

For instance:

  • Ohio Personal Privacy Act (Pending): There have been legislative proposals in Ohio to strengthen consumer privacy. While not enacted yet, these discussions indicate Ohio is considering how to give consumers more control over their data. (If such a law passes, we will update our policy accordingly.)

  • Data Breach Notification: Ohio has a data breach notification law requiring businesses and state agencies to inform Ohio residents if there’s a breach of security involving personal information like Social Security numbers, driver’s license numbers, or financial account details. Essentially, if your data is compromised in a security breach, you should be notified promptly so you can take protective actions.

  • Ohio Cybersecurity Safe Harbor (Ohio Data Protection Act): Interestingly, Ohio passed the Ohio Data Protection Act in 2018, which encourages businesses to adopt strong cybersecurity practices. It provides an incentive: if a business implements a cybersecurity program that meets industry-recognized frameworks (like NIST, ISO, etc.), and if there’s a data breach, the business can use its compliance as an affirmative defense in tort lawsuits. This law doesn’t directly give consumer rights, but it encourages companies to better protect data. RightLenderMatch does align its security practices with recognized frameworks, so this likely benefits our Ohio users by reducing the risk of breaches.

  • General Consumer Protection (Ohio CSPA): The Ohio Consumer Sales Practices Act prohibits unfair or deceptive acts in consumer transactions. If a company blatantly misled consumers about its privacy practices or used their data in a way that’s considered unfair, the Ohio Attorney General could, theoretically, take action under this act, although it’s not a direct privacy law.

  • Sector-specific protections: Ohio, like other states, follows federal laws such as HIPAA (health data) and GLBA (financial data) for relevant entities, and has various state laws about confidentiality (for example, library records, educational records, etc.) that protect specific types of personal information of Ohio residents.

If you are an Ohio resident using our service, rest assured we treat your personal information with the same standard of care as described for all users. Even without an Ohio-specific privacy law, you can:

  • Contact us to inquire about your personal data in our systems.

  • Request corrections if any personal information is inaccurate or outdated.

  • Ask to have your data deleted if you no longer want us to have it (provided we’re not required to keep it for legal reasons).

  • Opt out of any marketing communications from us.

  • Set your browser or use tools to block or limit tracking (like disabling non-essential cookies or using browser privacy signals; while not mandated by Ohio law, we respect such preferences in our system settings).

We take data security seriously, which not only aligns with that Ohio Cybersecurity Safe Harbor Act for us, but more importantly protects your information from unauthorized access. Our security measures include encryption in transit (e.g., HTTPS), pseudonymization/anonymization where appropriate, regular vulnerability assessments, etc., consistent with industry standards.

Should Ohio pass a broad privacy law in the future (which could, for example, grant rights similar to CCPA), we will incorporate those rights into our operations and update this Privacy Policy so Ohio residents will be aware of their new rights and how to exercise them.

In summary, Ohio currently protects consumer data through a combination of incentives for good security practices and general laws rather than through a specific consumer privacy statute. RightLenderMatch complies with all such laws and goes a step further by offering transparency and control to our Ohio users. If you have questions or requests about your privacy as an Ohio resident, please reach out to us via the contact information provided; we are here to help and value your privacy.

Oklahoma

Oklahoma has not passed a comprehensive consumer privacy law yet, though there have been attempts to introduce such legislation (for instance, bills similar to California’s CCPA were proposed in recent sessions). As of now, Oklahoma residents do not have a broad state law that gives them general rights like accessing personal data or requesting deletion from companies beyond what federal law provides or what our own policies grant.

However, Oklahoma does have certain laws and measures in place that address specific privacy-related concerns:

  • Security Breach Notification Act: Oklahoma law requires that any person or business that owns or licenses computerized data including personal information must notify any Oklahoma resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person due to a breach. In plain terms, if your personal information (like your name paired with a Social Security number, driver’s license number, or financial account number) gets compromised in a data breach, you should receive a timely notice so you can take steps to mitigate harm (like monitoring your credit reports).

  • Social Security Number Protection: Oklahoma has a law that limits how SSNs can be displayed or transmitted to reduce the risk of identity theft. For example, it generally prohibits publicly posting or displaying an individual’s SSN or printing it on cards required to receive products or services.

  • Telephone Records Act: Oklahoma makes it illegal to obtain someone’s phone records through fraud or to sell or disclose phone records without consent. This is a narrower privacy protection, but one relevant in the realm of telecommunications.

  • General Consumer Protection (Oklahoma Consumer Protection Act): This act prohibits deceptive trade practices. If a business were to, say, falsely advertise that it doesn’t sell personal data but then does so, that could potentially be considered a deceptive practice that the state Attorney General might act upon. While this isn’t a dedicated privacy law, it’s a backdrop that encourages honesty about data practices.

  • Sectoral Privacy: Like everywhere in the US, Oklahomans benefit from federal laws (like HIPAA for health data, FCRA for credit data, COPPA for children’s online data, etc.) and certain state-specific ones (like laws on library confidentiality, if any, or state tax record privacy, etc.) that protect privacy in specific areas.

For Oklahoma residents using RightLenderMatch.com: We follow privacy-friendly practices in line with emerging standards and common principles across states. That means:

  • We do not sell your personal information to third parties (as commonly understood; if we ever share data for things like marketing partnerships, it’s with clear notice or consent and often anonymized or aggregated).

  • You can request information about what personal data we have collected about you. While not mandated by OK law, we think it’s important to give users transparency. This includes categories of personal info (for example, contact details, info you provided about loan needs) and the purposes for which we use it (to connect you with lenders, improve our services, etc.), and who we share it with (like lender partners or service providers).

  • You can ask us to delete your personal data. We will honor such requests in line with our retention policies. If you no longer want our services, we can delete your account info. We may retain minimal data as needed (for instance, transaction records if you actually took out a loan with a partner, or records needed for legal compliance or to suppress further communications as per your opt-out).

  • We allow you to opt out of marketing communications easily. If you say no to promotional emails, we’ll stop sending them.

  • If you have enabled a privacy preference signal in your browser (like the Global Privacy Control), we respect it to the extent feasible by treating it as an opt-out of third-party data sharing for targeted ads (though Oklahoma doesn’t legally require this, it’s part of our commitment to user privacy on a broader scale).

  • We secure your data with appropriate technical and organizational measures to prevent breaches. (This also aligns with Oklahoma’s breach notification interest — by securing data, we reduce likelihood of breaches. But if one were to occur affecting Oklahoma residents, we’d notify you and the state as required.)

Looking forward, if Oklahoma passes its own version of a privacy law (which might grant rights like access, deletion, correction, opt-out of sale/sharing explicitly), we will adapt to comply with it and update our Privacy Policy accordingly so you’ll know how those rights apply when using our services.

In summary, while Oklahoma doesn’t have an umbrella privacy law now, we operate with high standards of privacy and data security that give our Oklahoma customers meaningful control and protection. We also obey all specific Oklahoma laws regarding data confidentiality and breach handling. If you’re an Oklahoma resident and have any privacy-related questions or requests about your data with us, please contact us as outlined at the end of this Privacy Policy. We are here to help and value your trust.

Oregon

Oregon has enacted the Oregon Consumer Privacy Act (effective July 1, 2024). This law provides Oregon residents with specific rights regarding their personal data and imposes corresponding obligations on businesses like ours. Under the Oregon Consumer Privacy Act (often abbreviated OCPA), Oregon consumers have the following privacy rights:

  • Right to Access: Oregon residents have the right to confirm whether we are processing their personal data and to access that data. Upon a verifiable request, we will provide you with the personal information we have about you. This includes not just the data itself, but also supplementary information such as the categories of sources from which we obtained the data, and the purposes for which we process it.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you provided to us, in a portable and, to the extent technically feasible, readily usable format. In practice, once we verify your identity and request, we will compile your data (that you’ve given us or that we have collected in the course of your use of our service) into a commonly used electronic format (such as a CSV or JSON file) that you can then take and use elsewhere if you desire.

  • Right to Delete: You can request deletion of personal data that we have collected from or about you. When you make such a request and after we verify it, we will delete your personal information from our systems and instruct our service providers to do the same, unless retaining the data is required or allowed by law. For example, we might need to keep certain transaction records for legal compliance (like proof of a loan referral or for financial auditing) or to exercise or defend legal claims. Other exceptions might include if the data is needed for security purposes or to complete a service you requested. We will be transparent about any data we can’t delete and the reasons why.

  • Right to Correct: Oregon’s law provides that you have the right to request correction of inaccurate personal data that we maintain about you. If you find that some information we have (perhaps your contact info or other details) is outdated or incorrect, let us know. Upon verification of your identity and, if needed, validation of the correct data, we will correct our records.

  • Right to Opt Out of Sale of Personal Data: Oregon residents have the right to opt out of the sale of their personal data to third parties. The term “sale” is defined in the law (often similar to other states) to mean the exchange of personal data for monetary or other valuable consideration. We want to emphasize that RightLenderMatch does not sell personal information to data brokers or other third parties for monetary gain. If we ever were to engage in a practice that could be construed as a sale under Oregon law (for instance, exchanging data for some benefit beyond the scope of providing our service to you), you have the right to tell us to stop, and we would honor that opt-out.

  • Right to Opt Out of Targeted Advertising: Oregon’s law gives you the right to opt out of having your personal data used for targeted advertising. “Targeted advertising” generally means ads targeted to you based on tracking of your activities across different businesses, websites, or applications. If you opt out, we will stop using (and sharing with advertising partners) your personal information for the purpose of serving you personalized, interest-based ads. You may still see generic ads, but they won’t be using your personal data to tailor them.

  • Right to Opt Out of Profiling: Oregon residents have the right to opt out of profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning them. In simpler terms, if we were to use algorithms to make important decisions about you (like credit approval, housing eligibility, or something with a comparable impact) without any human involvement, you could opt out of that processing. Currently, we do not make any such automated decisions that have legal or similarly significant effects on individuals, but this right ensures you’re protected as technology evolves.

  • Right to Non-Discrimination: Oregon’s law ensures that you will not receive discriminatory treatment from us for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a lesser quality of service just because you exercised your rights. However, the law does allow us to offer a different price or rate if that difference is reasonably related to the value provided by your data (for example, as part of a loyalty or rewards program), and any such offering would be optional and based on your consent. If we ever provide such incentives, we’d give you all the details so you can make an informed choice.

Furthermore, like other state privacy laws, Oregon’s law requires special treatment of sensitive personal data. Sensitive data includes things like precise geolocation information, biometric identifiers, information about health or sexual orientation, and personal data of children. Generally, businesses must obtain your consent (opt-in) before processing sensitive personal data, or in some cases provide a clear notice and an opportunity to opt out. RightLenderMatch will comply by either not collecting sensitive data at all or by making sure we have obtained any necessary consent. For example, if we needed precise location data to match you with local lenders, we would ask your permission first (and you can decline).

If you want to exercise any of these rights as an Oregon resident, you can contact us through the channels provided in the Contact Us section of this Privacy Policy. We will need to verify your identity to ensure the request is legitimate (for instance, by asking you to confirm certain personal details or respond to a message at your email on file). Once verified, we will fulfill your request within the time frame set by law, which is typically 45 days. If necessary, we can extend that by another 45 days (90 days total) but we would tell you why an extension is needed.

Oregon’s law also provides for an appeal process. If you make a request and aren’t satisfied with our response (say we denied deleting certain data because of an exemption and you believe more should be done), you have the right to appeal our decision. To do so, simply contact us (ideally referencing your original request and our response) and state that you are appealing. We will then have a higher-level review internally and respond to you within 45 days of receiving the appeal (or 60 days if necessary, in which case we’ll notify you of the delay). If after the appeal we still do not take action you requested and you remain unsatisfied, Oregon law would allow you to contact the Oregon Attorney General’s office to submit a complaint. In our appeal response, we will provide you with information on how to do that if applicable.

In summary, the Oregon Consumer Privacy Act gives you robust control over your personal information. RightLenderMatch is fully committed to respecting those rights for Oregon residents. We have updated our systems and processes to comply with this law. If you have any questions or wish to exercise your rights, please reach out — we are here to help and believe your trust is paramount.

Pennsylvania

Pennsylvania has not yet enacted a comprehensive consumer privacy law as of the current date. Various privacy bills have been introduced in the Pennsylvania legislature, reflecting an ongoing interest in consumer data protection, but none have become law up to now. As a result, Pennsylvania residents do not have a state law granting broad rights like accessing their personal data or requesting deletion from companies beyond what’s provided under federal law or specific state statutes.

However, Pennsylvania provides privacy and security protections through other legal channels:

  • Breach of Personal Information Notification Act: Pennsylvania’s data breach notification law requires entities that maintain, store, or manage computerized data that includes personal information to notify Pennsylvania residents if there’s a breach of security leading to unauthorized access of their personal information (like Social Security numbers, driver’s license numbers, or financial account info). This ensures that if your data is compromised, you’ll be made aware and can take steps (like monitoring accounts, etc.).

  • Social Security Number Privacy: Pennsylvania law generally prohibits businesses from publicly posting or displaying Social Security numbers, printing them on mailed materials (with some exceptions), or requiring them to log into websites. It’s similar to many other states’ SSN privacy protections.

  • Pennsylvania Constitution – Right to Privacy: Interestingly, Pennsylvania’s state constitution recognizes a right to privacy in certain contexts. The Pennsylvania courts have, at times, interpreted this as providing individuals with protections against some government and private intrusions. While it doesn’t translate into a concrete list of consumer rights like the CCPA does, it shapes a backdrop that privacy is valued in PA.

  • General Consumer Protection (UTPCPL): The Pennsylvania Unfair Trade Practices and Consumer Protection Law prohibits unfair or deceptive business practices. While it’s not specific to privacy, if a company misrepresents how it handles personal data or engages in egregiously unfair privacy-related practices, the PA Attorney General could potentially consider action under this law.

  • Sector-specific laws: Pennsylvania follows federal privacy regulations in finance, health, education, and has specific laws for certain records (for example, PA has statutes protecting library user records, limiting the disclosure of student data beyond FERPA, etc.). Also, PA has a strong data security requirement for medical records under its state laws complementing HIPAA.

For Pennsylvania residents using RightLenderMatch.com, here’s what this means:

  • We are transparent about the data we collect and how we use or share it, as detailed throughout this Privacy Policy. Even without a PA-specific law requiring it, we think it’s important you know this.

  • You have the ability to request information from us about your data. If you’re curious what personal info of yours we hold, you can ask us. Typically, it will be the info you provided (name, contact, details about what you’re seeking in a loan) and perhaps some technical info (like IP address or device info from your interactions on our site). We can confirm categories of third parties we might share with (like lender partners when you seek offers, or service providers for analytics).

  • You can ask us to delete your data. For instance, if you no longer want to use our service, you can request account deletion. We will remove your personal information from our active databases, except where we might need to keep some for compliance (e.g., records of which lenders you connected with, if any, for auditing or legal purposes, or keeping your email on a suppression list if you unsubscribed to ensure we don’t contact you, ironically).

  • We provide a clear way to opt out of marketing emails and to adjust cookie preferences (via browser or any provided consent tools on our site). If you say you don’t want targeted ads, we honor that by not sharing your data with ad networks (though we have limited advertising activity in the context of our service, primarily focusing on connecting you with lenders you explicitly request).

  • We implement robust security measures to safeguard your personal info, aligning with good industry practice and Pennsylvania’s expectation (from its breach law) that data should be kept secure to prevent breaches.

Should Pennsylvania enact its own comprehensive privacy law in the future (which could give rights like access, deletion, correction, etc., similar to other states), we will update our Privacy Policy accordingly and, of course, comply with all new requirements.

In summary, while Pennsylvania doesn’t currently bestow explicit consumer data rights via a single privacy statute, we at RightLenderMatch treat your privacy seriously and grant you much of the same control you’d have if you were in a state with such a law. Pennsylvania’s emphasis on breach notification and general consumer fairness are things we naturally comply with. If you have any concerns or questions about your data while using our service in Pennsylvania, please contact us — we’re here to address any issues and ensure you feel comfortable and informed.

Rhode Island

Rhode Island has enacted a comprehensive privacy law known as the Rhode Island Consumer Privacy Act (effective January 1, 2026). This law is part of the wave of new state privacy laws granting consumers greater control over their personal information. Under this Rhode Island law, residents will have rights similar to those found in other state privacy statutes. Key rights include:

  • Right to Access: Rhode Island residents can request confirmation of whether we are processing their personal data and obtain access to that data. When you exercise this right, after verifying your identity, we will provide you with the personal information we have about you, along with information on how we use it and who we share it with. This is comparable to asking, “What data do you have about me, and what are you doing with it?”

  • Right to Data Portability: You have the right to get a copy of the personal data you provided to us, in a portable and readily usable format, so that you can transfer it to another service or for your own use. We will prepare your data (that you’ve directly given us or that we’ve collected in the context of providing our service to you) in a common digital format (for example, a CSV file) upon your verified request.

  • Right to Delete: You can request that we delete personal information we have collected from or about you. Once we receive and verify such a request, we will delete your personal data from our records (and instruct our service providers to do the same), unless keeping it is necessary for certain permitted purposes. Such purposes might include completing a transaction you initiated, detecting security incidents, protecting against illegal activity (like fraud), exercising or defending legal claims, or complying with a legal obligation (for instance, maintaining certain business records). If an exception applies, we will let you know what we cannot delete and why.

  • Right to Correct: Rhode Island’s law gives you the right to request corrections to any inaccurate personal data we have about you. If, for example, your name or contact information is misspelled or outdated in our system, you can ask us to fix it. After verifying your identity and, if needed, confirming the correct information, we will correct our records.

  • Right to Opt Out of Sale of Personal Data: Rhode Island residents can opt out of the sale of their personal information. “Sale” under these laws usually means selling, renting, releasing, or otherwise disclosing personal data to another company for monetary or other valuable consideration. RightLenderMatch does not sell personal data to third parties for money. If any of our information sharing practices were to be considered a “sale” under Rhode Island’s definition (for example, exchanging data in a way that benefits us beyond providing our service to you), you have the right to opt out of that, and we would cease such activity for your data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the use of your personal data for targeted advertising purposes. This means if you do not want us to use your data to show you personalized ads (and similarly, not share it with advertising networks for them to show you targeted ads on our site or elsewhere), you can tell us not to. We will then refrain from using or sharing your data for targeted ads. You might still see advertisements, but they would be generic and not tailored using your personal information.

  • Right to Opt Out of Profiling: You can opt out of any profiling using your personal data that furthers solely automated decisions that have legal or similarly significant effects on you. If we were using algorithms to make important decisions about you (like creditworthiness, job offers, etc.) without human involvement, this opt-out would apply. We do not currently engage in such automated decision-making processes affecting individuals in a significant way, but the right is there to protect you if that changes or if we use a third-party tool that does so.

  • Right to Non-Discrimination: Rhode Island’s law, like others, ensures you won’t be discriminated against for exercising your privacy rights. We will not deny you services, charge you a different price, or provide a lower quality service because you invoked your rights. If we ever offer any financial incentives (like discounts or rewards) in exchange for personal data, participation will be optional and based on your consent, with terms clearly explained to you (and such incentives will be made available in a way that’s not unjust, in compliance with the law).

Additionally, Rhode Island’s law addresses sensitive personal data—like information about your health, biometrics, precise geolocation, or certain demographic details. In general, businesses must obtain your consent before collecting or using sensitive data. For instance, if we had a reason to collect precise location data or a government-issued ID number, we would only do so with your explicit opt-in consent (unless covered by a narrow exception).

To exercise any of these rights, Rhode Island residents can contact us as outlined in the Contact Us section of this Privacy Policy once the law is in effect (and even before, we honor such requests as part of our commitment to all users). We will need to verify your identity, usually by matching information you provide with what we have on record, to ensure we’re dealing with the correct person. After verification, we’ll respond to your request within 45 days, which is the typical timeframe in these laws. If necessary, we may take an additional 45 days (90 days total) but would let you know why an extension is needed.

Rhode Island’s law, like others, will also allow you to appeal our decisions on your requests. If, for example, you ask us to delete data and we say we cannot delete certain items due to an exemption, and you believe we should delete them, you can appeal. To do so, simply reply to our decision or contact us again stating that you’d like to appeal our decision. A higher-level review will take place internally, and we will inform you of the outcome within 45 days of receiving the appeal. If we deny the appeal, we’ll provide you with a way to contact the Rhode Island Attorney General or appropriate body if you want to submit a complaint or seek further recourse.

In summary, the Rhode Island Consumer Privacy Act empowers you with substantial control over your personal data. RightLenderMatch is dedicated to implementing those controls and safeguarding the privacy of Rhode Island residents. If you have any questions about your rights or how to use them, please get in touch with us — we are here to help and value your privacy and trust.

South Carolina

As of the current date, South Carolina has not passed a comprehensive consumer privacy law akin to those in California, Virginia, or other states with recent legislation. South Carolina residents therefore do not have a singular state law granting broad rights like data access or deletion requests from businesses, aside from rights under federal law or certain state-specific provisions. Nevertheless, South Carolina has some relevant privacy and security measures:

  • Data Breach Notification: South Carolina law requires that any person or business conducting business in SC (and owning or licensing computerized data with personal information) notify South Carolina residents in the event of a data breach where personal identifying information (like Social Security numbers, driver’s license numbers, financial account details) is compromised. They must do this without unreasonable delay, consistent with the needs of law enforcement or measures necessary to determine the scope of the breach and restore integrity. So, if your data were involved in a breach of our systems, you would receive timely notification, and we would also inform the Consumer Protection Division of the SC Department of Consumer Affairs.

  • Financial and Insurance Data Security: It’s worth noting that South Carolina was a pioneer in enacting a cybersecurity law for the insurance industry, called the South Carolina Insurance Data Security Act (2018). This law requires insurance companies licensed in SC to maintain an information security program, investigate cybersecurity events, and notify regulators of significant breaches. While this law applies specifically to insurance businesses, it reflects SC’s seriousness about protecting sensitive personal data in a particular sector.

  • Social Security Number Protection: Like many states, South Carolina has certain statutes that prohibit the unlawful use or public display of Social Security numbers (for example, you can’t require SSNs to access a website or print them on mailed materials except under certain conditions).

  • General Consumer Protection: The South Carolina Unfair Trade Practices Act could come into play if a company’s data practices were fundamentally deceptive or unfair to consumers (though this is broad and not specific to privacy). The state’s Attorney General could hypothetically use this to prosecute misleading claims about privacy or extreme privacy violations as unfair trade practices.

  • Sectoral privacy and federal law compliance: South Carolina entities, of course, also follow federal privacy laws for health (HIPAA), education (FERPA), finance (GLBA), and others where applicable. South Carolina has laws addressing confidentiality in certain contexts like library records, HIV status, etc., adding layers of privacy protection.

If you are a South Carolina resident using RightLenderMatch.com:

  • You benefit from our uniform commitment to privacy and security. For instance, if there’s ever a data breach affecting your personal information, aside from meeting SC’s legal notification requirements, we will be proactive in informing and guiding you on steps to protect yourself. But beyond breaches, we aim to prevent them with strong security measures (encryption, access controls, etc.) as a core part of our operations, aligning with SC’s emphasis on data security in frameworks like that insurance law.

  • You can request information on what personal data we have about you and how it’s used. Even without an SC law mandating we provide this, we believe in transparency. If you email or call us asking, “What information of mine do you have in your system?” we will typically verify your identity then let you know the categories of personal info we have collected (like name, email, phone, loan inquiry details, etc.) and perhaps even provide a copy if feasible.

  • You have the ability to correct inaccuracies. If you find, for example, that your phone number is wrong in our records, just let us know and we will update it. If an address or name spelling needs correction, we’ll fix it.

  • If you decide you no longer want to use our services, you can ask us to delete your account or personal information. While SC law doesn’t force us to do so, we honor such requests as part of good practice, except if we need to keep certain data for legal compliance (like records of a lead/referral if you connected with a lender, for our accounting or legal accountability) or for internal purposes like preventing fraud or honoring your opt-out preferences.

  • We won’t discriminate or deny service if you express privacy concerns or opt out of marketing. For example, if you unsubscribe from our marketing emails (which you can easily do via the link in email or by contacting us), we’ll stop sending them, and it won’t change how our matching service works for you.

  • South Carolina doesn’t require acknowledgment of browser Do Not Track signals or Global Privacy Control, but as a courtesy, if we detect GPC or similar (and as we already do for compliance with other state laws), we’ll treat it as a valid opt-out of any sale/sharing for targeted advertising, and though we currently don’t sell data, it aligns with our privacy-first approach.

Looking ahead, if South Carolina were to enact a comprehensive privacy law (the state legislature has considered such bills in recent sessions, although they haven’t passed yet), we will adapt to it and update our Privacy Policy accordingly so you’d be informed of new rights (like access, deletion, etc., if granted by such a law).

In conclusion, even without a dedicated privacy law in South Carolina, RightLenderMatch works hard to protect your personal information and offer you control over it. If you’re from the Palmetto State and have any privacy-related questions or requests about your data on our platform, you’re encouraged to reach out as per the Contact Us section, and we’ll be happy to assist.

South Dakota

South Dakota has not enacted a comprehensive consumer privacy law as of the current date. That means South Dakota residents don’t have a state law granting general rights like requesting access to or deletion of personal data held by companies, aside from what’s provided by federal law or narrower state provisions. Nonetheless, South Dakota has some legal measures related to data protection and privacy:

  • Data Breach Notification: South Dakota has a relatively new data breach notification law (effective July 2018) which requires any person or business conducting business in SD that owns or licenses computerized personal or protected information to notify South Dakota residents of any breach of system security that results in unauthorized acquisition of unencrypted personal information, if it is reasonably likely to result in harm. Such notification must be made within 60 days of discovery of the breach. They must also notify the Attorney General if more than 250 residents are affected. Essentially, if your personal data (like Social Security number, driver’s license number, etc.) gets breached, you must be informed timely, and authorities will be alerted for larger breaches.

  • Protection of Personal Information: In connection with the breach law, South Dakota defines personal information broadly (to include things like health information and unique biometric data in combination with a name, besides the standard SSN/financial account data). This underscores the expectation that businesses safeguard this information to avoid breaches.

  • Social Security Number Privacy: South Dakota prohibits the intentional communication or posting of someone’s SSN to the general public, printing it on mailed materials (unless redacted), or requiring it for Internet website access without proper security, among other protective rules.

  • General Consumer Protection: The South Dakota Deceptive Trade Practices and Consumer Protection law could possibly cover seriously deceptive privacy practices as a form of deceptive trade practice, though this hasn’t been explicitly tested in SD courts as far as I know. The Attorney General could intervene if a company blatantly misled consumers about how it handles data or if there was an egregious privacy violation considered “deceptive” or “unfair.”

  • Sectoral privacy: South Dakotans also benefit from the application of federal laws like HIPAA for health information, GLBA for financial info, COPPA for children’s online data, etc., and any specific state statutes for certain records (such as privacy of library records or student records). Also, SD has unique laws on things like confidentiality of certain health or legal information.

If you’re a resident of South Dakota using our services:

  • While SD doesn’t give you a statutory right to demand a copy of your data from us, we at RightLenderMatch believe in being open. You can ask us what personal data of yours we have. Typically, it would mirror what you provided (name, contact info, details about what loan you’re looking for) plus any data captured through your use of our site (like log data or device info).

  • If any of that information is wrong or changes (say you have a new phone number or you realized you mistyped your email), let us know. We will update it to maintain accuracy. It’s not only good for you (ensuring you get responses from lenders) but it’s good practice under general quality principles.

  • If you want us to remove your information from our active systems, for example, after you’ve finished using our service, we will honor that request and delete your data, unless we have to keep something due to legal reasons (like proof of a consent or referral if needed for legal compliance or to defend any potential disputes, etc.) or legitimate business needs (like keeping a record that you opted out of communications, so we don’t accidentally contact you again).

  • South Dakota’s breach law implicitly encourages companies to maintain reasonable security (to avoid having to deal with breach fallout). We certainly take security seriously: we use encryption, firewall protections, regular security audits, etc., to guard your data against breaches. And if something did happen, we would promptly inform you and the SD Attorney General per the law’s requirements.

  • We will not treat you differently or refuse service because you have concerns about privacy or because you choose to exercise the kind of control we offer (like opting out of marketing). In fact, South Dakota’s law doesn’t explicitly address discrimination in this context, but we wouldn’t penalize any user for managing their privacy preferences. For example, if you unsubscribe from our emails or ask us to delete your data, we’ll comply and continue treating you fairly in any ongoing or future interactions.

  • While using our site, if you send a “Do Not Track” signal or use Global Privacy Control, we respect such signals as much as feasible (it might be interpreted as a general “don’t sell or share my info” request, which we abide by as part of compliance with other states’ laws and out of privacy-forward practice, even though SD law doesn’t mandate it).

In the event South Dakota enacts a broader privacy law down the road (various states are doing so year by year), we’ll adapt and update this section to inform you of any new rights or procedures.

To summarize, South Dakota at present uses targeted laws like breach notification to protect residents’ personal information, rather than a comprehensive privacy framework. RightLenderMatch adheres to those laws and extends courtesy privacy practices to all users, including South Dakotans. If you have questions or requests about your data, our door is open via the contact information provided — we’re here to help and to ensure your experience with us is secure and respectful of your privacy.

Tennessee

Tennessee has enacted a comprehensive data privacy law known as the Tennessee Information Protection Act (TIPA), which takes effect on July 1, 2025. This law provides Tennessee residents with specific rights regarding their personal data and imposes obligations on businesses on how to handle that data. The rights under TIPA include:

  • Right to Access: Tennessee residents can request confirmation of whether we are processing their personal data and gain access to that personal data. When you exercise this right, and once we verify your identity, we will provide you with the personal information we have collected about you. This includes not just the raw data but also details such as the categories of sources of that data, the purposes for which we use it, and the categories of third parties with whom we have shared or disclosed it.

  • Right to Data Portability: You have the right to obtain a copy of the personal data you provided to us, in a portable and (if technically feasible) readily usable format that you can transmit to another entity. Upon your request, and after verification, we will compile your personal data (that you have directly provided to us or that we have collected in the course of providing our service) in a commonly used electronic format (like CSV or JSON). This will enable you to take your data elsewhere if you choose.

  • Right to Delete: You can request that we delete personal data we have collected from or about you. After verifying your identity, we will delete your personal information from our records and instruct our service providers to do the same, unless retaining it is necessary for certain exceptions allowed by the law. Common exceptions might include: if the data is needed to complete a transaction you requested, to detect or prevent security incidents, to comply with a legal obligation, or to use internally in a lawful manner that is compatible with the context in which you provided the data. If an exception applies, we will inform you of that and limit our use of the data to the allowed purpose.

  • Right to Correct: Under TIPA, you have the right to request correction of any inaccuracies in the personal data we hold about you. If you believe some information is incorrect or has changed (for example, your name was misspelled or your contact info changed), you can ask us to update it. Once we verify your identity and, if needed, confirm the correct information, we will correct our records.

  • Right to Opt Out of Sale of Personal Data: Tennessee residents have the right to opt out of the sale of their personal data. “Sale” in this context typically means the exchange of personal data for monetary or other valuable consideration. RightLenderMatch does not sell personal information to data brokers or third parties for monetary gain. Should our practices change or if something we do is considered a sale under the law’s broad definitions, you can opt out, and we will cease selling your personal data.

  • Right to Opt Out of Targeted Advertising: You have the right to opt out of the processing of your personal data for targeted advertising purposes. This means we will not use or share your data to serve you personalized advertisements based on your browsing behavior or interests, once you opt out. We will also respect any universal opt-out signals (like Global Privacy Control) as a request to opt out of the sale of data or targeted advertising, as required by lawusercentrics.com.

  • Right to Opt Out of Profiling: You have the right to opt out of any profiling using your personal data in furtherance of solely automated decisions that produce legal or similarly significant effects on you. In other words, if we were to use algorithms to make important decisions about you (such as a decision about whether you qualify for a loan, without any human review), you could opt out of having your data used in that manner. Currently, we do not engage in such automated decision-making without human involvement, but this right ensures you’re protected if that scenario arises.

  • Right to Non-Discrimination: TIPA ensures that you will not be discriminated against for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service just because you chose to exercise your rights under Tennessee law. If we offer any sort of loyalty program or financial incentive related to your data, participation will be voluntary and based on your consent, with a full explanation of terms (and any such program would comply with the law’s requirements to not be unjust, unreasonable, coercive, or usurious in nature).

Additionally, Tennessee’s law highlights special handling of sensitive personal data. Sensitive data includes personal data revealing things like health conditions, biometric identifiers, precise geolocation, racial or ethnic origin, etc. TIPA requires that, in many cases, businesses obtain a consumer’s consent before processing sensitive personal data. RightLenderMatch, in accordance, will not process sensitive personal data of Tennessee residents without either obtaining your clear affirmative consent or unless such processing falls under a narrow exception where consent is not required.

To exercise your rights under TIPA, you can contact us using the information provided in the Contact Us section of this Privacy Policy. Once we receive your request, we will take steps to verify your identity (this might involve asking you to provide information that matches our records, or using a verification email/phone process). After verification, we will respond to your request as soon as possible, but at most within 45 days as the law stipulates (with a possible 45-day extension if necessary, in which case we’ll inform you of the extension and the reason).

Tennessee’s law also provides for an appeals process if you’re not satisfied with our initial decision regarding your request. For example, if you asked us to delete data and we declined because of an exemption, and you believe we should delete it, you have the right to appeal. To do so, simply reply to our decision communication or send us a new message indicating that you would like to appeal our decision. We will have a different team or a higher-level review of your request and will inform you of our decision on the appeal within 60 days of your appeal request. If after the appeal we still do not fulfill your request and you remain dissatisfied, TIPA allows you to contact the Tennessee Attorney General’s office. In our appeal denial, we will provide you with a method to contact the Attorney General to submit a complaint if you choose.

In conclusion, the Tennessee Information Protection Act grants robust privacy rights to consumers in Tennessee. We at RightLenderMatch are dedicated to upholding these rights. Even before the effective date, we are aligning our systems with these requirements so that we handle Tennessee residents’ data properly. If you have any further questions about your rights under TIPA or how to use them with our service, we encourage you to reach out. Your privacy and trust are critically important to us.

Texas

Texas has enacted the Texas Data Privacy and Security Act (TDPSA), which took effect on July 1, 2024. This law provides Texas residents with personal data rights and imposes duties on businesses regarding how they collect, use, and share personal data. Under the Texas Data Privacy and Security Act, Texas consumers have the following rights:

  • Right to Access: Texas residents can request that we confirm whether we are processing their personal data and to access such personal data. Once we receive a verifiable request from you, we will provide copies of the personal information we have about you, and details about how we use it, and who we share it with (in line with what’s required by the law). Essentially, you can ask, “What information do you have about me?” and we’ll respond with the relevant information in our systems.

  • Right to Correct: You have the right to request that we correct any inaccuracies in the personal data we maintain about you. If you find that some personal details we have are wrong or outdated (such as your name spelled incorrectly or an old phone number), you can ask us to fix it, and after verifying your identity and, if necessary, confirming the accurate info, we will update our records.

  • Right to Delete: Texas consumers can request deletion of personal data that we have collected from them. Once we verify your identity and the request, we will delete your personal information from our systems and instruct any service providers or processors that received your data from us to also delete it, unless an exemption applies. There are certain situations where we might not delete data (for instance, if it’s necessary to complete a transaction you requested, detect security incidents, comply with a legal obligation, or other exceptions allowed by law). If such a situation arises, we will inform you that we cannot delete the data and the reason why (e.g., “We cannot delete X data because we need it for Y purpose which is exempt under TDPSA”).

  • Right to Data Portability: Similar to other laws, under the Texas law you have the right to obtain a copy of your personal data that you previously provided to us, in a digital format that is portable and, to the extent feasible, readily usable. Upon request, and once we confirm it’s you making the request, we will compile your personal data (which you’ve provided to us) into a common file format (likely a CSV or JSON file) that you could easily use or transfer to another service or for your own records.

  • Right to Opt Out of Certain Processing: Texas residents have the right to opt out of the processing of their personal data for three specific purposes: (1) targeted advertising, (2) sale of personal data, or (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    • Opt Out of Targeted Advertising: If you do not want your data used for targeted advertising purposes, you can opt out. This means we will not use your personal data, or transfer it to third-party advertising networks or social media, to show you ads tailored to your individual interests or behaviors (like retargeting ads).

    • Opt Out of Sale of Personal Data: Under TDPSA, a “sale” is defined broadly as sharing or disclosing personal data to a third party for monetary or other valuable consideration. While RightLenderMatch does not sell personal data for monetary gain (we typically only share data with lenders you choose to connect with or service providers on our behalf), if you want to be sure your data isn’t being sold, you can opt out. We will honor that request by not engaging in any activities that would be considered a sale of your personal data.

    • Opt Out of Profiling: This refers to automated processing of personal data to evaluate or predict certain aspects about an individual, in furtherance of decisions with legal or similar significance (like decisions related to eligibility for credit, employment, housing, insurance, etc.). If we were to engage in profiling that results in such decisions, you have the right to opt out. Currently, we don’t use profiling to make such impactful decisions about our users; however, this right is in place to cover any such scenario.

  • Right to Non-Discrimination: TDPSA ensures that a consumer will not be discriminated against for exercising any of these rights. We will not deny you our services or provide a different level of service if you opt out of targeted ads or ask us to delete your data, for example. Texas does allow loyalty programs or incentives that involve exchange of personal data (with appropriate disclosures and consent), but any difference in price or service would be tied to the value of the data provided, and you would opt in to such a program (and you can opt out anytime).

Moreover, Texas law requires that businesses implement appropriate data security measures to protect sensitive personal data and personal data generally. We have a duty under TDPSA to maintain reasonable safeguards (administrative, technical, and physical) to protect the confidentiality and integrity of personal data, and we take that seriously across all our operations.

To exercise any of these rights as a Texas resident, you can get in touch with us through the contact methods listed in the Contact Us section. We will need to verify your identity (to ensure, for instance, that it’s really you making the request and not an impersonator) typically by matching information you provide with information in our records or using other verification methods. Once verified, we aim to respond to your request within 45 days. If necessary (due to complexity or volume of requests), we might extend that by another 45 days (90 days total) but if so, we’ll let you know the reason for delay.

Texas law also requires that if you appeal our decision on a request (say we refused deletion due to an exemption and you disagree), we must have an appeal process. If you submit an appeal, we’ll have a fresh review (usually by a higher-level person or team) and inform you in writing within 60 days of the outcome of the appeal. If we ultimately uphold our original decision (denying your request), we will provide you with an explanation and information on how you can contact the Texas Attorney General if you have a complaint or further concern.

In summary, the Texas Data Privacy and Security Act provides strong consumer privacy rights, and we at RightLenderMatch are fully committed to honoring those rights. If you have any concerns or questions about your privacy rights under Texas law, please reach out — our goal is to be transparent and helpful, ensuring you feel in control of your personal data when using our services.

Utah

Utah enacted the Utah Consumer Privacy Act (UCPA), which became effective December 31, 2023. This law grants Utah residents certain rights regarding their personal data, though it is somewhat more limited compared to some other state laws. Under the Utah Consumer Privacy Act, Utah residents have the right to:

  • Right to Access: Utah consumers can confirm whether we are processing their personal data and request access to that personal data. Upon receiving a verifiable request, we will disclose the categories of personal data we have collected about you, and provide a copy of the personal data (to the extent practicable, considering it shouldn’t adversely affect the rights of others). Essentially, you can ask, “What information do you have about me?” and we will supply what’s allowed under the law.

  • Right to Delete: You have the right to request deletion of personal data that you provided to us. Note that Utah’s law specifically requires businesses to delete personal data that the consumer provided to the controller (with certain exceptions). If you request deletion, we will remove the personal data you have given us from our records, unless an exemption applies (for example, if the data is needed for completing a transaction, for legal compliance like record-keeping obligations, to detect security incidents, to exercise certain legal rights, etc.). If we cannot delete some data for a valid reason, we will let you know.

  • Right to Data Portability: If you exercise your right to access data, the UCPA says that information should be provided in a format that’s portable, to the extent technically feasible, and easy to use so you can transmit the data to another entity if desired. We will provide your personal data (that you’ve given to us) in a commonly used electronic format (like a CSV file) that you can take elsewhere.

  • Right to Opt Out of Sale or Targeted Advertising: Utah residents have the right to opt out of the processing of their personal data for purposes of targeted advertising, or any “sale” of personal data (as defined by Utah law). Under UCPA, “sale” is defined narrowly to the exchange of personal data for monetary consideration by the controller to a third party (it doesn’t include exchanges without monetary consideration or with service providers). RightLenderMatch does not sell personal data for money, so that part isn’t something we engage in. However, if you were concerned about targeted advertising, you can opt out and we will not use or share your data for targeted ads (which means ads based on your browsing habits). We also respect global opt-out signals like the Global Privacy Control as a valid request to opt out of data sales/sharing for targeted advertising, as applicableusercentrics.com (even though Utah’s law doesn’t mandate recognition of GPC, we have systems aligned to other states that do).

It’s important to note that Utah’s law does not explicitly provide a right to correct data, and it doesn’t include a specific right to opt out of profiling (unlike some others). It’s a bit more business-friendly in that sense. However, even though not mandated, if you notice an inaccuracy in your data with us, you can still ask us to correct it and we likely will do so as part of good customer service.

Additionally, the UCPA mandates that controllers establish and maintain reasonable security measures to protect personal data (given the volume and nature of data we handle). We certainly have those in place – things like encryption, access controls, and audits – to safeguard your information across all users, including Utah residents.

To exercise any of your UCPA rights, you can contact us via the methods outlined in Contact Us below. We’ll need to verify that you are the person (or an authorized agent of the person) making the request, by matching information you give us with information we have on file, or using other verification means. Once verified, we aim to respond to you within 45 days. If necessary (due to complexity or volume of requests), we can extend this by another 45 days (total 90 days), but if we do, we’ll let you know why an extension is needed.

Utah’s law also doesn’t require an appeal process like some other states’ laws do. If we deny a request, the law doesn’t mandate that we offer an internal appeal to you. Even so, at RightLenderMatch, if you’re unhappy with a decision (say we couldn’t delete something because of an exemption and you want further explanation or reconsideration), you are welcome to reach out and we’ll certainly review it again and do our best to address your concerns.

In summary, the Utah Consumer Privacy Act gives you rights to your data and choices about how it’s used, albeit with a slightly different scope than some other states. We are compliant with UCPA and have updated our practices accordingly for Utah residents. If you have any questions about your privacy as a Utah user, or want to make a request under UCPA, please contact us — protecting your privacy and providing you control over your information are high priorities for us.

Vermont

Vermont does not currently have a comprehensive consumer data privacy law in effect that is similar to laws like California’s CCPA or Europe’s GDPR. An attempt was made in 2023 to pass a broad privacy bill (H.121) in Vermont, which would have given consumers more control over their personal data, including rights to access, delete, and correct information, and even a private right of action (the ability to sue) in certain casestherecord.media. However, that bill was ultimately vetoed and did not become law. As a result, Vermont residents do not now have an overarching set of consumer privacy rights from a general law.

Nonetheless, Vermont has been a leader in at least one specific area of privacy: data brokers. Vermont enacted the first-in-the-nation Data Broker Act in 2018. Under that law:

  • Companies that buy and sell personal information about consumers with whom they have no direct relationship (i.e., data brokers) must register annually with the Vermont Secretary of Stateinsideprivacy.com.

  • Data brokers are required to maintain certain minimum data security standards (like having an information security program)insideprivacy.com.

  • They also must disclose information about their data practices, including whether individuals have any ability to opt out of their data being collected or soldhunton.com. Interestingly, Vermont’s law does not require data brokers to offer an opt-out (the law recognized that imposing that could be burdensome in some cases), but they must reveal if they do offer opt-out or any way to control datahunton.com.

  • The law also created a new crime of fraudulent acquisition of data (to go after malicious actors who might hack or trick data brokers to get consumer information).

While that Data Broker Act doesn’t directly give you, the consumer, new rights to demand data deletion or access from data brokers, it shines light on an industry that typically operates in the shadows. By requiring registration and security, Vermont has made data broker operations more transparent and hopefully safer from breaches (since a number of breaches have historically involved data brokers).

Additionally, Vermont has strong breach notification laws and was one of the first states to include protections for genetic information and health records in some of its privacy statutes. If a company like RightLenderMatch (or any business) suffers a security breach involving your personal data, Vermont law would require us to notify you in the most expedient time possible, and if the breach affects more than a certain number of Vermonters, we’d also need to notify the state Attorney General’s office.

Vermont also places emphasis on protecting children’s privacy and financial privacy by actively enforcing COPPA for websites directed to kids and adhering to GLBA for financial institutions (though these are federal, Vermont’s regulatory bodies ensure compliance in the state).

For you as a user from Vermont on our platform:

  • We are committed to protecting your personal data using industry-standard security measures (which aligns with Vermont’s push for data security among brokers and all businesses).

  • We are transparent (through this Privacy Policy) about what data we collect and how we use it; though not mandated by a broad VT law, we think it’s your right to know.

  • If you have questions about your data with us, even though Vermont law doesn’t mandate we provide a copy, you can ask and we will do our best to provide insight into what we have and how to manage it.

  • If you wanted your data deleted or to withdraw from our service, we would honor that request (except perhaps retaining minimal data if necessary for legal compliance or internal purposes, as explained earlier).

  • If Vermont passes that comprehensive law in the future (or some version of it), we will update our policies and honor any new rights such a law grants (like perhaps data access, deletion, etc.). We monitor these developments.

As of now, though, beyond data brokers, the privacy rights in Vermont you might hear of are actually fairly uniform with any consumer in the U.S.: largely dictated by federal law and our own commitments. For example, you have the right to opt out of our marketing communications (federal CAN-SPAM makes sure we honor unsubscribes, which we do for all users). You have the right to not be discriminated in service, which we wouldn’t do to any user anyway for choosing to exercise privacy choices.

So in summary: Vermont does not have a sweeping consumer privacy law yet, but it has set important standards with its Data Broker Act, and we at RightLenderMatch uphold high privacy standards in line with those values. We protect your data, we are forthcoming about our practices, and we give you control as described throughout this policy. Should you have any questions or requests regarding your data or privacy as a Vermont resident, please reach out via our contact form or email, and we’ll be glad to assist.

Virginia

Virginia enacted the Virginia Consumer Data Protection Act (VCDPA), which took effect on January 1, 2023. This law provides Virginia residents with extensive rights over their personal data. Under VCDPA, Virginia consumers have the right to:

  • Right to Access: You can confirm whether we are processing your personal data and request to access that data. Once we receive a verifiable request from you, we will disclose the personal information we have collected about you and give you a copy of it (similar to the “right to know” or “right of access” in other frameworks). This includes categories of data, specific pieces of personal data, and other relevant information such as the purposes for processing and which third parties we share it with.

  • Right to Correct: You have the right to request correction of inaccuracies in the personal data we maintain about you. If you find any personal information we have is incorrect or outdated, you can ask us to rectify it. Upon verifying your identity and the correct information, we will update our records accordingly.

  • Right to Delete: You can request deletion of personal data that you have provided to us or that we have obtained about you. After verifying your identity, we will delete your personal data from our active systems and instruct our processors to do the same, unless an exemption applies. For instance, we may retain certain data if it’s necessary to complete the transaction you initiated (like fulfilling a loan inquiry you asked for), to detect or prevent fraud, to comply with a legal obligation (like maintaining records for regulatory compliance), or other purposes allowed by law. We will inform you if we cannot delete some data and explain why (e.g., “We cannot delete X information due to Y legal requirement”).

  • Right to Data Portability: When you exercise your right to access data, we will provide your personal data in a portable and (to the extent technically feasible) readily usable format, which allows you to transmit the data to another entity if you wish. Typically, this means supplying your data in a common digital format (like CSV or JSON) that you could import elsewhere.

  • Right to Opt Out of Processing for Targeted Advertising, Sale, or Profiling: Virginia residents have the right to opt out of certain uses of their personal data:

    • Opt Out of Targeted Advertising: You can tell us not to use your data for targeted advertising purposes. Once you opt out, we will stop processing your data to serve you personalized ads based on your behavior or preferences, and we will cease sharing it with third-party advertising networks for that purpose.

    • Opt Out of Sale of Personal Data: The VCDPA defines “sale” as the exchange of personal data for monetary consideration by the controller to a third party. We do not sell personal data for money. However, if you want to be sure that none of your data is being “sold,” you have the right to opt out, and we will continue to honor that by not engaging in data sales. Note that sharing data with service providers or as part of providing you services (like sending your inquiry to lenders at your request) is not considered a sale under the law.

    • Opt Out of Profiling in Furtherance of Decisions with Legal or Similar Effects: You may opt out of any profiling that produces legal or similarly significant effects for you. This refers to automated processing of personal data to evaluate personal aspects (like creditworthiness or employment performance) that could significantly affect you in areas like eligibility for credit, insurance, housing, or other services. If we engaged in such profiling for decisions without human involvement, you could opt out. Currently, RightLenderMatch does not make such automated decisions without human review, but if that changes or applies (or if we use a supplier that does), this right ensures you can opt out of that processing.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under VCDPA. In other words, we won’t deny you our services or provide a lower quality service because you opted out of targeted ads or asked to delete your data. We also won’t charge you different prices or rates as punishment for exercising rights. If we have any loyalty program or discount (like a referral program) that involves your personal data, participation is optional and based on your consent with clear terms; those are allowed as they are not “discrimination” but an exchange you choose.

To exercise these rights, you can contact us using the details in Contact Us. We will need to verify your identity to ensure the security of your data (for example, if you request data, we want to confirm it’s really you, not someone impersonating you). Once verified, we’ll respond within 45 days of receipt of your request. If necessary, we can extend this by another 45 days (90 days total), but if we do, we’ll let you know why the extension is needed.

Virginia’s law also requires us to provide a process for you to appeal our decisions on your requests. If for some reason you are dissatisfied with how we handled your request (say you asked us to delete data and we denied it citing an exemption, but you believe we should have deleted it), you can appeal by contacting us again and indicating that you’re lodging an appeal. We then have 60 days to review and respond to your appeal. A different person (or a higher authority within our privacy team) will review your case. If we grant the appeal, we’ll comply with your original request. If we deny the appeal, we’ll inform you of that decision and also inform you how you can file a complaint with the Virginia Attorney General if you choose.

In summary, the VCDPA gives you substantial control over your personal information, and we fully comply with it for our Virginia users. We’re transparent about your data, and you have the tools to access, change, or remove it, or to restrict how we use it. If you have any further questions about your Virginia privacy rights or how to use them on our platform, please reach out to us – our aim is to make you comfortable and confident in how we handle your data.

Washington

Washington state, as of the current date, has not passed a comprehensive consumer privacy law after multiple attempts (often called the Washington Privacy Act in its draft forms) did not make it through the legislature. Therefore, Washington residents do not have a state law giving them general rights to access or delete personal data held by businesses, akin to California’s CCPA or other states’ laws. However, Washington has implemented some notable privacy-related laws in specific areas:

  • My Health My Data Act (2023): Washington passed a pioneering law focusing on consumer health data not covered by HIPAAcalawyers.org. This law (some provisions effective in 2023 and others in 2024) applies to certain companies and addresses the collection, sharing, and selling of consumer health data (like health apps, period trackers, etc.). It requires consent for collecting or sharing health data and gives consumers rights to delete their health data. If you were using a health-related service, this law could give you new privacy rights. It’s more narrow than a full privacy law but is quite strong within its scope (even including a private right of action).

  • Biometric Identifiers Law (2017): Washington has a law regulating biometric identifiers (like fingerprints, facial recognition data, etc.). It requires companies to give notice and obtain consent before enrolling a biometric identifier in a database for commercial purposes and generally doesn’t allow selling, leasing, or disclosing such data without consent. So if a company in WA were collecting fingerprints or face scans, they have to tell you and get your permission.

  • Data Breach Notification: Washington law requires that businesses notify individuals (and the Attorney General if more than 500 WA residents are affected) of data breaches that compromise personal information (like name combined with SSN, driver’s license number, credit card info plus security code, etc.). They must do so within 30 days of discovering the breach (one of the stricter timelines nationwide).

  • State Consumer Protection Act: Washington’s broad consumer protection law has been used by the AG to address privacy-related issues. For example, Washington’s AG has taken enforcement actions against companies for privacy violations (like poor security practices leading to breaches or deceptive statements about privacy) using the authority of its Consumer Protection Act. This shows that even without a specific privacy law, companies in WA can face legal consequences if they misuse personal data or have inadequate protections.

  • Federal Laws & Other State-Like Rules: Washingtonians benefit from federal privacy laws (HIPAA, FERPA, GLBA, etc.), and Washington itself has laws for certain categories (like strong financial privacy for state-chartered financial institutions, and laws about confidentiality of library records, etc.). Also, tech companies based in Seattle often voluntarily extend compliance of laws like GDPR or CCPA to all users, so many WA residents indirectly enjoy rights via company policies if not state law.

What does this mean for a Washington resident using RightLenderMatch.com?

  • Even though there’s no WA law forcing it, we allow you to access and delete your data largely as if such a law existed (because we do so for other states and as a commitment to privacy). If you contacted us saying “I want to see what data of mine you have” or “Please delete my personal info,” we’d treat it seriously under our standard procedures for other privacy-conscious laws. We can provide you the summary of your data and delete it upon request, barring any necessary retention (like if we had a legal need or an ongoing transaction that required keeping it).

  • If we ever were to handle sensitive health data of yours (not typical for our service, but hypothetically), we would comply with Washington’s My Health My Data Act by obtaining consent and allowing deletion of that data, because that’s legally required now in WA.

  • If we were collecting biometrics (again, not something our service does), we would have to give you notice and get consent per WA law. So you can be assured we won’t be doing things like facial recognition or fingerprint ID without explicit permission if that ever became relevant.

  • We have robust security measures in place to protect your personal info. We know that if we had a breach affecting Washington residents, we need to notify within 30 days, and we definitely would do so, along with taking steps to fix the issue. We work hard to avoid such breaches with strong encryption, system monitoring, etc.

  • We also evaluate our practices to not be unfair or deceptive as per general consumer protection; we strive to clearly explain in this policy what we do with data so we’re transparent and not misleading in any way. If you ever felt something was unclear or contradictory in how we handle your data, we’d want you to point it out so we can clarify – we don’t want to fall afoul of trust or compliance in WA (or anywhere).

  • On discrimination: Even though WA residents don’t have a state privacy law’s anti-discrimination clause, we wouldn’t treat you differently for having privacy concerns or making privacy requests (that’s just our uniform ethic and also prudent business practice under general consumer law).

In the future, Washington could still enact a broader privacy law. If/when they do, we will adapt to it and update this section accordingly (and will very likely already be in compliance because we’ve built our systems around similar laws).
For now, if you’re a Washington user, consider that you have some powerful rights around specific data (health & biometrics) and general protections that we uphold. You can always reach out to us with privacy inquiries or requests, and we’ll do our best to honor them, policy and law-wise. Our contact channels are open for any privacy questions or needs you might have, as listed below.

West Virginia

West Virginia has not, as of now, passed a comprehensive consumer data privacy law. There have been discussions and attempts in the West Virginia Legislature to propose privacy legislation (reflecting the nationwide interest in consumer privacy), but nothing has been enacted that broadly gives West Virginia residents rights like access or deletion of their data held by companies.

However, West Virginia residents are not without protections:

  • Data Breach Notification: West Virginia law requires that entities notify individuals if certain personal information (such as Social Security numbers, financial account info, driver’s license numbers, etc.) is accessed or acquired by an unauthorized person due to a security breach. Notification must be made without unreasonable delay, consistent with any measures necessary to determine the scope of the breach and restore integrity. Essentially, if a breach involving your data occurs, you should be informed promptly so you can take steps to mitigate identity theft or fraud.

  • Social Security Number Protection: Like many states, West Virginia has a law limiting the use of Social Security numbers by businesses (for example, not allowing them to be displayed publicly, printed on mailings, etc., except in certain cases). This helps reduce the risk of SSNs being exposed inadvertently.

  • Personal Information Security: In 2020, West Virginia updated its laws to require reasonable security procedures and practices to protect personal information (similar to laws passed in states like Oregon and Illinois). While this doesn’t grant a right to consumers per se, it does place a duty on companies like us to maintain safeguards for your data. We certainly follow industry standards for data security as part of our operations.

  • General Consumer Protection Law: West Virginia’s Consumer Credit and Protection Act (which covers unfair or deceptive acts) could theoretically be used by the state’s Attorney General to address egregious privacy misrepresentations or mishandling of consumer data as unfair or deceptive trade practices. So, we ensure we are truthful and transparent (as in this Privacy Policy) about how we use data, to avoid any deception.

  • Sector-specific protections: West Virginians also benefit from federal statutes like HIPAA (for medical info), GLBA (financial info), COPPA (children’s data) for relevant businesses in the state, and WV has state laws around things like confidentiality of library records or educational records, etc. Additionally, WV’s attorney general has been active in consumer privacy issues, joining multi-state actions related to tech company privacy practices, indicating an investment in privacy matters.

For a West Virginia resident using RightLenderMatch:

  • We strongly protect your data with reasonable and appropriate security measures (encryption, etc.) because it’s both good practice and essentially required by WV’s implication that businesses must protect personal info. That means your data is safe with us to the best of our ability, and if an incident did happen, we’d let you know quickly (and also likely notify the WV Attorney General if it was significant, as required).

  • Even though WV doesn’t have a law giving you a formal right to demand your data from us or deletion, our company policy (influenced by other states’ laws and our own commitment) is to honor such requests as best we can. If you ask, “What data of mine do you have?” we’ll tell you the categories and likely specifics of major data points. If you say, “Delete my personal data,” we will purge it from our active databases (except anything we truly need to keep for legal compliance or legitimate reasons like an accounting record of a transaction). We extend that courtesy to all users, not just those in states with their own privacy law.

  • We will not treat you differently for asking privacy questions or requesting opt-outs. There’s no law in WV explicitly about not discriminating if you opt out of data collection, but we treat all users equally in terms of service quality, regardless of their privacy choices. For example, if you opt out of receiving promotional emails, we won’t degrade your experience (you’ll just not get those emails, which is what you wanted).

  • If West Virginia passes a comprehensive privacy law in the future, we’ll adapt and ensure your new rights are provided (like how we handle data access, deletion, or opt-outs might formalize into a process if we haven’t already, though likely we already do most of it).

  • We remain transparent in this Privacy Policy about everything we do with your data, so you can make informed decisions.

In summary, West Virginia doesn’t currently give state-specific privacy rights beyond the basics, but we handle your data with care, and you have control through our practices. We encourage any WV user with questions or concerns about their personal data in our service to reach out (via the contact info below). We’re here to help and to ensure you’re comfortable with how your personal information is handled.

Wisconsin

Wisconsin has not enacted a comprehensive consumer privacy law as of the current date. Like many other states, Wisconsin has seen proposals and drafts for privacy legislation (reflecting the nationwide trend), but nothing has been passed that gives consumers broad rights like the California or Virginia laws do. Therefore, Wisconsin residents do not have a state law granting them specific rights to access, delete, or opt out of the sale of their personal data held by businesses, outside of the context of federal law or narrower state statutes.

However, Wisconsin provides consumer protections in various ways relevant to privacy:

  • Data Breach Notification: Wisconsin’s laws require that individuals be notified if there’s a breach of security involving their personal information (like Social Security number, driver’s license number, financial account info, etc.) that hasn’t been encrypted. Notification must happen within a reasonable time (without unreasonable delay). If a data breach impacted your data, you’d be informed, and likely the Wisconsin Department of Agriculture, Trade and Consumer Protection (which handles consumer protection in WI) might also be notified if a large number of residents are affected.

  • Social Security Number Protection: Wisconsin law generally forbids intentionally posting or displaying an individual’s Social Security number to the public, or printing it on mailed materials, etc., which is similar to many states’ approaches to reduce identity theft risk.

  • Driver’s Privacy Protection Act (DPPA): There’s a federal DPPA that Wisconsin enforces, ensuring your DMV records (like personal details from your driver’s license) are not disclosed willy-nilly; any use of such info by private entities is limited to certain purposes (this is nationwide, but I mention it as it’s a key piece of privacy in everyday life).

  • General Consumer Protection: The Wisconsin Deceptive Trade Practices Act prohibits representations or practices that could mislead consumers. If a company misrepresents its data practices or handles your data in a way contrary to what it promises, the state could potentially act on that. We make sure to clearly and truthfully outline our data practices (like in this Policy) to abide by that and maintain your trust.

  • Specialty laws: Wisconsin, like other states, has targeted privacy-related laws; for example, patient health care records in WI have strong privacy protections beyond HIPAA; also, Wisconsin has protections for library records, and school records, etc., at the state level.

  • Employee & Student Privacy: Wisconsin has laws relating to employer access to personal internet accounts of employees (an employer generally can’t require you to hand over social media credentials) and similar for post-secondary schools, reflecting concern for privacy in employment/educational contexts.

As a Wisconsin resident using RightLenderMatch.com:

  • Even though there’s no broad WI privacy law forcing it, we treat your data with confidentiality and security as if there were. We allow you to access and manage your personal data through our service. If you contact us wanting to know what information we have about you, we will share the relevant details (which likely include what you provided: name, contact info, and loan inquiry specifics, plus technical usage logs).

  • If you ask us to delete your personal data from our platform, we will honor that request (besides retaining minimal info if needed for a legal duty — say, transaction records or proof of consent which we might need to keep for a time under other laws, but we’ll explain that if it applies).

  • We do not sell personal data (for money or broadly defined), so while Wisconsin doesn’t have a “do not sell” law, it’s our practice anyway; and if that changes, we’d definitely give a way to opt out as part of our compliance with other region’s laws and our own values.

  • We won’t penalize or deny service just because you care about privacy. For example, if you opt out of receiving marketing emails from us (which you can easily do), we’ll still treat you the same on our platform and provide the same level of service in helping you find lenders. We respect privacy choices.

  • Should Wisconsin pass its own privacy law (some drafts have been similar to Virginia’s or Ohio’s proposals), we’ll promptly integrate those requirements (like adding an official “Do Not Sell” link or formalizing response times to data requests, etc.) and update this Policy for you to reflect new rights.

  • In case of any data breach at our end affecting your info (which we strive hard to prevent), we’ll notify you swiftly as Wisconsin law requires and help you with any steps necessary (like recommending credit monitoring, etc., depending on what info was involved).

So overall, while Wisconsin doesn’t yet provide you via statute the kind of privacy rights some states do, RightLenderMatch is proactive in giving you control and safeguarding your information. You can always reach out to our support or privacy contact (detailed at the end of this Policy) with any questions or requests about your personal data — we’re here to assist and make sure you feel secure using our service.

Wyoming

Wyoming does not currently have a comprehensive consumer data privacy law similar to those passed in California, Colorado, etc. That said, Wyoming has taken some steps in related areas. Specifically, Wyoming passed laws around 2019-2020 focusing on data privacy in certain contexts:

  • Website Privacy Policy Requirement (2019): Notably, Wyoming enacted a law that requires any website or online service that collects personally identifiable information (like name, address, email, phone, SSN, etc.) from Wyoming residents to post a privacy policy. The privacy policy must detail the categories of personal info collected, what categories of third parties it’s shared with, and how consumers can request changes to their infosecuriti.ai. This is somewhat akin to California’s older Online Privacy Protection Act and shows Wyoming’s interest in transparency. RightLenderMatch complies with this — we have this very Privacy Policy describing our practices, which addresses all those points and more.

  • Genetic Data Privacy (2022): Wyoming passed a Genetic Data Privacy Act which requires consumer consent for the collection, use, or disclosure of genetic data by direct-to-consumer genetic testing companiessecuriti.ai. This is a narrow but important sector law, given the rise of DNA testing kits. For a service like ours, it’s not directly applicable (we don’t handle genetic data), but it underscores Wyoming’s emphasis on consent for sensitive personal info.

  • Data Breach Notification: Wyoming’s laws on breach notification are robust. They have a broad definition of personal information (including things like birth dates, etc., in combination with other details) and require that in the event of a security breach compromising unencrypted personal info, affected individuals (and the Attorney General in certain cases) be notified within a reasonable time. If any breach occurred on our end affecting you, we’d promptly inform you and offer guidance, in line with these laws.

  • General Consumer Protection: Wyoming’s Consumer Protection Act can cover unfair or deceptive trade practices. If a business misrepresents how it treats personal data or fails to comply with its stated privacy policy, it could be deemed a deceptive practice. We ensure we do what we say here in this privacy policy to avoid any such issues.

  • No Specific Rights to Access/Delete: Unlike some states, Wyoming doesn’t grant residents an explicit right to demand a copy of their data or deletion from businesses by law. However, as a matter of our company policy and influence from other jurisdictions, we do allow you control: you can ask about your data we hold and request deletion of your account or data, and we will accommodate that except if we need certain info for legal reasons like a record of a transaction or compliance.

  • Children’s Privacy: Wyoming follows federal COPPA for children under 13 (like everyone, requiring verifiable parental consent if we were collecting data from kids, which we do not as our services are adult-oriented). They haven’t their own stricter state rule beyond that.

In practice for a Wyoming resident:

  • You have the comfort of knowing we maintain a clear Privacy Policy (this document) to fulfill Wyoming’s requirement for transparency. We outline what we collect, why, who we share it with, and how you can reach us to exercise choices — fulfilling both the spirit and letter of that Wyoming law.

  • If you want to see what info we have about you or update it, you can contact us and we will help (even if Wyoming law doesn’t mandate we give it, we do so as good practice).

  • If you want your data removed from our systems, we will delete it, barring maybe some retention if absolutely necessary (like if you engaged in a financial transaction through us that we must record for a certain time – though typically we just connect you to lenders and the transaction is directly between you and them).

  • We do not sell your personal data to third parties. If that ever changed, we’d update this policy and ensure compliance with applicable requirements (though Wyoming doesn’t have a “do not sell” law, we hold ourselves to that standard already).

  • We protect your data with strong security measures to avoid breaches, and we’d promptly notify you if a breach affecting you happened, as Wyoming law requires.

  • There should be no discrimination or change in service if you reach out about privacy matters. Wyoming doesn’t have an anti-discrimination clause in a privacy law (like some states do), but of course, we treat all user inquiries with respect and we wouldn’t deny you service for something like requesting deletion of optional data or opting out of marketing.

Looking ahead, if Wyoming were to pass a broader privacy law (there’s been some talk nationwide, and Wyoming often leads in some digital realms like blockchain laws, so it’s possible they may consider broader privacy in the future), we will adapt and include that in our practices for Wyoming residents, updating this Policy accordingly.

In summary, Wyoming residents benefit from our adherence to Wyoming’s existing privacy and security laws as well as our own high standards which often align with more stringent laws elsewhere. You have transparency (through this policy), and while not law-mandated, we give you significant control and responsiveness regarding your personal data. If you are from Wyoming and have any questions or requests about your information with RightLenderMatch, please use our contact channels below — we’re here to ensure you’re comfortable and informed about how your data is handled.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please do not hesitate to contact us. We are here to help and address any issues you may have about your privacy or our data practices.

  • Online Contact Form: The best way to reach us is through our online contact form on the RightLenderMatch.com website. Visit our Contact Us page and submit your inquiry or request. Please provide as much detail as possible regarding your question or the rights you wish to exercise, so that we can respond effectively. If you are making a request to access, correct, or delete your personal data, please include sufficient information for us to verify your identity (for example, the email address you used with our service, or a recent interaction you had with us) and to locate your information.

  • Email: Alternatively, you may email us at privacy@rightlendermatch.com with any privacy-related inquiries or requests. If you choose this method for a rights request (such as asking for a copy of your data or deletion of data), please use an email address that you have used in connection with RightLenderMatch.com, and clearly state that you are a user making a privacy request. We may reply with a verification step (to ensure we are dealing with the correct person) before proceeding with your request.

    Please include contact information (like your name and email and/or phone number) and detail your question or request. Note that postal requests will naturally take longer for us to receive and respond to.

We will endeavor to respond to your inquiry or request as quickly as possible, typically within 30-45 days or sooner if required by applicable law. If you are contacting us to exercise a legal privacy right (for example, a request under a state law like the CCPA, VCDPA, etc.), we will confirm receipt of your request and let you know the next steps, which may include verifying your identity for security purposes and processing the request within the timeframe required by law. Verification is important: we want to make sure personal data is not disclosed or deleted at the request of someone impersonating you. The information you provide in a request will be used only for verification and handling your request.

We may occasionally update this Privacy Policy. If we make material changes, we will notify you by updating the Effective Date and perhaps through a notice on our website or an email to you. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Thank you for reading our Privacy Policy. We value your privacy and trust, and we are committed to protecting your personal information while providing you with a valuable service. Your use of RightLenderMatch.com is subject to this Privacy Policy and our Terms of Service. We appreciate the opportunity to serve you and help you find the right lending match, and we want you to feel secure every step of the way.

Loan Type

Quick Links

Why US?

Personalized Experience No two borrowers are the same, and we believe your loan should reflect that. We take the time to understand your needs and connect you with lenders who can offer solutions tailored to you.

Facebook Twitter Youtube

FHA                  Refinance                      Purchase                      DSCR Loans                    Home Equity Loans                     Bank Statement Loans                             First Time Home Buyer                                  Debt Consolidation Loan                      Home Improvement Loans                                        Get Matched                                                        Call us Now: (313) 682-1491                                                                 Email:contact@rightlendermatch.com                        

Scroll to Top