Privacy Policy
1.Who We Are and Who This Policy Covers
1.1 About Flashfunding llc
Flashfunding llc is a bill payment facilitation service operated by FlashFunding LLC d/b/a Flashfunding llc, a limited liability company registered in Texas. We coordinate vendor payment logistics for customers who wish to pay bills, rent, utilities, tuition, and professional service vendors using their existing credit cards.
1.2 Who This Policy Covers
This Privacy Policy applies to:
All individuals who visit the Flashfunding llc website (flashpay.us);
All individuals who submit a payment request through Flashfunding llc;
All individuals whose information is collected in connection with identity verification;
All individuals who communicate with Flashfunding llc by any channel including phone, text, email, or WhatsApp.
1.3 What This Policy Covers
This Privacy Policy explains:
What personal information we collect and why;
How we use, store, and protect your information;
Who we share your information with and under what conditions;
How long we keep your information;
Your rights regarding your personal information;
How to contact us with privacy questions or requests.
2Information We Collect
2.1 Information You Provide Directly
When you submit a payment request, we collect the following categories of personal information:
Category
Specific Data Collected
Why We Collect It
Identity Information
Full legal name, date of birth, last 4 of Social Security Number, government-issued photo ID (type, number, front and back image)
Identity verification, loan agreement execution, fraud prevention, chargeback defense
Contact Information
Home address, city, state, ZIP code, phone number (including WhatsApp), email address
Communication, loan agreement delivery, payment confirmation, legal notices
Payment Card Details
Card network (Visa/MC/Amex/Discover), card type (personal/business), full card number, cardholder name, expiry date, CVV, billing ZIP code, card issuing bank
Processing the credit card repayment charge via Stripe (our PCI DSS Level 1 processor)
Payee / Bill Details
Payee name, ABA routing number, bank account number, bill type, payment reference/memo, bill amount, invoice copy (if uploaded)
Executing the ACH payment to your payee
Loan & Agreement Details
Loan amount, service fee, total repayment amount, repayment due date, typed digital signature, agreement timestamp
Loan agreement execution, TILA disclosure compliance
Government ID Images
Front and back photo of driver's license, state ID, or passport
Identity proofing, fraud prevention, chargeback defense evidence
2.2 Information Collected Automatically
When you access our website or submit a form, we automatically collect:
IP address at time of access and form submission;
Device type, operating system, and browser type and version (user-agent string);
Geolocation data derived from IP address;
Date, time, and timezone (UTC) of all interactions;
Pages visited, time spent on each page, and navigation path;
Form field completion patterns (for fraud detection purposes);
Cookie and session identifiers (see Section 11 — Cookies).
2.3 Information From Third Parties
We may receive information about you from:
Stripe — our payment processor — including card authorization results, AVS (address verification) results, card BIN data, and fraud scores;
Twilio — our SMS provider — including OTP delivery confirmation and phone number verification results;
Identity verification providers — for document authentication and fraud screening;
Card networks (Visa, Mastercard, American Express, Discover) — in connection with chargeback disputes;
Law enforcement or government agencies — as required by law.
2.4 Information We Do NOT Collect
WE DO NOT COLLECT OR STORE THE FOLLOWING
Full Social Security Numbers — we collect last 4 digits only, for identity verification;
Full credit card numbers in retrievable plain text — card numbers are tokenized by Stripe and never stored on Flashfunding llc's own servers;
Bank account passwords or login credentials;
Biometric data (fingerprints, facial recognition data, or voiceprints);
Medical or health information;
Information about your children under 13 — we do not knowingly collect data from minors.
3How We Use Your Information
3.1 Primary Purposes
We use your personal information for the following primary purposes:
Purpose
How We Use Your Data
Processing your transaction
To verify your identity, pre-authorize your card, pay your bill via ACH, charge your card as loan repayment, and deliver payment confirmation.
Executing the Loan Agreement
To populate the Loan Agreement with your details, capture your digital signature, and maintain the signed record.
TILA compliance
To calculate and disclose the APR (0%), Finance Charge ($0), Amount Financed, and Total of Payments as required by federal law.
Fraud prevention
To detect, prevent, and investigate fraudulent transactions, identity theft, unauthorized card use, and money laundering.
Chargeback defense
To compile and submit evidence packages to card issuers and networks if you or another party files a chargeback dispute.
Communication
To send you transaction confirmations, payment receipts, loan agreements, and responses to your inquiries.
Legal compliance
To comply with applicable federal and state laws, court orders, government requests, and regulatory requirements.
Debt collection
To collect unpaid loan amounts, service fees, and associated costs in the event of default.
Service improvement
To analyze usage patterns and improve the performance, security, and user experience of our service (using anonymized or aggregated data only).
3.2 Legal Basis for Processing
We process your personal information on the following legal bases:
Contract performance — processing is necessary to execute and perform the Loan Agreement you requested;
Legal obligation — processing is required to comply with TILA, ECOA, BSA/AML, FDCPA, GLBA, and other applicable laws;
Legitimate interests — fraud prevention, chargeback defense, debt collection, and service security;
Your consent — for electronic communications, SMS verification, and data sharing disclosures you specifically agree to.
3.3 What We Do NOT Do With Your Information
WE DO NOT
Sell your personal information to any third party — ever;
Share your information for marketing or advertising purposes;
Use your information to make automated decisions about credit eligibility (all decisions are made by a human);
Send you unsolicited marketing emails or texts without your explicit consent;
Profile you for behavioral advertising;
Transfer your data to third countries outside the United States without appropriate safeguards.
4How We Share Your Information
4.1 We Do Not Sell Your Information
Flashfunding llc does not sell, trade, rent, or otherwise transfer your personal information to third parties for commercial purposes. This applies to all categories of personal information we collect.
4.2 Authorized Sharing — Required to Provide the Service
We share your information only with the following categories of recipients, and only to the extent necessary:
Recipient
What We Share and Why
Legal Basis
Stripe (Payment Processor)
Full card details and transaction amounts to process your credit card charge. Stripe is PCI DSS Level 1 certified. Subject to Stripe's Privacy Policy.
Contract performance
Your Payee's Bank (ACH)
Your payee's routing and account number, payment amount, and your name as the sender, to execute the ACH transfer.
Contract performance
Twilio (SMS Provider)
Your phone number to send SMS one-time passwords for identity verification.
Contract performance / consent
Card Networks & Issuers (Chargeback)
Your full transaction record, Loan Agreement, ID, IP logs, and all communication records — if a chargeback dispute is filed. You have expressly consented to this in the Terms.
Legitimate interest / consent
Collections Agencies
Your name, contact information, and debt details — only upon default and only to licensed, FDCPA-compliant collectors.
Legitimate interest / legal obligation
Law Enforcement / Government
Any information required by valid court order, subpoena, search warrant, or government request.
Legal obligation
Professional Advisors
Attorneys and accountants who are bound by confidentiality obligations, for legal and financial advice.
Legitimate interest
Business Successors
All customer data in the event of a merger, acquisition, or asset sale — with notice to you.
Legitimate interest
4.3 Chargeback Disclosure — Special Notice
IMPORTANT: CHARGEBACK EVIDENCE DISCLOSURE
By using Flashfunding llc and executing a Loan Agreement, you expressly and irrevocably consent to Flashfunding llc disclosing ANY and ALL of the following to card issuers, card networks, and their agents in connection with any chargeback, dispute, or fraud investigation:
Your signed Loan Agreement including your digital signature, IP address, timestamp, and device information;
Your government-issued photo ID (front and back);
Your full name, contact details, and home address;
ACH payment confirmation records;
All WhatsApp, text, and email communications between you and Flashfunding llc;
Your original payment request with timestamp and geolocation;
SMS OTP verification logs confirming your phone number;
Any other evidence relevant to the dispute.
This disclosure is necessary for Flashfunding llc to defend against fraudulent chargebacks and is a condition of using the service. You waive any privacy, confidentiality, or other objection to this disclosure.
5Data Security
5.1 Security Measures
Flashfunding llc implements industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security stack includes:
Security Layer
Standard and Details
Data in Transit
256-bit SSL/TLS (TLS 1.2/1.3) encryption on all connections between your device and our servers. The padlock icon in your browser confirms this protection.
Payment Processing
Stripe — PCI DSS Level 1 certified (the highest level of payment security certification). Flashfunding llc never stores, sees, or has access to your full card number in plain text.
Data at Rest
AES-256 encryption for all stored personal data. Data is stored in access-controlled, encrypted cloud storage systems.
Identity Documents
Government ID images are encrypted at rest, access-controlled, and accessible only to authorized Flashfunding llc personnel for identity verification purposes.
Access Controls
Role-based access control — only authorized personnel can access customer records. All access is logged and audited.
SMS Verification
One-time passwords delivered via Twilio to verify phone number ownership at transaction submission.
Audit Trail
Every transaction generates a tamper-evident electronic record including IP address, device fingerprint, geolocation, and UTC timestamp, linked to the signed Loan Agreement.
SSN Handling
Last 4 digits of SSN only — stored in encrypted form. Never stored in full, never in plain text.
5.2 No Absolute Security
While we implement robust security measures, no data transmission or storage system is 100% secure. If you believe your information with Flashfunding llc has been compromised, contact us immediately at hello@flashfunding.us or (713) 000-0000.
5.3 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, Flashfunding llc will notify affected individuals and, where required, relevant regulatory authorities within the timeframes required by applicable law. Notification will be provided via the email address associated with your most recent transaction.
6Data Retention
6.1 How Long We Keep Your Information
Data Category
Retention Period
Legal Basis for Retention
Signed Loan Agreements
7 years minimum
IRS / state record-keeping laws; chargeback defense (up to 18 months post-transaction); debt collection
Transaction records
7 years minimum
IRS record-keeping; state financial record laws; TILA compliance
Identity documents (government ID images)
7 years from transaction date
AML/BSA compliance; chargeback defense; fraud investigation
Communication records
7 years from transaction date
Chargeback defense; legal proceedings; regulatory compliance
Audit trail (IP address, device, timestamp)
7 years from transaction date
E-SIGN Act; chargeback defense; fraud investigation
Credit card details (tokenized via Stripe)
Not stored by Flashfunding llc in plain text
PCI DSS compliance — handled by Stripe
Marketing opt-in data (if any)
Until opt-out + 3 years
Regulatory compliance
Disputed / defaulted account data
Until debt is resolved + 7 years
Debt collection; legal proceedings
6.2 Deletion After Retention Period
After the applicable retention period, we will securely delete or anonymize your personal information. Anonymized data (from which you cannot be identified) may be retained indefinitely for statistical and service improvement purposes.
7Your Privacy Rights
7.1 Rights Available to All U.S. Customers
Regardless of which state you live in, you have the following rights:
Right
What It Means
Right to Know
You can request a copy of all personal information we hold about you, including what categories we collected, why, and who we shared it with.
Right to Correct
You can request correction of inaccurate or incomplete personal information we hold about you.
Right to Delete
You can request deletion of your personal information. Note: we cannot delete data we are legally required to retain (e.g., Loan Agreements, transaction records during the 7-year retention period).
Right to Restrict Processing
You can request that we limit how we use your information in certain circumstances.
Right to Data Portability
You can request a copy of your data in a structured, commonly used, machine-readable format.
Right to Opt Out of Marketing
You can opt out of any promotional or marketing communications at any time by contacting us or using the unsubscribe link in any marketing email.
Right to Non-Discrimination
We will not discriminate against you for exercising any of these privacy rights.
7.2 How to Exercise Your Rights
To exercise any of the rights above, contact us at:
Email: hello@flashfunding.us
Phone / WhatsApp: (713) 000-0000
We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing your request to ensure we are responding to the correct person. We will not charge you a fee for exercising your rights unless your request is manifestly unfounded or excessive.
7.3 Limitations on Deletion
We cannot delete information that we are legally required to retain, including:
Signed Loan Agreements during the 7-year retention period;
Transaction records required for IRS or state compliance;
Identity documents required for AML/BSA compliance;
Any records related to an active or potential legal dispute or debt collection matter;
Information required to respond to a government or regulatory investigation.
8California Residents — CCPA / CPRA Rights
8.1 Your Additional Rights Under California Law
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Right to Know — the specific categories and pieces of personal information collected about you in the past 12 months;
Right to Know — the categories of sources from which your personal information is collected;
Right to Know — the business or commercial purpose for collecting your personal information;
Right to Know — the categories of third parties with whom we share your personal information;
Right to Delete — request deletion of personal information we have collected (subject to legal retention obligations);
Right to Correct — request correction of inaccurate personal information;
Right to Opt Out of Sale or Sharing — Flashfunding llc does NOT sell or share personal information for cross-context behavioral advertising;
Right to Limit Sensitive Personal Information — you may request we limit the use of sensitive personal information (such as SSN digits and government ID) to only what is necessary to provide the service;
Right to Non-Retaliation — we will not penalize you for exercising any CCPA/CPRA right.
8.2 Categories of Personal Information Collected (CCPA Categories)
In the past 12 months, Flashfunding llc has collected the following CCPA categories of personal information:
Identifiers (name, email, phone, address, IP address);
Personal information categories listed in Cal. Civ. Code § 1798.80(e) (card number, SSN last 4);
Protected classification characteristics (none — we do not collect these);
Commercial information (transaction records, payment history);
Internet or electronic network activity (IP address, device information, page visits);
Geolocation data (derived from IP address at form submission);
Sensitive personal information (government ID, SSN last 4, full card number — collected solely to provide the service).
8.3 No Sale of Personal Information
Flashfunding llc does not sell personal information as defined under the CCPA/CPRA. We do not share personal information with third parties for cross-context behavioral advertising.
8.4 How to Submit a California Privacy Request
California residents may submit privacy requests by:
Emailing: hello@flashfunding.us with subject line "California Privacy Request";
Calling or texting: (713) 000-0000.
We will respond within 45 days (extendable by 45 additional days where necessary) and will verify your identity before processing your request.
9Other State Privacy Rights
9.1 Virginia — VCDPA
Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA) including rights to access, correct, delete, and obtain a copy of personal data, and to opt out of sale of personal data, targeted advertising, and profiling. Contact hello@flashfunding.us to exercise VCDPA rights.
9.2 Colorado — CPA
Colorado residents have rights under the Colorado Privacy Act (CPA) including rights to access, correct, delete, and data portability, and to opt out of sale and targeted advertising. Contact hello@flashfunding.us to exercise CPA rights.
9.3 Connecticut — CTDPA
Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA). Contact hello@flashfunding.us to exercise your rights.
9.4 Texas — TDPSA
Texas residents have rights under the Texas Data Privacy and Security Act (TDPSA) including rights to access, correct, delete, and obtain portability of personal data, and to opt out of sale and profiling. Contact hello@flashfunding.us to exercise TDPSA rights. As a Texas-based company, we take your Texas privacy rights seriously.
9.5 All Other States
Residents of states with active consumer privacy laws not specifically listed above may also have rights regarding their personal information. Contact us at hello@flashfunding.us and we will respond in accordance with applicable law in your state.
10Children's Privacy
10.1 No Data Collection From Minors
Flashfunding llc's services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete that information immediately.
10.2 If You Believe We Have a Child's Information
If you believe we have collected information from a child under 13, contact us immediately at hello@flashfunding.us. We will investigate and delete the information promptly.
11Cookies and Tracking Technologies
11.1 Cookies We Use
Our website uses the following types of cookies and tracking technologies:
Essential cookies — required for the website to function (session management, form security tokens). Cannot be disabled.
Analytics cookies — help us understand how visitors use our website (page views, time on site, navigation paths). Used with anonymized data only.
Security cookies — used for fraud detection and bot prevention.
We do not use advertising cookies, third-party marketing cookies, or behavioral tracking cookies.
11.2 Cookie Control
You can control cookies through your browser settings. Disabling essential cookies may prevent some parts of our website from functioning correctly. Disabling analytics cookies will not affect your ability to use the service.
11.3 Do Not Track
Our website currently does not respond to "Do Not Track" signals from browsers. However, we do not engage in the cross-site tracking that Do Not Track signals are designed to prevent.
12Third-Party Links and Services
12.1 Third-Party Websites
Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We are not responsible for the privacy practices of third-party websites and encourage you to read their privacy policies.
12.2 Third-Party Service Providers
We use the following third-party services in connection with Flashfunding llc. Each has its own privacy policy:
Provider
Service
Data They Receive
Stripe
Credit card payment processing (PCI DSS Level 1)
Card details, transaction amount, billing ZIP
Twilio
SMS one-time password delivery
Phone number, OTP code
Cloud Storage Provider (AWS/GCP)
Encrypted data storage
Encrypted transaction records and documents
Card Networks
Chargeback dispute resolution
Signed agreement, ID, IP logs, payment records (upon dispute only)
13Financial Privacy — Gramm-Leach-Bliley Act (GLBA)
13.1 GLBA Notice
Federal law gives customers the right to limit some but not all sharing of personal financial information. Federal law also requires us to tell you how we collect, share, and protect your personal financial information. This notice complies with the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801 et seq., and its implementing regulations.
Reasons We Can Share Your Financial Information
Does Flashfunding llc Share?
Can You Limit This?
For our everyday business purposes — such as to process your transactions and report to credit bureaus
Yes
No
For our marketing purposes — to offer our products and services to you
No
We don't share
For joint marketing with other financial companies
No
We don't share
For our affiliates' everyday business purposes — information about your transactions and experiences
No
We don't share
For our affiliates to market to you
No
We don't share
For nonaffiliates to market to you
No
We don't share
14Updates to This Privacy Policy
14.1 Right to Update
Flashfunding llc reserves the right to update this Privacy Policy at any time. When we make material changes, we will post the updated policy on our website with a revised effective date and, where required by law, provide direct notice to affected customers.
14.2 Your Responsibility
We encourage you to review this Privacy Policy periodically. Continued use of Flashfunding llc's service after the effective date of any update constitutes acceptance of the updated Privacy Policy.
15Contact Us
For any privacy questions, requests, or concerns, contact us:
Legal Entity
Flashfunding llc
Brand Name
Flashfunding llc
Privacy Officer
Available via email (role is not separately designated at this stage)
Phone / WhatsApp
Address
8 The Green STE A, Dover, DE 19901 USA
Response Time
Within 30 days for all privacy requests (45 days for CCPA)
To exercise rights
Email with subject: Your Right — e.g., "Right to Know Request"
⚡ Your Privacy Matters to Us
Flashfunding llc is a small, personal service built on trust. Every person who uses Flashfunding llc shares sensitive financial and identity information with us. We take that responsibility seriously. We collect the minimum data necessary, protect it with industry-standard security, and use it only to serve you and comply with the law. We never sell it. We never share it for marketing. If you have any concern at all about how we handle your information, please reach out — we will respond personally and promptly.
Subscribe to our newsletter
