Who We Are This Privacy Policy is provided by Green Flag Credit LLC (“GFC”) including, but not limited to GFC’s
online services (i.e., Credit Router). GFC and its services are referred to as “we”, “us”, or “our” in the
policy.
We are committed to respecting your online privacy and has created this Privacy Policy to demonstrate
our commitment to the protection of your personal information. This Privacy Policy applies to any personal
information you provide to us, or that we collect through our websites or other electronic forms of
communication. By accessing or using any part of our websites, applications, or financial data sharing
services (collectively the “Services”), you agree to the collection and use of your personal information
according to the terms set forth in this Privacy Policy.
INFORMATION WE COLLECT AND WHERE IT COMES FROM
Information You Provide Or Give Access To
When you utilize or test our services, we may collect information about you through your direct input or
through other sources permitted by you (including your financial institutions and payroll providers), and/or
applicable law, including but not limited to your:
• Name;
• Address;
• Phone Number;
• Email Address;
• Username;
• Passwords;
• Personal Identification Numbers (PINS);
• Date of Birth;
• Social Security Number;
• IP Address;
• Bank Statements;
• Bank Transactions;
• W-2s and other tax related documentation; or
• Paystubs;
Additional Information and Collection
To maximize the value of the Services, we may request you to provide additional information. Whenever
we ask for additional or optional information, we identify those fields appropriately so you may know what
information is required to provide the requested Service. If you choose to withhold any personal
information requested by us, it may not be possible for you to gain access to certain parts of the Services
you wish to use, or for us to respond to you appropriately.
Any information collected from our users is not sold nor is it shared or rented to others in any such way
that is different from what is disclosed in this Privacy Policy.
Information We Collect Automatically
Log Information. We collect information about your computer or web browser in order to analyze trends
and administer our websites. This information is collected in a generic aggregate format and is not linked
to personally identifiable information.
Cookies. In order to better serve you and protect your account information, we use “Cookies,” nuggets of
data that are stored on your hard drive as a file. Cookies data are usually stored on your computer’s hard
drive as a file in a web browser folder called “Cookies,” and you can delete this file anytime you choose.
The cookies used on our Services are valid only for the current session and become invalid shortly
thereafter. Cookies created by our Services will only work with our Services.
Notwithstanding any provisions of this Privacy Policy to the contrary, we collect and may share or publicly
disclose compiled, de-identified, aggregated data concerning financial transaction of our users. This
Credit Router Privacy Policy
1/22/2021 3
information is collected in a generic, aggregate format and, to the extent it is shared or
disclosed, will not contain any personally identifiable information.
HOW WE DISCLOSE AND USE INFORMATION
We will use your information in a manner consistent with this Privacy Policy. The following are examples
of how we use the information we collect from you:
• To verify your identity, which is required to give you access to our Services;
• To verify your accounts and establish the requested service with the service provider(s) of your
choice, including financial institutions, brokerage houses, and credit card companies;
• To perform services on your behalf or for a service provider;
• If you subscribe to a Service requiring payment, to process the initial payment and all subsequent
payments;
• To help us improve and personalize the content and functionality of our Services;
• To help us understand your usage of the Services to improve the Services;
• To communicate with you regarding customer service matters, questions and other various
comments you may send to us;
• To inform you about products, services, offers, and events we offer or sponsor, and to provide
news and other information we believe may interest you;
• To communicate various technical and administrative messages regarding the Services, including
notices of technology updates;
• To offer you the option to participate in contests or surveys regarding the Services;
• Auditing related to a current interaction with the consumer and concurrent transactions;
• Debugging to identify and repair errors that impair existing intended functionality;
• Undertaking internal research for technological development and demonstration;
• To maintain legal and regulatory compliance;
• To enforce compliance with our Terms and Conditions and Policies; and
• For any other purpose disclosed to you at the time we collect or receive the information, or
otherwise with your consent.
Promotions. When we send you promotional information, we give you the opportunity to opt-out of
receiving further information. Simply use the unsubscribe feature provided within each email or contact us
at (support@greenflagcredit.com). If you opt-out from receiving promotional materials, you may continue
to receive important service announcements, which contain information about the Services to which you
subscribe.
How We Share Your Information
In order to keep costs low and process your services as efficiently as possible, we utilize third party
services that may have access to your personal information for a variety of reasons. We only provide this
information with any third party after they have a signed confidentiality contract with us and the personal
information is only provided for business purposes. The information you provide us will be shared only in
limited circumstances, including, but not limited to:
• With your consent and at your discretion;
• With our-approved partners with whom you have enrolled for services after coming to us;
• With third party service providers whom we employ to provide marketing, security, development
or other business processes or to provide services on our behalf;
• When we reasonably believe such disclosure is required to comply with the law, an investigation
or other legal process, such as a court order or a subpoena; or
• In connection with a sale, merger, transfer, exchange or other disposition of all or a portion of a
business operated by us.
Cal Credit Router Privacy Policy
California Privacy Policy
2/19/2020 4
How We Handle / Secure Your Information
Because we are trusted with your personal information, we have implemented administrative, technical,
and physical security controls that are designed to safeguard your personal information. We maintain
physical, electronic, and procedural safeguards that comply with applicable state and federal standards to
guard your personal information held by us relative to the Services.
Please recognize that protecting your personal information is also your responsibility. We urge you to take
every precaution to protect your information when you are on the internet, or when you communicate with
us and with other parties through the internet. Change your passwords often, use a combination of letters
and numbers, and make sure you use a secure browser. If you have reason to believe that your
interaction with us or our partners is no longer secure, please let us know immediately by contacting us
as indicated in the Contact Us section below.
By using our Services, you agree that we may communicate with you electronically regarding security,
privacy, and administrative issues relating to your use of our Services. If we learn of a security breach
involving your Personal Information, we may attempt to notify you electronically by sending an email to
you. To withdraw your consent to receive electronic notice of a data breach, or if you have any questions
about the security of your personal information, please email us at info@greenflagcredit.com.
Our Legal Basis For Handling Your Information
Some jurisdictions require us to disclose the legal basis on which we rely to use or disclose your
information. To the extent those laws apply, our legal basis are as follows:
• Consent: Where required by law, and in some other instances, we handle your information on the
basis of your consent, whether express or implied.
• Our contractual obligations to you: Our handling of your information is to meet our contractual
obligations to you, or to take steps at your request in anticipation of entering into a contract with
you. Our contractual obligations to you may include the creation of your account and the provision
of the Services to you.
• Legitimate Business Interest: We handle your information in order to provide you with Services
and accomplish our legitimate business purposes.
Do Not Track Policy
Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your
online activities tracked. We currently do not respond to browser “do not track” signals.
Correcting/Updating Personal Information
We provide you with the opportunity to update, correct or erase your account, financial and credit card
information on our website. You may review and update your contact information (name, address, and
email address) by contacting our
Support team via email (info@greenflagcredit.com),
phone (313) 799-0069,
or the chat function within the Services (if available).
CONSUMER PRIVACY RIGHTS
The following states have implemented specific privacy-related rights for their residents. If you are a
resident of one of these states, please click on your state below for more information:
GFC Headquarters:
220 West Congress
2nd Floor #103
Detroit, MI 48226
(313) 710-8100
Children
You must be at least 18 years old to use our Services. We do not knowingly direct our Services to
children or collect, use, or disclose information about legal minors who visit. If you use our Services, you
represent that you are at least the age of majority under the laws of the jurisdiction of your place of
residence. If you believe your child has provided us with personal information, please alert us
at privacy@greenflagcredit.com. If we learn that we have collected personal information from a
Cal Credit Router GFC Privacy Policy
California Privacy Policy
2/19/2020 5
minor, we will promptly take steps to delete such information.
Retention Period
We will retain Personal Data for as long as necessary for the business or commercial reason it was
obtained, or any ongoing retention requirements found in the law. The manner in which we review our
retention requirements for our customers is (i) the length of time and type of service with our client and
provide the Services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether
retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations,
litigation or regulatory investigations).
Updates To This Privacy Policy
We may revise this Privacy Policy or our practices with respect to how we use personally identifiable
information at any time at our sole discretion. If we make any material changes to how we treat our
customers’ personal information, we will notify you by email to the primary email address specified in your
account, and through a notice on our website’s home page. You are responsible for ensuring we have an
up-to-date active email address to contact you. You are advised to review this Privacy Policy periodically
for any changes. Your continued use of our websites after such modifications will constitute your
acknowledgment of the modified Privacy Policy and your agreement to abide and be bound by the
modified Policy. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Details
Questions regarding this Privacy Policy, our information practices or other aspects of privacy in
connection with the use of our Services should be directed to our Data Privacy Officer, who can be
reached by email at privacy@Greenflagcredit.com.
GFC Headquarters:
220 West Congress
2nd Floor #103
Detroit, MI 48226
(313) 710-8100
Cal Credit Router GFC Privacy Policy
California Privacy Policy
2/19/2020 6
This California Consumer Privacy Act Policy (“Policy”) is provided by Green Flag Credit LLC (“GFC”)
including, but not limited to GFC’s online services (i.e. Creditrouter.com). GFC and its services are referred
to as “we”, “us”, or “our” in the policy.
YOUR DATA
When you utilize or test our services, we may collect information about you through your direct input or
through other sources permitted by you (including your financial institutions and payroll providers), and/or
applicable law, including but not limited to your:
Categories of Personal Data We Collect
We may collect certain personal information to facilitate the ability to best utilize our services.
These categories may be:
• Personal Identifiers, which may include: names; address; phone numbers; date of birth; email;
account numbers; passwords; IP addresses; geotechnical information; purchase history;
• Commercial Information, which may include: records of personal property; products or services
purchased, obtained, or considered; purchase history; consumer habits or tendencies; banking
account number; credit/debit card numbers; bank routing numbers; and credit score;
• Professional employment information, which may include: current work status; payroll provider
username and passwords; and multi-factor authentication;
• Audio data, which may include: audio recordings; or
• Anything else codified in subdivision (e) of Section 1798.80 of the CCPA.
How We Obtain Personal Data
We may obtain your personal information through a variety of sources. The potential sources are:
• Directly from the consumer;
• Public records;
• Lenders;
• Payroll providers;
• Payment processors;
• Web and data analytics;
• Cloud storage providers;
• SaaS providers; or
• Partners
Business or Commercial Purpose for Collecting Data
We may require personal information from California customers in order to best facilitate the product or
products. This information may or may not be shared with third parties to best facilitate the use of the
product. The business or commercial purpose for using personal information with third parties are as
follows:
• Customer service;
• Quality control;
• Support and maintenance of the products;
• Internal use;
• Fraud detection;
• Comply with other local, state, and national laws;
• Debugging; and
• Other services to facilitate the use of we and the consumer.
Third Party Companies That Receive Personal Data
We utilize third parties to facilitate the product. The third parties that may receive your information fall into
one of the categories below:
Cal Credit Router Privacy Policy
California Privacy Policy
2/19/2020 7
• Web analytics;
• Cloud Storage;
• Reporting Agencies;
• SaaS Providers; and
• Subsidiaries
Data We Sell
We do not sell personal information to any third party.
CONSUMER VERIFICATION
In order to comply with the CCPA, we are required to verify the identity of any consumer requesting
information. To request information that may have been collected in the previous 12 months, please visit
our Data Privacy Consumer Rights Portal to initiate the verification process to move forward with the
exercise of your rights.
YOUR RIGHTS
Right to Know
You have the right to request a disclosure of the personal information we have collected about you over
the past 12 months, including:
• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• The business or commercial purpose for collecting your personal information;
• The categories of third parties with whom we have shared your personal information; and
• The specific pieces of personal information we have collected about you
Right to Access
You have a right to request access to a copy of your personal information that we have in our custody
and control in a readily usable format
Right to Delete
The CCPA provides consumers the ability to delete personal information, with noted exceptions, so long
as the consumer is verified. To potentially delete your personal information, please visit our Data
Privacy Consumer Rights Portal to initiate the authentication process to move forward with the exercise of
your rights. If we are unable to delete your data through the exceptions found in the law, you will receive a
detailed response on why deletion is not an option.
Please be aware that exercising your right to delete may affect any of your subscribed services.
Non-Discrimination
California residents have a right to access their personal information, and if requested, deleted. The
consumer shall not be discriminated against from the business for exercising their rights codified in the
CCPA.
EXERCISING YOUR CALIFORNIA PRIVACY RIGHTS
To exercise any of your rights listed above, please login to the portal. Or, for more information regarding
your rights, contact privacy@Greenflagcredit.com.
You may also contact the company by mail, please provide your full name, address, and phone number,
along with a detailed request so that we can process your request in an efficient manner. Please note,
that if we are unable to validate your identity through this method, the company is not obligated to comply
with a request.
Cal Creditrouter.comPrivacy Policy
California Privacy Policy
2/19/2020 8
Green Flag Credit LLC
Data Privacy Department
220 West Congress
2nd Floor #103
Detroit, MI 48226
(313) 710-8100
RESPONDING TO REQUESTS
Pursuant to California Code 999.313 (a) We will confirm receipt of request within 10 days and potential
process that may follow. We aim to respond to a consumer request for disclosure, access or deletion
within 45 days of receiving that request. If we require more time, we will inform you of the reason and
extension period in writing.
AUTHORIZED AGENT
The CCPA allows consumers to designate an authorized agent to exercise the rights of a consumer. To
exercise this right, a consumer must provide Us, by mail, the following information. The consumer’s
name, signature, agents name, signature, expiration date of authorization, as well as other verifiable data
that may be requested in order to best protect the customer.
CHANGES AND STATUS
We may revise this California Resident Privacy Notice or our practices with respect to how we use
personally identifiable information at any time at our sole discretion. If we make any material changes to
how we treat our customers’ personal information, we will notify you by email to the primary email address
specified in your account, and through a notice on our website’s home page. You are responsible for
ensuring we have an up-to-date active email address to contact you. You are advised to review this
California Resident Privacy Notice periodically for any changes. Your continued use of our websites after
such modifications will constitute your acknowledgment of the modified California Resident Privacy Notice
and your agreement to abide and be bound by the modified Notice. Changes to this California Resident
Privacy Notice are effective when they are posted on this page.
We keep this California Resident Privacy Notice under regular review and will place any updates on our
website.
FAIR CREDIT REPORTING ACT
Your rights under the CCPA do not apply to any personal information that has been provided to Us in our
capacity as a “consumer reporting agency” for a permissible purpose related to consumer lending or
credit decisioning under the Fair Credit Reporting Act (“FCRA”) and will not be included under a CCPA
request. Instead, you have the right to access any consumer report information collected pursuant to the
FCRA at the GFC Reports portal