Privacy Policy

This Privacy Policy explains how DCR Loans LLC collects, uses, sells, and shares personal information when you use DCR Loans: Cash Advance App.

Effective Date: May 4, 2026

1. Introduction and Scope

DCR Loans LLC operates a loan-matching and lead-generation platform through DCR Loans: Cash Advance App. We connect users with third-party financial partners and related service providers.

We are not a lender, we do not originate loans, and we do not make credit decisions. This Policy describes what information we collect, how we use it, and, importantly, how we sell personal information and to whom.

By using the App, you agree to this Privacy Policy. The App is intended for U.S. residents who are at least 18 years old.

2. Laws and Regulatory Framework

Our data practices are designed to align with U.S. consumer finance and privacy rules, including federal and state frameworks.

  • GLBA (Gramm-Leach-Bliley Act): SSN, bank information, and related financial attributes may be treated as nonpublic personal financial information under GLBA.
  • CCPA as amended by CPRA: we apply CCPA/CPRA concepts of "sale" and "sharing," including notice and opt-out mechanisms where required.
  • FCRA (Fair Credit Reporting Act): applies where consumer reporting agencies or consumer report workflows are involved.
  • FTC guidance and rules: including lead-generation and data-broker expectations for fair and transparent handling of consumer information.
  • CAN-SPAM and TCPA: applies to email and phone/SMS outreach controls and consent standards.

GLBA-covered and FCRA-regulated data may be subject to separate notice obligations and may limit certain state privacy rights in specific circumstances.

3. Information We Collect

3a. Information You Provide Directly

When you submit an inquiry or request matching services, we collect:

  • Full legal name (first, middle, last)
  • Date of birth
  • Email address
  • Phone number (mobile and/or home)
  • Full residential address including street, city, state, and ZIP code
  • Social Security Number (SSN)
  • Driver's license number and issuing state
  • Bank account number (full account number)
  • Bank routing number
  • Bank name and account type (checking / savings)
  • Employer name
  • Employer phone number
  • Employment status and job title
  • Monthly or annual gross income
  • Source of income (employment, self-employment, benefits, other)
  • Purpose of the loan or cash advance request

We request SSN to support identity verification, KYC requirements used by lender partners, and fraud prevention workflows. SSN is encrypted in transit.

Driver's license information is used for identity verification, state eligibility screening, and KYC checks. Bank account and routing details may be used by partners for account validation and potential ACH disbursement or repayment setup. Employer phone number may be used by lenders to verify income and employment information.

3b. Information Collected Automatically

  • Device identifiers, operating system, App version, and IP address
  • Usage patterns, session metrics, and clickstream data
  • Approximate location inferred from IP address or device signals
  • Cookies, mobile SDKs, and pixels used for analytics and attribution

3c. Information from Third Parties

  • Identity and fraud verification vendors
  • Credit bureaus and alternative data providers in FCRA-context workflows
  • Marketing and referral partners that direct users to the App

4. How We Use Your Information

  • Create and manage your account and request flow
  • Verify identity (KYC) and assess eligibility parameters for matching
  • Package your information into a lead and route it to lender partners
  • Sell personal information to third-party lenders, financial institutions, and marketing partners (see Section 5)
  • Process referrals and partner transaction workflows
  • Send transactional messages and, where allowed by law and consent, marketing communications
  • Improve App performance, security, and analytics quality
  • Comply with legal duties and enforce our Terms of Use
Important Disclosure

5. Sale and Sharing of Personal Information

5.1 We Sell Your Personal Information

DCR Loans LLC sells personal information as defined under the CCPA/CPRA and applicable state privacy law. We sell personal information to third-party lenders, financial institutions, marketing partners, data aggregators, and lead buyers.

Data sold includes the following categories and elements: full legal name, date of birth, email address, phone number, full residential address including ZIP code, Social Security Number, driver's license number and issuing state, bank account number, routing number, bank name and account type, employer name, employer phone number, employment status and job title, monthly or annual gross income, source of income, and purpose of the loan or cash advance request.

In exchange for this data, we may receive monetary compensation, referral fees, per-lead fees, revenue share, and other valuable consideration. Compensation arrangements may influence which partners receive data first and how options are ranked or presented.

5.2 Categories of Third Parties Who Buy or Receive Your Data

  • Licensed lenders and financial institutions (including personal loans, installment loans, cash advances, and lines of credit)
  • Insurance companies and other financial product providers
  • Debt relief and credit counseling companies
  • Marketing partners delivering financial and non-financial offers
  • Data brokers and aggregators that may further resell the data

Once personal information is sold, the recipient's own privacy policy governs subsequent use. We do not control downstream use by buyers after sale.

5.3 Your Right to Opt Out of Sale

California residents, and users with similar rights under other applicable state laws, may opt out of sale of personal information by emailing privacy@dcrloans.com with the subject line "Do Not Sell My Information." You may also use the in-app opt-out link in Settings.

We process opt-out requests within 15 business days. Opting out stops future sales and does not reverse prior sales already completed. We may still share information where required by law or needed for core App functionality associated with a request you initiated.

6. Legal Basis for Processing

  • Consent: obtained before collection and sale; consent can be withdrawn, which may affect service availability.
  • Contractual necessity: processing required to provide the matching services you requested.
  • Legal obligation: KYC/AML duties, regulatory audits, and required recordkeeping.
  • Legitimate business interests: fraud prevention, account security, and integrity monitoring.

7. Data Retention

Retention periods vary by category, legal requirements, and active dispute or legal hold conditions. Example ranges include:

Full applicant profile (name, SSN, address, bank info, income) Retained for the duration of the business relationship plus 5 to 7 years after last activity, or longer if law or legal hold requires. Example: if last activity is January 2025, retention may continue until at least January 2030-2032.
Lead and sale records (recipient, timestamp, commercial terms) Retained for 5 to 7 years for FTC-facing recordkeeping and dispute defense.
Marketing and communication records Retained for 2 to 3 years after last interaction, or until opt-out plus 90 days.
Device and usage logs (IP, session, clickstream) Retained for 12 to 24 months.
Do Not Sell / opt-out records Retained for at least 5 years. Example: a March 2025 opt-out record is retained until at least March 2030.
Support communications Retained for 3 years after ticket resolution.

Where law requires longer retention, the legally required minimum period controls.

8. Data Security

  • Encryption in transit using TLS 1.2 or higher and encryption at rest using AES-256 where applicable
  • Role-based access controls with least-privilege administration
  • Ongoing monitoring, vulnerability review, and periodic controls audits
  • Vendor due diligence and contractual security obligations for partners and buyers

You are responsible for protecting credentials and promptly notifying us at help@dcrloans.com of unauthorized access concerns. No system is 100% secure; if a breach affects sensitive data, we will notify users and regulators as required by applicable law.

9. Your Privacy Rights

  • Right to Know / Access: request categories and specific data held, and where technically feasible, categories and specific recipients to whom data was sold.
  • Right to Deletion: request deletion, subject to legal, contractual, fraud, and compliance exceptions. Previously sold data cannot be deleted from third-party systems by us.
  • Right to Correction: request correction of inaccurate personal information.
  • Right to Portability: request a machine-readable copy of eligible information.
  • Right to Opt Out of Sale: see Section 5.3.
  • Right to Non-Discrimination: we do not deny services solely for exercising rights, though some features require data processing.

Submit requests to privacy@dcrloans.com with subject line "Privacy Request." Identity verification is required. Authorized agents may submit requests where state law permits. Response timelines are up to 45 days for California and 30 days in other states where applicable.

10. Marketing Opt-Outs

  • Email: use the unsubscribe link in marketing emails; requests are processed within 10 business days under CAN-SPAM. Transactional messages may continue.
  • SMS: reply STOP to opt out, HELP for help under TCPA workflows. OTP and essential transactional alerts may still be delivered.
  • Push notifications: disable through your mobile operating system settings.
  • Phone marketing: contact help@dcrloans.com to opt out. Auto-dialed marketing calls require prior express written consent.

Opting out of marketing does not automatically opt you out of sale of personal information. A separate "Do Not Sell My Information" request is required (Section 5.3).

11. California Residents (CCPA / CPRA)

If you are a California resident, the following additional rights apply under the CCPA as amended by the CPRA.

Right to Know. You may request categories and specific pieces of personal information collected; categories of sources; business purposes; and categories of third parties to whom information is sold or disclosed, including disclosure that we sell personal information and buyer categories.

Right to Delete. You may request deletion of personal information, subject to CCPA-permitted exceptions.

Right to Correct. You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing. We sell personal information under the CCPA definition. You may opt out via privacy@dcrloans.com or the in-app "Do Not Sell" link. Requests are processed within 15 business days.

Right to Limit Sensitive Personal Information. SSN, driver's license data, and bank account data are sensitive under CPRA. You may request that use be limited beyond CPRA-permitted purposes where applicable.

Right to Non-Discrimination. We will not unlawfully discriminate against you for exercising CCPA/CPRA rights.

Submit California requests to privacy@dcrloans.com with subject line "California Privacy Request." We respond within 45 days (subject to lawful extension). One free request per 12-month period applies for certain access requests.

GLBA and FCRA can preempt or limit aspects of state rights for certain regulated financial information.

12. Other State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights to access, delete, correct, port, and opt out of specific processing. To submit a request, email privacy@dcrloans.com.

13. Do Not Track and Global Privacy Control

We do not respond to browser Do Not Track (DNT) signals because there is no universal legal or technical standard. We honor Global Privacy Control (GPC) signals for California residents as an opt-out request for cross-context behavioral advertising sharing under CCPA/CPRA rules.

14. GLBA and FCRA Notices

GLBA Notice. SSN, bank account number, routing number, income, and employment details may be treated as nonpublic personal financial information under GLBA. A separate GLBA Initial Privacy Notice may be provided and may control use of that information.

FCRA Notice. If consumer reporting agencies are involved or consumer reports are used, your FCRA rights apply. Hard credit inquiries occur only with express prior authorization.

GLBA and FCRA requirements may limit or preempt certain state privacy rights for specific regulated financial datasets.

15. Cookies and Tracking Technologies

We use cookies, mobile SDKs, pixels, and device fingerprinting technologies for authentication, fraud prevention, analytics, ad attribution, and session management. On web surfaces, controls may be available through browser settings. In mobile environments, controls may be available through operating system settings.

Disabling tracking technologies can limit functionality or prevent access to parts of the service.

16. Children's Privacy

The App is intended only for users 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that such information was collected, we will take steps to delete it promptly and handle notice obligations through help@dcrloans.com.

17. International Users

The App is directed to U.S. users and data is processed in the United States. By using the App, you consent to processing and transfer of information in the United States.

18. Policy Updates

We may revise this Privacy Policy from time to time. The Effective Date at the top of this page will be updated whenever changes are published. For material changes, we may provide notice through the App or email. Continued use of the App after updates means you accept the revised Policy.