Privacy Policy

Last updated April 10, 2023

‍

INTRODUCTION

Boundless Financial Corp. (the “Company”) respects your privacy. This “Privacy Policy” describes how the Company collects, uses, maintains, discloses, and protects Personal Information (defined below) of our customers and Web Services (defined below) users (“you”) and the rights and choices you have regarding your Personal Information, including how you can access and update your Personal Information. This Privacy Policy was last amended April 10, 2023.

“Personal Information” is information that identifies you or could be combined by the Company or the Company’s services providers or affiliates with other information to identify you.

By accessing or using the Company’s website at https://www.getboundless.io/ (the “Website”) as well as any web application, including the Company’s web application at www.app.getboundless.io, or other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto  (together, the Website and any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto, the “Web Services”) or by accessing or using any content on or through the Web Services, you signify your consent to the terms of this Privacy Policy. If you do not agree with any terms of this Privacy Policy, please do not access or use the Web Services or any content on or through the Web Services, or otherwise submit any Personal Information to the Company. Your continued use of these Web Services after we make changes indicates that you accept and consent to those changes, so please check this Privacy Policy periodically for updates.

TYPES OF PERSONAL INFORMATION COLLECTED

The Company offer users with a business user account and connections to lenders through a centralized platform, simplifying your application process. The Personal Information the Company collects about you will depend on the manner in which you access or use the Web Services or any content on or through the Web Services (including whether you create an account and whether you fill and submit an application) and may include information you provide directly (e.g. through a form or email that is sent to us) and information that is collected by us (e.g. through observation of your web-browsing behaviour):

Provided Information:

• Business details, including your business name, constating documents, address, trade name, type of business, industry, URL, date of incorporation/formation, business start date, business model, type of business, industry, revenue and credit score;

• Details about the ownership of your business, including your owner’s (or owners’) name (s), title(s), date(s) of birth, ownership %, address(es), SIN/SSN(s), phone number(s), email(s) and credit bureau/monitoring/rating information, including credit score(s) and account details;

• Financial information, including the amount of funds you are requesting, intended use of funds, timing of funding requirements, and any additional information reasonably requested to complete your account or application(s);

• Account formation information, including a login name, email,  and a password, and other information related to your business user account that we may require from time to time (the information you provide when creating a business user account is collectively called your “Account Details”). When creating a business user account, you agree to provide correct, current, and complete Account Details, and to promptly update your Account Details if any information changes – for example, if you change your email address; and

• Information about the devices you use to connect to and interact with the Website and Web Services;

Collectively, your “Provided Information”

The Web Services (including any content provided on or through the Web Services) are not directed to any person who is not the legal age of majority under applicable law. The Company will not knowingly collect Personal Information from any person who is not the legal age of majority under applicable law.

METHODS FOR COLLECTING PERSONAL INFORMATION

The Company takes steps to ensure that any Personal Information we collect about you is adequate for, relevant to, and not excessive for the uses of such Personal Information, as described by this Privacy Policy.

How Information is Directly Provided to the Company by You

Personal Information the Company collects from you on or through the Web Services and as a result of your access to or use of the Web Services or any content accessed on or through the Web Services may include Personal Information you provide the Company directly, for example by:

• submitting, posting, publishing, displaying, or otherwise transmitting content, material, or information to the Web Services or to other users or persons through or using the Web Services (“User Generated Content”);
• filling in forms, applications, uploading documents, or corresponding with the Company on or through the Web Services, or otherwise communicating with the Company by any means including by phone or email;  
• if applicable or available through or on the Web Services: creating or registering for an account; subscribing, purchasing, applying, or requesting information on a service or product (including a loan product); or entering a contest or promotion;
• carrying out transactions through the Web Services, or facilitated by our Web Services;
• downloading and installing mobile and desktop applications;
• interacting with our advertising and applications on third-party websites and services;
• our observing your user practices and completion of optional surveys.

Any User Generated Content that is published or displayed by you on the Website is posted on and transmitted to others at your own risk. Although we limit access to certain pages and/or you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Generated Content. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User Generated Content.

How Information is Collected by the Company Through Technological Means

The Company may also use cookies, browser plug-ins or add-ons or other technological collection methods to collect information, some of which may be Personal Information.

We may collect some information, including Personal Information, automatically, including when the Company uses your Provided Information, scans your government-issued ID, connects to your bank accounts or to credit bureau/monitoring/rating accounts using your Provided Information, including during the account creation process. We may maintain or associate your Provided Information with Personal Information we collect in other ways, that you provide to us, or that we receive from third-parties. We may use this Personal Information in the manner set out below under the section entitled “Using and Disclosing Personal Information”.

This information also helps the Company improve the Web Services and the content available on or through the Web Services and otherwise improve the services of the Company by:

• helping the Company understand usage patterns and individual and aggregated statistics on the Web Services;
• allowing the Company to tailor the Web Services to your preferences and interests; and
• recognizing you when you visit the Web Services multiple times;
• developing or improving the services offered by the Company, including through the development and implementation of analytics, automation, and machine learning engines and related programs; and
• enabling the Company to take other steps as permitted by and in compliance with applicable law.

The technologies used by the Company to automatically collect the information described above may include cookies (or browser cookies), which are small files placed on the hard drive of your computer. You can turn off cookies using your internet browser but doing so may limit or remove certain parts of the Web Services, certain content on the Web Services, or the functionality of the Web Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Web Services. Please note that disabling cookies alone will not stop us from collecting all Personal Information so long as you are accessing or using the Web Services.

Third-Party Features

The Web Services may include, integrate, or rely on links, plug-ins, services, social networks, content, or applications of third-parties, including advertisers, ad networks and servers, content providers, and application providers. Your access or use of such links, plug-ins, services, social networks, content, or applications may allow the third-party provider to collect or share information about you, some of which may be Personal Information. The Company does not control such third-parties’ use of cookies or similar technologies – if you would like to know more about how these third-parties use such technologies, you should contact the responsible provider directly. The Company does not accept any responsibility or liability for the privacy policies of any such third-parties or their compliance or non-compliance with such privacy policies. We encourage you to read the privacy policy of every website you visit and of every app or application that you access, install or use.

USING AND DISCLOSING PERSONAL INFORMATION

Use of Personal Information by the Company

The Company collects Personal Information to provide you with a secure, smooth, efficient, and customized experience through or on the Web Services or any content on the Web Services. The Company may use your Personal Information to:

• provide you with content, services, or products, including loan products offered by third-party service providers, on or though the Web Services;
• customize, measure, and improve the Web Services or content provided on or through the Web Services, or otherwise analyze or manage the Company’s business operations or Web Services performance;
• prevent prohibited or illegal activities, loss, or fraud, enforce the Company’s terms of use (the “Terms of Use”), or otherwise protect the security or integrity of the Web Services or the Company’s business;
• deliver targeted marketing, service update notices, or promotional offers base on your communication preferences;
• send you things in the mail or through other channels, such as products or services that you have requested;
• register you for, or authenticate you when you sign into, an account or online services or when you purchase a product or service, or to provide you with notices about such accounts, subscriptions, or purchases;
• provide you notice about changes to the Web Services, this Privacy Policy, or the Terms of Use;
• facilitate a potential introduction to you by a third-party, as described below under “Third-Party Transfers”;
• assess your eligibility for loan and other financial products (and assist third parties in offering those products to you);
• otherwise fulfill the purposes for which you have provided Personal Information or that were described when such Personal Information was collected; or
• carry out other purposes to which you consent or which are otherwise permitted or required by law.

The Company may combine all the Personal Information the Company collects, including yours, in order to analyze and understand aggregate trends.

Third-Party Transfers

The Company may provide your Personal Information to third parties who may wish to offer you the opportunity to apply for loans, other financial products, and related services. Where (1) you instruct us to provide Personal Information about you to a third-party on, through, or as a result of the Website and Web Services and (2) you know the identity of such third-party, you acknowledge and agree that such third-party’s receipt, use, and possession of and your rights with respect to such Personal Information will be governed by the applicable privacy policy of such third-party, and that the Company will have no obligations or liability with respect to or as a result of such third-party’s receipt, use, or possession of such Personal Information (“Exported Information”).

The Company may also transfer your Personal Information to third-parties that assist the Company with the use of Personal Information described in “Use of Personal Information by the Company”, above, such as data centers, or email service providers. Some third-parties may be located outside of Canada and may accordingly be subject to laws that are different from those in Canada.

In compliance with applicable privacy laws, some aggregated and/or de-identified information may be transferred to a third party without your further consent to facilitate a potential introduction.

The Company requires that all third-parties that the Company uses to deliver its Web Services that receive any Personal Information from the Company, except for Exported Information, use the same standards as the Company in using, maintaining, disclosing, and protecting Personal Information.

The Company may also share aggregated, non-personally identifiable information publicly to show trends about the general use of the Web Services, or any content, services, or products provided on or through the Web Services.

Other Disclosures of Personal Information

The Company may disclose your Personal Information if necessary to collect a debt from you or where the Company has reason to believe that such Personal Information is relevant to the investigation or decision to investigate a breach of the laws of Canada, a province or territory of Canada, or a foreign jurisdiction, and the Company is legally permitted or required to do so, or to otherwise comply with any court order, law, or legal process, including in response to any government or regulatory request or process, in accordance with applicable law. The Company may also disclose your Personal Information if necessary to enforce this Privacy Policy or the Terms of Use, or if the disclosure is necessary to protect the rights, property, or safety of the Company, the Web Services, users of the Web Services, or third-parties.

The Company may transfer information about you, including Personal Information, in connection with a merger or sale (including any transfers made as part of an insolvency of bankruptcy proceedings) involving all or part of the Company’s business or as part of a corporate reorganization or stock sale or other changes in corporate control.

ACCESS AND CORRECTION

It is important that the Personal Information the Company holds about you is accurate and current. Please keep the Company informed if your Personal Information changes. You have the right to access your Personal Information and to request a correction to your Personal Information if you believe it is inaccurate. If you would like to access your Personal Information, or have your Personal Information corrected or deleted, please contact the Company in the manner set out by this Privacy Policy. To the extent permissible by law, the Company may charge you a fee to access your Personal Information and will notify you in advance of any such fee.

The Company will provide you with access to your Personal Information in accordance with applicable privacy legislation, and may decline to provide you access to your Personal Information on the basis that such Personal Information is:

• protected by solicitor-client privilege;
• part of a legal proceeding, government or regulatory investigation or process, or otherwise part of a formal dispute resolution process;
• information that would reveal Personal Information about another individual or confidential commercial information; or
• prohibitively expensive to provide.

Where the Company is unable to provide you with access to your Personal Information, reasons will be provided, subject to any legal or regulatory restriction.

If you delete your User Generated Content from the Website, copies of your User Generated Content may remain viewable in cached and archived pages or might have been copied or stored by other Website users. Proper access and use of information provided on the Website, including User Generated Content, is governed by our Terms of Use https://www.getboundless.io/terms-of-service.

You may have the right to withdraw the consent you have provided under this Privacy Policy in certain circumstances. To withdraw your consent, if applicable, please contact the Company in the manner set out by this Privacy Policy.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

The Company strives to provide you with choices regarding the Personal Information you provide to us. The Company has created mechanisms to provide you with the following control over your information:

1. You may decline to complete any applications, surveys or forms during your use of the Web Services.

2. You may provide or decline to provide your consent to any Company request for information.

DATA SECURITY

The security of your Personal Information is important to the Company. The Company protects your Personal Information by maintaining physical, organizational, and technological safeguards (including, in some cases, private key encryption) against unauthorized access, unauthorized disclosure, theft, or misuse appropriate to the sensitivity of such Personal Information. Personal Information collected by the Company may only be accessed by persons within the Company who require access to provide you with access to, use of, or content, services, or products provided on or through the Web Services. The Personal Information the Company collects is maintained within databases located in Canada.

The safety and security of your information also depends on you. Where the Company has given you (or where you have chosen) a password and/or private encryption key for access to certain parts of our Web Services, you are responsible for keeping this password and/or private encryption key confidential. The Company asks you not to share your password and/or private encryption key with anyone.

Although the Company takes precautions against breaches of or unauthorized access to your Personal Information, no company can fully eliminate the risks of such breaches or unauthorized access and no website is completely secure. The Company cannot guarantee that unauthorized access, hacking, data loss, or breaches of the Company’s security systems will never occur. Accordingly, you should not transmit Personal Information to the Company by any means if you consider that Personal Information to be sensitive.

Except as otherwise permitted or required by applicable law or regulation, the Company retains Personal Information that it collects only as long as necessary for the purposes for which such Personal Information was collected. The Company reserves the right to use anonymous and de-identified information, including anonymized or otherwise de-identified Personal Information, for any legitimate business purpose without further notice to you and without your Consent.

DATA RETENTION

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your Personal Information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

CHANGES TO THE PRIVACY POLICY

The Company reserves the right to amend this Privacy Policy for any or no reason, at any time, and from time to time in accordance with the terms of this Privacy Policy. The Company will reflect any such amendments on the Web Services. Your continued access to or use of the Web Services or any content on or through the Web Services after any such amendment constitutes your acceptance of the Privacy Policy as then amended. The Company includes the date this Privacy Policy was last amended at the top of this page.

CALIFORNIA RESIDENTS

If you are a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, notwithstanding anything else in this Privacy Policy, to the extent applicable to you we commit to meeting or exceeding the requirements of the California Consumer Privacy Act of 2018 ("CCPA"), Cal Civ Code § 1798.100.

If applicable to you, this means the Company’s collection, use and disclosure of Personal Information shall be in accordance with the CCPA, and, among other things:

• You have the right to have the Company delete the Personal Information the Company has collected from you by emailing us at privacy@getboundless.io.

• You may opt out of the sale of your Personal Information by emailing us at privacy@getboundless.io.

• You have rights under the CCPA to ask the Company for records of Personal Information collected (including how), how Personal Information was used (including reasons), and how Personal Information was shared (including with whom) by the Company in the past 12 months by emailing us at privacy@getboundless.io.

• The Company shall not discriminate against you for exercising any of your rights under the CCPA.

CONTACT INFORMATION AND CHALLENGING COMPLIANCE

The Company has appointed a Privacy Officer responsible for ensuring compliance with this Privacy Policy. If you have any questions regarding this Privacy Policy or your Personal Information, please contact the Company’s Privacy Officer at:

Boundless Privacy Officer

27 Bathurst Street, Unit 218W

Toronto, Ontario, Canada

M5V 0R1

privacy@getboundless.io

‍