Apply For Funding

Privacy Policy

Privacy Policy for Capital Funding TX, LLC (dba Sum Funding)

Effective Date: August 26, 2025

1. Introduction and Scope

Capital Funding TX, LLC (doing business as Sum Funding, referred to as “Sum Funding,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, share, and safeguard your personal information in the course of our pre-settlement funding business (sometimes called merchant cash advances for pending legal claims) conducted throughout the United States. It also explains your privacy rights under U.S. laws, including the California Consumer Privacy Act (CCPA) (as amended by the CPRA), the Texas Data Privacy and Security Act (TDPSA), and similar state laws.

By using our website or services (collectively, the “Services”), you consent to the practices described in this Privacy Policy and our Terms of Use. If you do not agree with any part of this Policy, please do not use our Services. Our Services are intended for U.S. residents; if you are located outside the United States, be aware that your information will be transferred to and processed in the U.S., and you are not authorized to use the Site if you are outside the United States.

Please read this Privacy Policy carefully. It describes what information we collect, how we use and share it, your rights and choices, and how we protect your information. If you have any questions, you can contact us using the information in the “Contact Us” section below.

2. Information We Collect

We collect various types of information from and about you in connection with the Services. This includes:

  • Information You Provide Directly: When you apply for funding or otherwise interact with us, you may provide personal information such as your name, contact details (address, email, phone number), date of birth, and government-issued identifiers (e.g. Social Security number or driver’s license). You may also provide details about your legal case (e.g. type of injury or accident, date of incident, injuries sustained, treatment history, and the name of your attorney or law firm) as part of your funding application. If you communicate with us or submit documents, we will collect whatever information you choose to share (which could include medical reports, police/accident reports, legal filings, or other case-related records). Some of this information may be considered sensitive personal information, such as health or medical information related to your injuries, your Social Security number, or financial account information. We only ask for sensitive information when necessary for our evaluation or to comply with legal requirements, and we protect it as described in this Policy (see Section 8 below on Data Security).

  • Information from Third Parties: We may also receive information about you from others. For example, your attorney or their staff might send us documentation about your case or verify details on your behalf (with your authorization). We may get referral information from brokers or affiliate companies that help connect clients with funding services. We could also obtain additional details from public records or databases (for instance, to verify case filings or check for liens or prior funding) and from service providers (such as identity verification services or credit bureaus, where permitted by law). If you engage with us on social media or review platforms, or participate in a promotion, we might receive your username or feedback from those sources as well.

  • Information Collected Automatically: Like most websites, our Site automatically collects certain technical data about your visit. This “usage data” may include your device’s IP address, device type and model, browser type and version, operating system, device identifiers, and browsing information such as the pages or content you view, the dates/times of visits, and the website or advertisement that referred you to our Site. For example, when you visit our Site, our systems log information about your “request,” including the page you requested, the time of request, and the URL of the site you visited immediately before (the referral source). We may also collect information about your interactions with our emails or online content (such as whether you opened an email or clicked a link). Some of this data is collected through cookies and similar tracking technologies, as described in the Cookies and Tracking section below. Use of IP Addresses: We may analyze, enrich, or use third-party reverse IP lookup tools for IP address information to understand general location (such as city or state), internet service provider, or business organization. This information may be used for security monitoring, fraud prevention, and internal analytics. 

  • Cookies and Tracking Technologies: We and our third-party partners use cookies, web beacons, pixels, and other tracking technologies (“Cookies”) to personalize your experience and gather information about how you use our Services. Cookies help us remember your preferences and understand usage patterns. They also support features like our online chat and application forms. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until deleted) for authentication, security, user experience, and analytics.

  • Third-Party Analytics and Advertising Tools: We partner with third-party analytics providers like Google Analytics to understand how users find and use our Site. These providers may set their own cookies or similar identifiers to collect information about your online activities over time and across different websites. For example, Google Analytics may collect your IP address or device identifiers and usage info to help us analyze site traffic and improve our Services. We also use marketing and advertising partners that deploy tools such as the Google Ads conversion tags, Meta (Facebook) Pixel, and TikTok Pixel on our Site. These tools collect data about your visit (e.g. pages viewed, IP, device identifiers) and enable us to deliver targeted advertisements for our services on other platforms you may use. This practice is commonly known as interest-based or cross-context behavioral advertising. Please note: data collected via these third-party tools may be combined with other information about you and used by the third parties under their own privacy policies. We do not have direct control over how those third-party tools operate, though we contractually require service providers to protect your data and use it only for our purposes.

Categories of Personal Information: In the past 12 months, we may have collected (and in some cases shared/disclosed) the following categories of personal information (as defined by applicable law) about consumers who use our Services:

  • Identifiers: e.g. real name, alias, postal address, email address, phone number, IP address, Social Security number, driver’s license or passport number, or other similar identifiers.

  • Contact and Account Information: account login credentials (for any online portal we provide), and security questions/answers if you establish an account.

  • Financial Information: bank account and routing number (for funding disbursement), or, if you provide payment info to us, credit/debit card numbers or other payment details.

  • Case and Claim Information: details about your legal claim or case, such as the type of incident (e.g. auto accident, workers’ comp, etc.), date of loss, injuries and treatment, insurance information, anticipated case value, attorney and law firm name, case status updates, and related documents. This may include some health information (e.g. medical reports or doctor’s contact info if relevant to your case) and legal information (e.g. police reports, witness statements, or court filings). It may also include information about your employment or income loss due to the injury, if you provide it, and any existing liens or advances on your case.

  • Sensitive Personal Information: certain information in the above categories is considered sensitive under some laws – for example, government-issued identifiers (SSN, driver’s license), account logins, precise geolocation, racial or ethnic origin, health data, or information about sex life or biometric identifiers. We limit our collection of sensitive data to what is necessary for the specific purpose (such as identifying you, evaluating your funding request, or complying with law). The sensitive data we may collect (with your consent or as required) could include your Social Security number, driver’s license or state ID number, and medical/health information related to an injury or disability claim. We do not collect sensitive categories like biometric identifiers or precise GPS coordinates, except possibly general location data from your IP or area code for fraud prevention. Any sensitive personal information we do collect is used only for necessary business purposes (e.g. underwriting your advance, fraud prevention, or as required for legal reporting) and is not used for targeted marketing or profiling beyond what is allowed by law.

  • Internet or Network Activity: as noted above, information about your interactions with our Site or ads, including browsing history on our Site, pages viewed, how you navigate through our forms, referral URLs, and interactions with our ads or emails. This can include cookie IDs or advertising identifiers.

  • Geolocation Data: we infer general location (city, state) from your IP address when you visit our Site, which helps us, for example, route you to relevant state-specific disclosures or understand where our services are in demand. We do not track your precise location (e.g., via GPS) through our Site.

  • Professional or Employment Information: if relevant to your case or application, we may collect your occupation and work status (e.g., if an injury caused you to miss work), employer name for verification, or employment history (for example, if you list it on an application or resume when seeking a job with us).

  • Inferences: we may draw insights from the information we collect (e.g., to assess the strength or potential value of your case, or to tailor our marketing). However, we do not use automated profiling to determine your eligibility for funding without human review (see Section 7 on AI and Automated Decision-Making). Any inferences we draw are used internally to improve services and are not sold.

We treat all of the above as “personal information” if it relates to an identified or identifiable individual. Where required by law, we will de-identify or anonymize data (so it can no longer be linked to you) or obtain your consent for certain data uses. We do not knowingly collect any sensitive personal information about protected characteristics (such as race, religion, or biometric data) unless you choose to provide it (for instance, if you mention something in your case narrative) – and even then, we only use it as necessary to provide our Services or as required by law.

3. How We Use Your Information

We use the personal information we collect for our everyday business purposes and to provide, improve, and protect our Services. The purposes for which Sum Funding may use your information include:

  • Providing and Improving Services: To operate, maintain, and administer our pre-settlement funding Services and website. This includes using your information to evaluate your funding application, assess your eligibility for an advance, and determine appropriate funding terms. We use personal and case information to underwrite and process your cash advance, which may involve verifying details with your attorney or insurance companies. We also use data to troubleshoot technical issues, analyze performance, and make enhancements to our website and Services. For example, understanding how users navigate our Site helps us improve the online application experience.

  • Communication: To respond to your requests and inquiries, such as when you contact customer support or ask questions about our Services. We use your contact information to communicate with you about your application status, send updates on your funding transaction, and notify you (and your attorney, as appropriate) of important information. We may also send administrative emails (for instance, confirmations, legal disclosures, changes to terms, or policy updates) and service-related announcements. If we have trouble processing an application or need additional information, we will use the info provided to reach you or your attorney. We retain correspondence and communications as needed for our records and to train our support team.

  • Marketing and Offers: To send you marketing communications about our Services or new offers, if you have not opted out. We may use your email or phone number to send newsletters, promotions, or offers that we believe may be of interest to you (for example, if you opted in to receive such messages). These communications will include an easy way to unsubscribe or opt out. We also use data (like cookies and device identifiers) to tailor advertisements you see on our Site or third-party sites to make them more relevant. For instance, if you visited our Site and started an application, we might later show you an ad on Facebook reminding you of our service. We do not send marketing emails or texts to you if you have opted out, and we do not engage in spam. We may engage in business-to-business outreach based on company-level insights (for example, inferred organization from IP enrichment), and we honor do-not-call and opt-out requests.

  • Analytics and Personalization: To analyze usage of our Site and Services, measure the effectiveness of our campaigns, and understand our customer base. We use analytics data (often aggregated or de-identified) to see things like which pages or marketing channels are driving the most interest. This helps us focus our efforts and improve our website content and outreach strategies. We may also use cookies to remember your preferences (such as your state selection or form inputs) to personalize your experience on our Site.

  • Service Automation and AI-Assisted Processing: To streamline our operations and improve response times, we may use automated systems and artificial intelligence (AI) tools in some of our processes (see Section 7 for details). For example, we might use automated workflows to sort incoming applications, or AI-powered chatbots to answer common customer questions quickly. We also may utilize AI-based tools to help evaluate aspects of your application (such as flagging missing information or performing preliminary risk assessments). These uses help us deliver services faster and more efficiently. However, final funding decisions involve human review and are not made solely by algorithms – we use AI as an aid, not as the final arbiter, in decisions that significantly affect you.

  • Legal and Compliance: To comply with our legal obligations and protect lawful interests. This includes using personal information to satisfy regulatory requirements (such as verifying your identity to prevent fraud, money laundering, or other misuse), to respond to lawful requests by public authorities, or to fulfill reporting obligations under state laws (for instance, certain states require us to report funding transactions to state officials or to comply with a subpoena in litigation). We may use and retain personal data as needed to assert or defend legal claims, to enforce our contracts (including our funding agreements and this Policy), and to prevent fraud or illegal activity. For example, we may use your information to detect fraudulent applications or to protect the security of our website and systems. If you owe us money under a contract, we may use your information to attempt collection or to pursue remedies. We also use personal information to comply with applicable privacy and consumer protection laws, which might involve honoring opt-out preferences and documenting your requests.

  • Safety and Security: To safeguard our Services, our clients, and others. We monitor for and attempt to prevent security incidents, malicious activity, and misuse of our Site. If necessary, we will use personal data to investigate and mitigate fraudulent or deceptive behavior, cyberattacks, or any threats to the safety of persons or property. We also reserve the right to use and disclose information as needed to protect our rights or the rights of others (for example, to address complaints, or to prevent harm in an emergency).

  • Other Business Purposes: As part of routine business operations, we may use information for internal purposes such as auditing, data analysis, testing, research, and debugging to improve service functionality. We might use data for training and quality assurance (for instance, reviewing recorded calls or chatbot interactions to improve our customer service). If we ever want to use your information for a purpose materially different from the above, we will provide notice or obtain your consent as required by law.

We will not collect additional categories of personal information or use the information we collected for materially different, unrelated, or incompatible purposes without providing you notice. Sum Funding does not use your personal information to make any automated decisions that produce legal or similarly significant effects without an opportunity for human intervention. If we engage in such profiling or automated decision-making in the future (for example, using an algorithm to approve/deny funding with no human review), we will comply with applicable laws that safeguard your rights in those processes.

4. Cookies and Tracking Technologies

How Cookies Work: Cookies are small data files stored on your browser or device. They allow websites to recognize your device and store certain information (like user preferences). We use cookies and similar tools (such as pixel tags and web beacons) to make our Site work, to analyze traffic, and to support our advertising. For example, cookies help us keep you logged into any account dashboard, remember your application progress, or understand whether you are a new or returning visitor.

Types of Cookies We may Use:

  • Essential Cookies: These are necessary for our Site to function properly and securely. They enable core features like authentication, and they cannot be disabled without impairing the Service.

  • Analytics Cookies: These cookies collect information about how visitors use our Site (which pages are visited, any errors encountered, etc.) and help us improve performance. For instance, we use Google Analytics cookies to learn about Site traffic and usage patterns.

  • Advertising Cookies: These cookies are used by us and our advertising partners to deliver personalized ads relevant to you. They track your browsing habits across websites to show you targeted advertising. For example, the Facebook/Meta Pixel and TikTok Pixel on our Site enable those platforms to identify that you visited Sum Funding, so we can present you with our promotional content on their networks. These cookies also help us measure the effectiveness of our ads.

  • Functional Cookies: These remember your preferences and enhance your experience (e.g., keeping track of your state selection or form inputs so you don’t have to re-enter information).

Third-Party Tracking: Some content or applications on our Site are served by third parties, including analytics companies and advertising networks. These third parties may set their own cookies or use other tracking technologies through our Site to collect information about you over time and across different websites. For example:

  • Google Analytics: We use Google Analytics to collect information about Site usage. Google may use cookies and device identifiers to process data about your visit for analytics purposes and for its own use (such as improving Google products and services or, with your separate consent, personalizing ads). You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by using the other methods described below.

  • Facebook Pixel: Our Site uses the Meta (Facebook) Pixel, which sets cookies to measure ad conversions and create custom audiences for our ads. This means that if you are a Facebook user, Meta may recognize you have visited our Site and may use that information to show you an ad from us on Facebook or Instagram. Meta’s use of this data is governed by Meta’s privacy policy. We do not have access to personal data from Facebook; we receive only aggregated ad performance reports.

  • TikTok Pixel: Similarly, we may use the TikTok Pixel to track conversions from TikTok ads and to retarget users on TikTok. TikTok may collect information such as your IP address, device info, and pages visited on our Site through this pixel. See TikTok’s privacy policy for details on their data practices.

  • Other Third-Party Tools: We may work with other advertising networks or social media platforms (such as Twitter, Google Ads, LinkedIn, etc.), which might deploy cookies or beacons on our Site for similar purposes. Social media “share” buttons or widgets on our Site (e.g., a Facebook “Like” button or Twitter “Tweet” button) may also set cookies and collect certain information (such as your IP address and the page you’re on). These features are hosted by the third party and are governed by that party’s own privacy policy, not ours.

Your Choices – Cookie Controls: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when cookies are being sent. If you disable cookies, please note that some parts of our Service may not function properly (for example, our online application form or account login may not work without certain essential cookies).

  • Browser Settings: Check your browser’s help or settings menu for options to manage cookies. You can typically remove or block cookies, or set your browser to delete cookies when you close it.

  • Industry Opt-Out Sites: The online advertising industry provides websites where you can opt out of receiving targeted ads from participating companies. You can visit the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) opt-out page to manage your advertising preferences. These tools allow you to opt out of many (but not all) tracking cookies in one place. Keep in mind, if you opt out of targeted ads, you will still see advertisements but they will be less relevant to your interests. Also, these opt-outs are typically stored via cookies – if you clear your cookies, you may need to opt out again.

  • Mobile Settings: For mobile apps, you can usually limit ad tracking via your device settings (such as selecting “Limit Ad Tracking” on iOS or opting out of interest-based ads on Android). Instructions may be found on Apple’s or Google’s support pages.

  • Google Analytics Opt-Out: As mentioned, Google provides a browser add-on to opt out of Google Analytics tracking on websites. You can get it at tools.google.com/dlpage/gaoptout. This prevents Google Analytics from using your info on that browser.

  • Do Not Track Signals: “Do Not Track” (DNT) is a setting available in some browsers that sends a signal to websites indicating you do not wish to be tracked. Our Site does not currently respond to Do Not Track signals or similar mechanisms, because there is not yet a consensus on how to interpret them. We will update this Policy if that changes.

5. Global Privacy Control and Opt-Out Preference Signals

Global Privacy Control (GPC) is a browser or device setting that can automatically signal your privacy preferences to websites – specifically, it can communicate a request to opt out of the sale or sharing of your personal information. Under some state laws (like California’s CCPA/CPRA), we are required to honor such signals as a valid opt-out of data selling/sharing. If our website detects a Global Privacy Control signal from your browser, we will treat it as a Do Not Sell or Share request for that browser or device, to the extent required by law. This means we will opt that browser out of third-party data sales or sharing for targeted advertising, as if you had clicked our “Do Not Sell or Share” link (see Section 6 below). Please note that GPC is browser-specific, so you should enable it on each browser or device you use for it to be effective.

Apart from GPC, there may be other universal opt-out signals or mechanisms emerging. We will endeavor to monitor and support legally recognized opt-out preference signals as standards develop. At this time, aside from GPC (for California residents) we do not act on other automated opt-out signals that have not been universally adopted. As described above, we do not respond to the older “Do Not Track” signal on browsers, but we offer easy opt-out methods through our website and the industry tools listed in Section 4.

In summary, if you want to ensure you are opted out of any selling/sharing of your data, the most effective methods are to use our own opt-out tools or contact us directly (see next section), or enable GPC if you are a California resident. We will honor opt-out preferences as required by all applicable laws.

6. Do Not Sell or Share My Personal Information

We do not sell your personal information to third parties for money. However, like many companies, we may use third-party advertising and analytics cookies on our Site that could be considered a “sale” or “sharing” of personal information under certain privacy laws (because those third parties may use your data for their own purposes, such as personalized advertising). For instance, allowing an ad partner to collect data from our Site to show you targeted ads might be deemed a “share” of your information for cross-context behavioral advertising.

Your Right to Opt Out: If you are a resident of California, Colorado, Connecticut, Virginia, or other states with similar laws, you have the right to opt out of the sale of your personal information and/or the sharing of your personal information for targeted advertising. When you opt out, we will not sell your data to third parties or share it with third-party advertisers in a way that constitutes targeted advertising, aside from allowed exceptions (such as when a transfer is necessary for our Services or when you direct us to share information).

How to Opt Out: We offer multiple ways for you to exercise your “Do Not Sell or Share” rights:

  • Contact Us Directly: You may also opt out by contacting us via the methods listed in the Contact Us section (for example, by emailing or calling us and stating that you want to opt out of any sale or sharing of your info). Please provide enough information for us to understand and process your request (such as your name, email, and the specific request). We will act on direct opt-out requests as required by law.

Once we receive and process your opt-out request, we will stop selling or sharing your personal information as soon as reasonably practicable (and no later than any timeframe required by law). We will also instruct our service providers and contractors (and any third parties to whom we disclosed your data) to cease further sales or sharing of your data.

Confirmation and Limitations: After you opt out, you should stop seeing personalized ads from us on third-party platforms (after a short processing period). However, you may still receive contextual advertisements or marketing communications directly from us (for example, we might send you an email if you provided your email for a quote – those direct communications are not considered “sales” of data). Also, opting out of sale/sharing does not mean we stop all data collection. We will still collect and use your information as needed for our services (e.g., remembering your opt-out preference, or processing your transactions) and other purposes described in this Policy, but we will not share your data with third parties for their independent advertising use.

No Retaliation: We will not deny you our Services, charge you a different price, or provide a lesser quality of service because you opted out of the sale or sharing of your personal information (or exercised any of your privacy rights). If you feel you have experienced any form of discrimination or retaliation for exercising your rights, please let us know immediately. Your privacy choices will be respected.

For more information about your privacy rights and choices, see the next section.

7. Your Privacy Rights

Depending on your residency, you may have specific privacy rights under state or federal law regarding your personal information. Sum Funding is committed to honoring the rights of consumers as required by applicable laws, which include the CCPA/CPRA (for California residents), the TDPSA (for Texas residents, effective July 1, 2024), and other state privacy laws in Colorado, Connecticut, Virginia, Utah, etc. Below is a summary of your rights and how you can exercise them:

  • Right to Know / Access: You have the right to request that we disclose the personal information we have collected about you. This is sometimes called a “request to know” or data access request. You may ask for (1) the categories of personal information we have collected about you, (2) the categories of sources of that information, (3) the business or commercial purposes for collecting (or selling/sharing) it, (4) the categories of third parties to whom we have disclosed it, and (5) specific pieces of personal information we have collected about you. Essentially, you can ask, “What information do you have about me?” and we will provide it to you in a readily usable format (often electronic). This right is subject to some legal exceptions – for example, we will not disclose certain sensitive information (like your Social Security number) in full in an access report for security reasons, and we may decline requests that are excessive or manifestly unfounded.

  • Right to Correct: If you believe that any personal information we maintain about you is inaccurate or incomplete, you have the right to request a correction. Upon verification, we will correct the information where required (taking into account the nature of the information and purpose for which it is processed). For instance, if your contact address changed or we recorded something wrong about your case, you can ask us to update it. We may need to verify the correct information or ask for documentation for certain corrections.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you, with certain exceptions. Upon a verified request, we will delete (and direct our service providers to delete) your personal information from our records, unless it is necessary for us or our partners to retain it for reasons permitted by law. Common examples of lawful retention include completing the transaction you requested (e.g., we cannot delete data that is needed to fund or service your advance), detecting security incidents or fraud, complying with legal obligations (such as maintaining records of transactions as required by financial regulations or tax laws), or for internal uses aligned with your expectations (such as keeping a suppression list of those who opted out of communications). If we must retain certain data, we will inform you of the denial or partial fulfillment of your deletion request and the reasons. Important: Deletion of case-related data may not be feasible until your pending case and our funding transaction are fully resolved, due to our contractual and legal requirements to maintain that information. However, we will honor delete requests for other data not required for those purposes.

  • Right to Data Portability: You have the right to obtain a copy of the personal information you provided to us, in a portable and (to the extent technically feasible) readily usable format that allows you to transmit the data to another entity. This often goes hand-in-hand with the access right. We will provide your information in a commonly used digital format (such as PDF or CSV) upon request, covering the personal information we have about you. For California residents, the “specific pieces” portion of the right to know fulfills this. For others, we will similarly assist with data portability as required.

  • Right to Opt Out of Sale or Sharing: As detailed in Section 6 above, you have the right to direct us not to sell your personal information to third parties and not to share it for cross-context behavioral advertising. We have made available a “Do Not Sell or Share” mechanism on our website to facilitate this. Once you opt out, we will not sell or share your data unless you later opt back in (for example, if you initiate a transaction with a third party that requires sharing, or if you clear your cookies and don’t signal your preference). If you are under 16, your data is by default not sold or shared, as we do not knowingly collect or handle data of minors for such purposes, and we would require affirmative authorization (opt-in) to do so. We confirm that we do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age.

  • Right to Limit Use of Sensitive Personal Information: If you are a California resident, you have the right to limit our use or disclosure of sensitive personal information (SPI) if we use it for purposes beyond what is necessary to provide the Services. In our case, we only use sensitive info (like SSN, ID numbers, or health data) for essential purposes (e.g., processing your transaction, preventing fraud, or as required by law). We do not use your sensitive data to infer characteristics about you or for targeted advertising. Therefore, we do not believe we use or disclose sensitive information in a way that triggers this right to limit (and we do not offer any secondary use of SPI that you would need to limit). If that ever changes, we will provide a “Limit Use of My Sensitive Info” option and honor any requests to limit as required. California consumers can rest assured that we treat sensitive data with heightened care and only use it in ways that are exempt or permissible under the law.

  • Right to Opt Out of Profiling/Automated Decisions: Residents of certain states (such as Colorado, Virginia, and starting in 2025, Texas) have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. This pertains to automated processing of personal data to evaluate personal aspects and make decisions like those involving financial services, insurance, etc., without human involvement. As noted earlier, Sum Funding does not make any final funding decisions solely by automated means – we have human review in our underwriting. If we ever use automated algorithms that solely determine your eligibility or terms for funding, you will have the right to opt out of such automated decision-making. In any event, you can always request human review of any significant decision, and we will accommodate that. If you believe a decision was made about you by a machine and want an appeal or explanation, please contact us. We support fairness and transparency in any automated processes we employ.

  • Right of Non-Discrimination / No Retaliation: You have the right not to receive discriminatory treatment for exercising any of the rights described above. This means we will not deny you services, charge you different prices, or provide a different level of quality because you exercised your privacy rights. The price and terms of your pre-settlement advance (or any service from us) will not change if you opt out of data sharing, request deletion of optional info, or exercise any of these rights. If a service or feature requires certain data to function, we will inform you (for example, if you ask us to delete all your data, we might not be able to continue providing an ongoing service to you – but that’s a logical consequence, not retaliation). We do not offer financial incentives in exchange for your data at this time. Should that ever occur (like a discount for allowing data use), we would present terms for you to opt-in.

  • Additional Rights (California “Shine the Light” and Financial Privacy): California’s “Shine the Light” law allows customers to request a notice of what personal information we share (if any) with third parties for their direct marketing purposes. Sum Funding does not disclose personal information to third parties for their own direct marketing purposes without your consent, so no such list exists. If you have questions, you can contact us. Additionally, if you are obtaining our Services for personal, family, or household purposes, federal law (Gramm-Leach-Bliley Act) and state financial privacy laws may give you rights concerning how your non-public personal information is shared within our corporate family or with certain partners. We provide a separate Financial Privacy Notice in such cases, which describes those practices (for example, how you can opt out of certain sharing with affiliates). This Privacy Policy is intended to cover broader online data usage; for customers receiving financial products, the GLBA privacy notice will apply to relevant data.

Exercising Your Rights: To exercise any of the applicable privacy rights above, please reach out to us through one of the designated methods in the Contact Us section (Section 13). You can submit requests via email, phone, or mail. For certain rights (like opt-out of sale/sharing), you can also use the automated tools on our website as described. When you contact us, please:

  1. Specify which rights you wish to exercise (e.g., “request to know,” “delete my info,” “correct my phone number,” “do not sell/share,” etc.). You can reference “privacy rights request” in your communication.

  2. Provide sufficient information for us to verify your identity. This might include your full name, contact information, and details about your interactions with us (e.g., the email and phone number you used on your application, and perhaps your attorney’s name or case ID if applicable). We will only use this info to verify your identity and to fulfill your request. In some cases, we may ask for additional verification data (for example, we might ask you to confirm a recent transaction amount or provide ID), especially for sensitive requests. This is to protect your privacy and ensure we do not give your data to an impostor. If we cannot verify your identity to a reasonable degree of certainty, we may have to deny the request, but we will inform you and invite you to provide additional info or try again.

  3. Authorized Agents: You may designate an authorized agent (for example, an attorney or someone with power of attorney) to make a request on your behalf. If you use an agent, we will take steps to verify the agent’s authority (we may ask for your written permission or a power of attorney document, and we will still verify your identity directly or via the agent). Authorized agent requests can be sent in the same manner, but please make clear that the request is being made by an agent and include proof of authorization.

  4. Response Timing: We will confirm receipt of your request within 10 business days (for California residents) or as required by law, and will aim to substantively respond within 45 days of receiving a valid request. If we need more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension in writing. Responses will generally be provided free of charge, unless a request is excessive or repetitive (in which case we may charge a reasonable fee or decline). If we cannot fulfill all or part of your request, we will explain why (for example, if an exemption applies). For deletion requests, we will either delete, deidentify, or aggregate the information and let you know which approach we took, and we will notify our service providers/contractors to do the same.

We will not require you to create an account just to exercise your rights (though if you already have an account with us, we may ask you to submit the request through that account for verification). We will record and keep documentation of privacy requests as required by law.

If you have any questions about your privacy rights or need assistance, please contact us. We are here to help you understand and control your personal information.

8. How We Share and Disclose Information

We understand the importance of your personal information and only share it with third parties for specific purposes, consistent with applicable law. Sum Funding does not sell personal information to third parties for their independent use (outside of the context of advertising cookies as discussed above). We also do not share your information with unaffiliated third parties for their own direct marketing. We may, however, disclose your information to our trusted partners and service providers in order to run our business and provide our Services to you, as described below.

Categories of Third Parties to Whom We Disclose Personal Information:

  • Service Providers and Contractors: We share personal information with third-party companies we hire or contract with to perform services on our behalf. These service providers help us with various business operations, such as: IT and hosting services (e.g., cloud data storage providers), customer service support, identity verification and fraud prevention services, payment processing companies (if we ever handle electronic payments), mailing or printing vendors (for sending out correspondence or cards), and email/SMS delivery platforms. For example, we might use a cloud database service to store application information, or an email service to send status updates. These providers are bound by contracts that limit their use of your information to the purposes of the service they perform for us and require them to protect it. They cannot use or share your info for their own unrelated purposes. We also take steps to ensure they uphold strong privacy and security standards.

  • Business Partners and Co-Funders: In some cases, we may share your information with financial partners, legal firms, or co-funding companies with whom we collaborate to provide the Services you requested. For instance, we may work with another funding company or investor to jointly fund a large advance, or we might refer you to an affiliate if we cannot fund your case but our partner can. If so, we would share only the information necessary for evaluation or funding of your case (such as your application details, case information, and contact info). These business partners are typically subject to similar confidentiality obligations, and they are only permitted to use the data for assisting with your funding transaction or related services (not for other purposes). This category can also include attorney referral networks or legal finance brokers who send us leads – we may report back basic status info to them (for example, that we funded your case) if you were referred through such a partner, but only as needed and with proper agreements. Note: We will not share your information with any third-party funder or lender without a valid purpose related to your case and funding needs. We do not sell leads containing your info to random companies.

  • Attorney Referral Services: If you indicate that you do not have legal representation for your case and request assistance in obtaining an attorney, we may, with your consent, share your relevant case information and contact details with a trusted attorney referral partner or affiliated law firm. This information sharing is solely for the purpose of helping you obtain the requested legal representation and will be done in accordance with our privacy obligations. Please note that any legal services ultimately provided to you are independent of us. We are referring you as a courtesy, and we do not endorse or guarantee the lawyer’s services. Your engagement with any referred attorney is exclusively between you and that attorney, and we are not responsible for any advice or services provided by such third-party legal professionals.

  • Your Attorney and Case-Related Entities: As a litigation funding company, we will often need to share information with your attorney or law firm. By the nature of our service, your attorney is usually involved in the funding process (providing case documents, signing off on agreements, etc.). We share information with your attorney (and receive from them) in order to evaluate your case, update on case progress, and coordinate on repayment (for example, we will notify your attorney of the funding terms and any liens we place, and we will receive notice of settlement). This sharing is done with your consent and direction as part of the funding arrangement. We may also share necessary information with insurance companies or defendants’ counsel if needed for verifying claims or resolving liens, but typically such disclosures are handled by your attorney with our input. Rest assured, we treat all case information as highly confidential and only share it with parties who have a legitimate need to know in connection with your transaction (or as otherwise authorized by you).

  • Affiliates: We may share your information with companies that are affiliated with Sum Funding (for example, an entity under common ownership or control, such as a parent company, subsidiaries, or sister companies). If, for instance, we have an affiliate that provides a related financial service (like post-settlement funding or medical lien funding), we might share your contact or case info with them if relevant to providing you with a service you requested or that might benefit you. Any sharing with affiliates will be for aligned purposes, such as internal administration, consolidating records (so you have a seamless experience across our corporate family), or because they are providing services to you on our behalf. Our affiliates will handle your information under the same privacy standards described here, and if required by law (for example, certain financial data sharing under GLBA or FCRA), we will provide opt-out choices for affiliate sharing separately.

  • Advertising and Analytics Partners: As described in the Cookies and Tracking section, we allow certain third-party advertising networks and analytics providers to collect information about users on our Site through cookies or pixels. We may also share limited identifiers (such as a hashed email address) with marketing partners to better reach our audience (e.g., creating a custom audience on a platform, in a privacy-safe way). These partners use the data to provide measurement services and to help us target and improve our advertisements. For instance, we might share that a certain user ID or cookie ID applied for funding, so that our partners can measure conversion rates. Important: These partners are not allowed to use your info to market other companies’ products to you based on our sharing; they use it to serve our ads or analyze our site’s performance. Nonetheless, because this activity might be considered a “sale” or “share” under California law, we treat it as such and provide you opt-out rights (see Section 6). Other than through such analytics/advertising tools, we do not disclose your contact information or case specifics to advertising companies.

  • Legal and Compliance Disclosures: We may disclose personal information when necessary to protect our rights, comply with the law, or respond to legal process. This includes:

    • To comply with laws or regulations: If we are required to report certain information to government authorities (for example, some states require reporting of funding transactions terms to regulators), we will do so. We may also respond to inquiries or requests from government agencies regarding consumer complaints or investigations.

    • In response to subpoenas, court orders, or legal process: If we receive a valid subpoena, discovery demand, warrant, or other legal request for information (for example, in the context of litigation related to your case or our business), we may be obligated to disclose certain data. We will only do so after evaluating the request and as required by law, and we will object or seek to limit the disclosure where appropriate to protect your privacy (especially for any sensitive data).

    • To protect rights and safety: We may share information if we believe in good faith that such disclosure is necessary to protect the safety, rights, or property of our customers, our business, our employees, or others. For example, exchanging information with other companies and organizations for fraud protection and credit risk reduction, or sharing data with law enforcement to investigate or prevent illegal activities (such as cyberattacks or identity theft). Also, if you threaten harm or there is an emergency posing danger, we might alert authorities with relevant information.

    • Enforcing our agreements: If you violate our Terms of Use or your funding agreement, we may disclose information as part of enforcing or defending our contractual rights. This can include sharing details with collection agencies, credit bureaus (if permitted), or attorneys in the course of legal proceedings to recover funds or mitigate damages.

  • Business Transfers: If Sum Funding is involved in a potential or actual merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your personal information may be disclosed to the parties involved (e.g., to our advisors, under confidentiality, during due diligence) and ultimately transferred to the successor or acquiring entity. For example, if another company acquires us or merges with us, your information will likely be among the transferred assets so that the service can continue. We would require any new owner to continue to honor the privacy protections described in this Policy with respect to your information (or give you notice and choice if they plan to change how your data is handled). Similarly, if we engage in corporate transactions like financing or securing collateral, information may be shared with those who have a legal need to evaluate the business. In any such scenario, we will only disclose what is necessary and will do so in accordance with applicable privacy laws.

  • With Your Consent or At Your Direction: Apart from the situations above, we will share your personal information with third parties if you consent to or request such sharing. For instance, if you ask us to send your information to a particular third party, or if you use a feature on our Site to share something with a friend (like a referral program), we will do as you direct. Additionally, if we ever propose to share your data in a way not covered by this Policy, we will notify you and obtain your consent as required.

No Unauthorized Third-Party Access: We do not grant access to your personal information to any third-party persons or entities except as described above. We do not engage in selling customer lists or allowing unrelated companies to mine our data for marketing. All third parties that receive personal data from us must have a lawful basis to receive it and are bound by obligations to keep it confidential and secure (by law, contract, or duty).

Aggregated or De-Identified Information: We may share aggregated data (information that has been combined about many users and stripped of personal identifiers) or de-identified data (information that cannot reasonably be linked to you) with third parties for lawful purposes, such as research, analytics, or marketing. For example, we might share statistics like “X% of our customers were involved in auto accidents” or “average funding amount is $Y” – this information will not identify any individual and thus is not personal information. We commit to maintaining any de-identified data in a de-identified form and not to attempt to re-identify it, and we require any recipients to keep it de-identified.

In all cases of sharing, we strive to adhere to the principle of data minimization – only sharing the minimum amount of information necessary for the intended purpose and no more. If you have questions about any specific sharing or to whom your data may have been disclosed, you can contact us for more information.

9. Use of AI and Automated Decision-Making

As mentioned earlier, Sum Funding leverages certain Artificial Intelligence (AI) and automation tools to enhance our Services. We believe in transparency about how we use these technologies and want to assure you that we implement them responsibly and with human oversight. Below is what you should know about our AI-driven tools and any automated processing:

AI in Service Automation: We may utilize AI-powered software in various aspects of our operations. For example:

  • We may use an AI-driven chatbot or virtual assistant on our website or via text to answer common questions and help guide you through the application process. This chatbot might use natural language processing to understand your inquiries and provide responses.

  • Our internal systems might use machine learning algorithms to help review applications or documents. For instance, an AI tool might extract key information from your application or uploaded documents (like identifying your name, case date, etc.), or it might flag potential issues (such as missing information or signs of fraud) for our team to review.

  • We might use AI analysis on case data to assist in evaluating the potential value or risk of an advance. For example, a program could compare your case details to historical data to suggest an appropriate funding range. However, any such AI suggestions are advisory only – our human underwriters make the final decisions.

  • AI may also be used in our communications. You might occasionally receive an email or text message that is generated or personalized with the help of an AI tool (for instance, a follow-up reminder that is automatically composed based on your stage in the process). Similarly, customer feedback or surveys might be analyzed by AI to categorize sentiment or common issues so we can address them more efficiently.

No Fully Automated Decisions without Recourse: We do not rely solely on automated decision-making processes to approve or deny funding applications or to make other legal/significant decisions about you. Any decision that could significantly affect your rights or finances – such as the decision to provide you an advance, the amount/terms of an advance, or a decision related to collections – will involve human review and judgment. AI tools may assist our team by providing insights or recommendations, but a trained employee or manager will review relevant information and make the ultimate call. This also means you can discuss and appeal decisions with us; you are not simply subject to a computer’s verdict.

Quality and Accuracy of AI Outputs: While AI can be powerful, it is not infallible. AI-generated content or communications may occasionally contain errors or irrelevant information. We work hard to train and configure our AI tools properly, and we monitor their outputs for accuracy. However, there is a risk that an automated response could be incorrect or that an AI analysis could misinterpret data. For example, an AI chatbot might misunderstand a complex question and give an answer that is not entirely accurate or contextually appropriate. Or an algorithm might erroneously flag an application as high risk due to an unusual combination of factors. We do not guarantee the accuracy or appropriateness of AI-generated communications, and they should not be taken as professional legal or financial advice. If you receive information from an automated system that doesn’t seem right, or if you have any doubts, we strongly encourage you to contact a human representative for clarification.

Your Interactions with AI: Any personal information you provide during an interaction with our AI-driven features (such as a chat conversation) is treated in accordance with this Privacy Policy. That means it is captured and stored as needed (e.g., we may keep a transcript of your chat for quality assurance or to refer to when assisting you later), and we protect it just like other personal data. We also program our AI tools to avoid asking for highly sensitive personal details in an unsecured way. For instance, our chatbot should not ask you to provide your full Social Security number or payment information via chat. If it ever does, please refrain and let us know – such sensitive exchanges should be handled via secure channels with human staff.

Transparency and Option to Opt-Out: We will let you know when you are engaging with an AI or automated system (for example, our chatbot will identify itself as a virtual assistant). You always have the option to reach a human if you prefer not to use an AI-powered tool. During business hours, you can call or email us to get direct human support. If our chatbot cannot assist you or you request a human, it will route you to a human agent when possible. Regarding AI evaluation of applications, since it doesn’t solely decide outcomes, the “opt-out” is effectively inherent (the process includes human review). However, if you have reservations about us using AI on your data at all, please let us know. We will address such concerns on a case-by-case basis. Keep in mind that declining certain automated processes might slow down our service (for example, if we cannot use automated document scanning, it may take us longer to review your file).

Risks of AI-Generated Communications: In rare cases, AI-generated content could conceivably contain inappropriate or biased language, or security vulnerabilities if not properly controlled. We have implemented measures to prevent such outputs (including content filters and human oversight), but we mention this to be transparent. If any communication or content from us (AI-generated or otherwise) seems off or makes you uncomfortable, please inform us immediately. We value your input in continuously improving our systems.

In summary, Sum Funding uses AI to augment our services – to improve speed, efficiency, and convenience. We do so carefully and continue to refine these tools. We do not abdicate our responsibility to you by leaving matters solely to AI. We remain accountable for the decisions and information provided. By using our Services, you understand that AI may be involved in servicing your account or application. We believe these technologies can provide a better experience, but we welcome your feedback. If you have any questions or concerns about our use of AI, please contact us.

10. Data Security

We take the security of your personal information very seriously. Sum Funding implements a variety of administrative, technical, and physical safeguards designed to protect your data from unauthorized access, use, alteration, and destruction. Some of the security measures we have in place include:

  • Encryption: Sensitive information (such as Social Security numbers, government IDs, or bank account details) is encrypted both in transit and at rest. Our website is secured with HTTPS, meaning information you submit online is encrypted using standard TLS/SSL technology. Internal databases and cloud storage containing personal data are encrypted and accessible only via secure connections.

  • Access Controls: We restrict access to personal data to only those employees, contractors, and service providers who need to know that information to perform their duties. All personnel with such access are subject to confidentiality obligations. We use role-based access control and individual user accounts – no generic shared logins – to ensure accountability. Important systems are protected by strong authentication (password policies, two-factor authentication where possible) to prevent unauthorized login.

  • Network and System Security: Our systems are protected by firewalls and monitoring tools to guard against outside intrusion. We keep our software and infrastructure updated with security patches. We employ anti-virus and anti-malware solutions. Regular security scans and penetration tests are conducted to identify and address vulnerabilities. We also monitor our systems for suspicious activities or unauthorized access attempts.

  • Physical Security: For any physical records or on-site servers, we maintain physical security controls. Our offices (or those of our data center providers) have restricted entry, security cameras, and protocols to prevent unauthorized persons from accessing sensitive information. Documents containing personal data are stored securely, and when they are no longer needed, we dispose of them via secure shredding or destruction.

  • Training and Policies: All Sum Funding employees and contractors receive training on data privacy and security practices. We have internal policies regarding how to handle personal information, and we require staff to adhere to these policies and sign confidentiality agreements. Our team is trained to recognize and prevent social engineering and phishing attempts. We also limit the use of personal devices or unauthorized software for handling customer data.

  • Vendor Security: When we work with service providers that handle personal data on our behalf, we vet them for strong security practices. We also include contractual provisions that require them to safeguard the data to standards at least as stringent as our own. We continuously monitor our vendors’ compliance and their security posture.

Despite our efforts, please understand that no security measures are 100% perfect or impenetrable. The internet is not completely secure, and we cannot guarantee absolute security of your information. By using our Services, you acknowledge that there is some risk in any data transmission or storage, and you agree that we cannot warrant the security of your information transmitted to our Site. Once we receive your data, we will use strict procedures and security features to try to prevent unauthorized access.

In the unlikely event of a security breach that compromises the privacy or integrity of your personal information, we will promptly investigate and take necessary remedial measures. We have a data breach response plan in place for such incidents. If a data breach occurs that affects your personal information, we will notify you without undue delay, consistent with applicable laws. This means that if your data is involved in a breach meeting certain risk thresholds, we will send you a notice (via email, letter, or other allowed methods) describing what happened and what steps you should take, as required by state data breach notification laws. We may also notify relevant government regulators as needed. We may communicate with you electronically regarding security and privacy matters, such as breach notifications.

You also play a role in keeping your information secure. We encourage you to use strong passwords for any accounts, be careful about phishing attempts, and contact us if you suspect any unauthorized activity involving your information or our Services. We will never ask you for sensitive information like passwords via email. If you have any questions about our security measures or suspect a vulnerability, please contact us at the information in Contact Us below.

11. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:

  • If you apply for funding or become a client, we will retain your information for as long as your case is active and the funding is outstanding. We need this information to service our agreement with you and to comply with legal/financial recordkeeping obligations. Typically, we will keep your file throughout the life of the case (which could be months or years) and for a certain period after the case is resolved and your advance is repaid or discharged.

  • After the resolution of your funding (e.g., your case settles and our advance is repaid, or your case doesn’t succeed and the advance is forgiven), we generally retain your records for a number of years. This retention is for purposes such as: responding to any post-settlement issues or disputes, complying with audit and regulatory requirements, establishing or defending legal claims (our contracts usually fall under statutes of limitations that last several years), and maintaining appropriate business records. For example, we might keep contract copies and payment records for at least 7 years or as required by financial regulations and tax laws.

  • If you request a deletion of your data, and we have no ongoing legal basis to keep it, we will delete or anonymize the data as described in Your Privacy Rights above. However, certain information may be retained in backups or archives for a short duration until those are cycled out, or longer if needed for legal reasons despite a deletion request (we would inform you if so). We maintain deletion logs to record compliance with such requests.

  • If you do not become a customer (for instance, if you inquire about our services but never proceed with an application, or you apply and we decline or you choose not to accept funding), we may retain the information collected for a shorter period. We might follow up with you to see if you’re still interested (unless you opt out of communications). We typically purge or anonymize non-customer inquiry data after a reasonable time if it’s clear it’s no longer needed, though applicable law (like the CCPA) may allow us to keep basic records of requests and responses for a certain time.

  • Website usage data (collected via cookies and tracking) is retained according to the cookie’s lifespan or as long as needed for analysis. For instance, Google Analytics data may be retained for 14 months or more, but in aggregated form. You can clear cookies to remove certain tracking data from your own device at any time.

  • We may retain aggregated or de-identified data (which is not personally identifiable) indefinitely for research and development, since it no longer relates to an identifiable individual.

Our retention periods consider the volume, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means. We also consider legal requirements – for example, certain laws mandate retention of specific records (like financial transaction histories, communications with you, consent records, etc.) for a minimum number of years.

Once personal information is no longer needed, we will take steps to have it securely destroyed, erased, or de-identified. For electronic data, this might mean deleting it from our active databases and overwriting or encrypting backups. For physical records, this means shredding or incineration. We maintain documentation of our retention and deletion schedules to ensure compliance.

If you have specific questions about how long we keep a certain type of information, feel free to contact us. Keep in mind that the rights described in Section 7 (like deletion and access) give you some control over our retention of your data as well.

12. Children’s Privacy

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 13 years of age. It is highly unlikely that a minor child would directly seek our Services, as pre-settlement funding generally involves a legal claim typically handled by adults or guardians.

If you are under 18, please do not use this Site or send us any personal information. If you are a parent or legal guardian and believe that your child under 13 (or under 16 in California) has provided personal information to us without your consent, please contact us immediately. We will take steps to promptly delete such information from our records.

In certain cases, a minor may be the beneficiary of a legal claim (for example, a personal injury case involving a child). In those situations, any funding would be managed through a parent or guardian, and all information would be provided by and about the adult (aside from case details necessary to evaluate the claim). We treat any personal information about minors included in case files with the highest sensitivity and only use it as needed for the case. For example, if a portion of a settlement is for a child’s future expenses, that may be noted in case documents – we would handle that information carefully and in accordance with all laws protecting minors.

No Sale of Minors’ Data: We do not sell or share the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from the teen between 13 and 16 or the parent/guardian of a child under 13. As stated, we do not knowingly collect such data in the first place. If somehow a 14-year-old tried to use our service (again, unlikely), and provided personal info, we would not sell/share it for advertising purposes.

COPPA Compliance: Although our site is not intended for children under 13, we still comply with the Children’s Online Privacy Protection Act (COPPA) by not knowingly collecting or storing any personal info of children under 13. If in the future we decide to create sections of our site that could appeal to children (which we currently do not), we will implement COPPA-compliant procedures, like parental consent mechanisms.

In summary, if you’re not an adult (or a legally emancipated minor), do not submit your data to Sum Funding. We are committed to protecting children’s privacy and will take appropriate actions if we discover any inadvertent collection of children’s data.

13. International Users

Sum Funding is based in the United States and our Services are intended for U.S. residents. If you are accessing our Site or services from outside the United States, please be aware that any information you provide will be transferred to and processed in the United States (or other jurisdictions where our servers or service providers are located). The data protection laws in the U.S. may not be as comprehensive or equivalent to those in your country of residence.

By using our Services or providing us with your information, you acknowledge and consent to the transfer of your personal data to the United States for processing in accordance with this Privacy Policy. We will protect your information as described here, regardless of where it is stored or processed, but additional rights you may have under international laws (such as the EU or UK GDPR) are not directly applicable to our operations if we do not actively target or serve those jurisdictions. We do not currently offer services to the European Union or other regions outside the U.S., nor do we monitor the behavior of individuals in those regions. As such, GDPR and similar international privacy laws generally do not apply to us.

If you are an international visitor who nonetheless uses our Site (for example, browsing for informational purposes), you do so on your own initiative. In such cases, any personal data you provide will be handled as per U.S. law and this Policy. If you do not want your information transferred to or processed in the U.S., please do not use our Site or services.

For residents of Canada or other countries with data export restrictions: we will only transfer personal data to the U.S. or other countries when it is lawful to do so. We rely on your consent (by using our services or providing info) or other permitted derogations for such transfers. Keep in mind that data stored in the U.S. may be subject to lawful access by U.S. authorities (e.g., law enforcement or national security agencies) under applicable U.S. law.

If in the future we expand to offer services in other countries or to target international consumers, we will update our privacy practices to comply with those countries’ laws (for instance, by providing GDPR-required disclosures or appointing representatives).

For now, our focus is serving consumers and attorneys within the United States. We make no representation that our Site is appropriate or available in any other location. Users who access the Site from outside the U.S. do so at their own risk and are responsible for compliance with local laws.

14. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes to how we handle your personal information, we will provide you with notice in accordance with law. This may include, for example, posting a prominent notice on our website or emailing you if you have provided your email to us.

The “Effective Date” at the top of this Policy indicates when the current version took effect. Any prior versions are available upon request. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law.

If we seek to use your personal information for a new purpose not originally disclosed (and that is not otherwise permitted under applicable law), we will obtain your consent if required. For minor updates that do not significantly affect your rights (such as clarifications or improvements to wording), we may not separately notify you, so please check our Site for the latest Policy.

In summary, if we change anything substantive, we’ll let you know and the changes will apply going forward from the effective date of the new Policy. We will not retroactively reduce your privacy rights without your consent. If you disagree with any changes, you should stop using our Services and you may request us to delete your personal information (per your rights described above).

15. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please do not hesitate to contact us:

  • Email: You can email our Privacy Officer at support@sumfunding.com (or an appropriate email address we provide). Please include your name and contact information, and clearly describe your question or request. We will respond as soon as possible.

  • Phone: Call us. Our customer service team is available 9am to 5pm CT to assist you. If calling about a privacy request, please let the representative know so they can route your call appropriately.

  • Mail: You may also send inquiries or requests by mail. Please address correspondence to:

    Capital Funding TX, LLC (Sum Funding)
    Attn: Privacy Officer / Legal Department
    3000 Weslayan St #305
    Houston, TX 77027

  • Website Contact Form: If our website features a contact form, you may submit questions or requests through that form. Please select any “privacy” subject option if available, or mention it in your message.

We will do our best to answer your questions and address your concerns. If you contact us to exercise your privacy rights, we will guide you through the verification process as described in Section 7.

Your Privacy Rights and Choices are important to us. If you feel we have not addressed your issue satisfactorily, please let us know and we will escalate it to our data protection officer or legal counsel as needed. California residents may reach out to our designated method for CCPA requests (the contacts above suffice). Texas residents can also use the above contacts for TDPSA-related requests or inquiries.

Lastly, if you have a disability that makes it difficult to access this Privacy Policy, you may contact us to request it in an alternative format. We will provide the Policy in a format that is accessible to you (for example, an audio recording or large print) upon request.

Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal information.