How It Works Features Offer Range FAQ Contact Rates

Privacy Policy

Effective Date: May 6, 2026

1. Introduction & Scope

MAF Loans LLC ("MAF," "we," "us," or "our") operates MAF Finance, a loan-matching and lead-generation mobile application available on the Apple App Store and related websites at mafloans.com (collectively, the "App" or "Services"). Our business model is straightforward: we collect information from consumers who want to explore loan or cash-advance options, package that information into leads, and connect users with third-party financial partners who may offer credit or related products.

We are not a lender. MAF does not extend credit, make underwriting decisions, set interest rates, or fund loans. Partners in our network make those determinations independently.

This Privacy Policy explains what personal information we collect, how we use it, who receives it, and—because selling data is central to how our platform operates—how and to whom we sell it. If you do not agree with these practices, do not download, register for, or continue using the App.

By creating an account, submitting an inquiry, or otherwise using the App, you acknowledge that you have read this Policy and consent to the collection, use, disclosure, and sale of your information as described here. This Policy applies to individuals who are at least 18 years old and reside in the United States.

2. Laws & Regulatory Framework

Our data practices are designed to align with applicable U.S. federal and state requirements, including:

  • Gramm-Leach-Bliley Act (GLBA): Information such as your Social Security number, bank account and routing numbers, income, and employment details may qualify as "nonpublic personal financial information" under GLBA. GLBA may require separate privacy notices and can affect how certain state privacy laws apply to financial data.
  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA): The CCPA defines "sale" and "sharing" broadly. Disclosing personal information to third parties for monetary or other valuable consideration—including lead fees and revenue share—may constitute a sale. California residents have specific rights described in Section 11.
  • Fair Credit Reporting Act (FCRA): Where we or our partners obtain or use consumer reports, FCRA governs permissible purposes, adverse action notices, and dispute rights.
  • Federal Trade Commission (FTC) rules and guidance: Including expectations for lead generators, data brokers, and truthful advertising in financial services.
  • CAN-SPAM Act and Telephone Consumer Protection Act (TCPA): Governing commercial email and telemarketing, including autodialed calls and text messages.

Depending on the type of information and how it is used, GLBA or FCRA may provide separate notice requirements or limit certain state-law privacy rights with respect to financial information. Nothing in this Policy is intended to waive rights that cannot be waived under applicable law.

3. Information We Collect

We collect information directly from you, automatically through your device, and from third-party sources. The categories below reflect the data fields our App may request or obtain.

3a. Information You Provide Directly

When you register, complete a profile, or submit a request through the App, you may provide:

Personal identifiers

  • Full legal name (first, middle, last)
  • Date of birth
  • Email address
  • Phone number (mobile and/or home)
  • Full residential address including street, city, state, and ZIP code

Government & identity documents

  • Social Security Number (SSN)
  • Driver's license number and issuing state

We collect your SSN to verify your identity, satisfy know-your-customer (KYC) requirements imposed by lender partners, and detect fraud. SSN is transmitted using encryption in transit. We collect your driver's license number and state to confirm identity, verify that you meet state eligibility requirements, and complete KYC checks requested by partners.

Financial & employment information

  • Bank account number (full account number)
  • Bank routing number
  • Bank name and account type (checking / savings)
  • Employer name
  • Employer phone number
  • Employment status and job title
  • Monthly or annual gross income
  • Source of income (employment, self-employment, benefits, other)
  • Purpose of the loan or cash advance request

We collect your full bank account number, routing number, bank name, and account type so lender partners can verify account ownership, assess eligibility, and—if you accept an offer—potentially set up ACH disbursement or repayment. We collect employer name, employer phone, employment status, job title, income, income source, and loan purpose so partners can evaluate ability to repay and match you with appropriate products. Lenders may contact your employer using the phone number you provide for income verification.

3b. Information Collected Automatically

When you use the App or our website, we and our analytics or advertising partners may automatically collect:

  • Device identifiers, operating system, device model, and App version
  • IP address and network information
  • Usage patterns, session duration, screens viewed, and clickstream data
  • Approximate location derived from IP address or device signals
  • Data collected through cookies, mobile software development kits (SDKs), pixels, and similar technologies

3c. Information from Third Parties

We may receive information about you from:

  • Identity and fraud-prevention vendors
  • Consumer reporting agencies and alternative data providers (subject to FCRA where applicable)
  • Marketing or referral partners who direct users to the App

We may combine third-party data with information you provide to create a more complete lead profile before sale or matching.

4. How We Use Your Information

We use personal information for purposes that include:

  • Creating, authenticating, and managing your account
  • Verifying your identity (KYC), detecting fraud, and assessing basic eligibility signals
  • Packaging your data into a lead and matching you with lender and financial partners
  • Selling your information to third-party lenders, financial institutions, and marketing partners (see Section 5)
  • Processing referrals, transmitting applications, and facilitating connections you request
  • Sending transactional messages and, where you have provided consent, marketing communications by email, SMS, push notification, or phone
  • Improving App performance, conducting analytics, and measuring campaign effectiveness
  • Complying with legal obligations, responding to lawful requests, and enforcing our Terms of Use

5. Sale and Sharing of Personal Information

This section describes a core part of our business. Please read it carefully.

5.1 We Sell Your Personal Information

MAF Loans LLC sells personal information as that term is defined by the CCPA/CPRA and applicable state privacy laws. We do not merely "share" data incidentally—we monetize leads by making your information available to buyers in exchange for compensation.

We sell data to third-party lenders, financial institutions, marketing partners, data aggregators, and lead buyers who compete to contact you with offers. Data sold may include, without limitation:

  • Name, phone number, email address, and full address with ZIP code
  • Social Security number and driver's license number
  • Bank account number, routing number, and bank name
  • Employer name, employer phone number, employment status, income, and loan purpose
  • Other fields listed in Section 3 that you provide or we derive

We may receive monetary compensation, referral fees, per-lead fees, revenue share, or other valuable consideration in exchange for this data. The amount or structure of compensation may influence which partners receive your data first, how offers are ranked, or how prominently certain partners appear in the App.

5.2 Categories of Third Parties Who Buy or Receive Your Data

Buyers and recipients may include:

  • Licensed lenders and financial institutions offering personal loans, installment loans, cash advances, lines of credit, and similar products
  • Insurance companies and providers of other financial products
  • Debt relief, credit repair, and credit counseling companies
  • Marketing partners who promote financial and non-financial products and services
  • Data brokers and aggregators who may resell or further license your information under their own policies

Once your information is sold, the buyer's privacy policy and practices govern further use. We do not control how purchasers use, retain, or resell data after the transaction, and we are not responsible for their independent compliance programs.

5.3 Your Right to Opt Out of Sale

California residents and individuals in other states with applicable opt-out rights may request that we stop selling their personal information.

To opt out, email [email protected] with the subject line "Do Not Sell My Information," use the in-app opt-out control in Settings (where available), or visit our Do Not Sell My Personal Information page.

We will process verified opt-out requests within 15 business days. Opting out stops future sales but does not delete information already sold to third parties. Even after you opt out, we may still disclose information as required by law or as necessary to complete a transaction you specifically initiated (for example, forwarding an application to a lender you chose).

6. Legal Basis for Processing

Where a legal basis is required, we rely on one or more of the following:

  • Consent: You provide consent before we collect and sell sensitive information. You may withdraw consent, but doing so may prevent us from providing matching services.
  • Contractual necessity: Processing needed to deliver the lead-matching services you request.
  • Legal obligation: KYC, anti-money-laundering, recordkeeping, and responses to lawful process.
  • Legitimate business interests: Fraud prevention, network security, analytics, and enforcement of our agreements—balanced against your rights where required by law.

7. Data Retention

We retain information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required by law. Illustrative retention periods include:

Data category Typical retention period Example
Full applicant profile (name, SSN, address, bank info, income) Duration of the business relationship plus 5–7 years after last activity, or longer if required by law or legal hold Last App use January 2025 → profile retained until at least January 2030–2032
Lead and sale records (buyer identity, date, compensation) 5–7 years for FTC recordkeeping and dispute resolution
Marketing and communication records (consent logs, campaigns) 2–3 years after last interaction, or until opt-out plus 90 days
Device and usage logs (IP, session, clickstream) 12–24 months
Opt-out records (Do Not Sell requests) Minimum 5 years to demonstrate compliance Opt-out received March 2025 → logged until at least March 2030
Support communications 3 years after ticket resolution

Actual retention may vary by data type, jurisdiction, litigation, or regulatory guidance. Where law mandates a longer period, we retain data for the legally required minimum.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit using TLS 1.2 or higher, and encryption at rest using AES-256 where applicable
  • Role-based access controls and least-privilege access for personnel
  • Monitoring, logging, and periodic review of systems handling sensitive data
  • Vendor due diligence and contractual security obligations for service providers and, where feasible, data buyers

You are responsible for safeguarding your account credentials. Notify us immediately at [email protected] if you suspect unauthorized access.

No security program is perfect. In the event of a data breach affecting sensitive personal information, we will notify affected individuals and regulators as required by applicable law.

9. Your Privacy Rights

Depending on where you live, you may have the right to:

  • Know / Access: Request the categories and specific pieces of personal information we hold, and information about sales—including buyers where technically feasible
  • Delete: Request deletion of personal information we maintain, subject to legal and contractual exceptions; data already sold to third parties cannot be recalled from buyers' systems
  • Correct: Request correction of inaccurate information
  • Portability: Receive certain information in a structured, commonly used, machine-readable format
  • Opt out of sale: As described in Section 5.3 and on our Do Not Sell page
  • Non-discrimination: Exercise privacy rights without discriminatory treatment, though some features require data processing and may be unavailable if you limit collection or sale

Submit requests to [email protected] with the subject line "Privacy Request." We will verify your identity before responding. Authorized agents may submit requests on your behalf where state law permits, provided they supply proof of authority. We aim to respond within 45 days for California residents and within 30 days where other state laws apply, subject to permitted extensions.

10. Marketing Opt-Outs

Marketing choices are separate from sale opt-outs unless you also submit a Do Not Sell request under Section 5.3.

  • Email: Use the unsubscribe link in any marketing email. We process email opt-outs within 10 business days under CAN-SPAM. Transactional and account-related messages may continue.
  • SMS: Reply STOP to opt out of marketing texts; reply HELP for assistance. One-time passwords and transactional texts are not affected.
  • Push notifications: Disable through your device operating system settings.
  • Phone marketing calls: Email [email protected] to opt out of telemarketing. We obtain prior express written consent before placing autodialed or prerecorded marketing calls as required by the TCPA.

Opting out of marketing communications does not stop the sale of your personal information unless you separately submit a Do Not Sell request.

11. California Residents (CCPA / CPRA)

If you are a California resident, the following additional rights apply under the CCPA as amended by the CPRA.

Right to Know: You may request the categories and specific pieces of personal information collected; categories of sources; business or commercial purposes; and categories of third parties to whom we disclose, sell, or share information—including the fact that we sell data and the categories of buyers.

Right to Delete: You may request deletion of personal information we maintain, subject to statutory exceptions (legal compliance, security, completing transactions you requested, etc.).

Right to Correct: You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing: We sell personal information under the CCPA's broad definition. Opt out via [email protected], the in-app "Do Not Sell" link, or our Do Not Sell page. We will honor verified requests within 15 business days.

Right to Limit Use of Sensitive Personal Information: SSN, driver's license number, and full bank account numbers are "sensitive personal information" under CPRA. You may request that we limit use of sensitive information to purposes permitted by CPRA, where applicable.

Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights, though service limitations may apply where data is necessary.

Contact [email protected] with the subject line "California Privacy Request." We will respond within 45 days. You are entitled to two free access requests in any 12-month period. GLBA and FCRA may limit certain rights with respect to financial information covered by those statutes.

12. Other State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have rights similar to those in Sections 9 and 11, including access, deletion, correction, portability, and opt-out of targeted advertising or sale of personal data. To exercise these rights, email [email protected] with your state of residence and the nature of your request.

13. Do Not Track and Global Privacy Control

There is no uniform industry standard for "Do Not Track" (DNT) browser signals. We do not respond to DNT signals at this time.

Where technically feasible, we honor Global Privacy Control (GPC) signals from California residents as an opt-out of sharing personal information for cross-context behavioral advertising under CCPA/CPRA.

14. GLBA and FCRA Notices

GLBA: Your SSN, bank account number, routing number, income, and employment information may be "nonpublic personal financial information" under GLBA. We may provide a separate GLBA Initial Privacy Notice that governs certain uses of that information.

FCRA: If we or a partner obtains a "consumer report" from a consumer reporting agency, FCRA rights—including dispute and adverse action rights—may apply. Hard credit inquiries are performed only with your express prior authorization.

GLBA and FCRA may limit or preempt certain state privacy rights, including some CCPA rights, with respect to information subject to those federal regimes.

15. Cookies and Tracking Technologies

We use cookies, mobile SDKs, pixels, device fingerprinting, and related technologies to authenticate users, detect fraud, measure performance, attribute marketing campaigns, and manage sessions. You may limit cookies through browser settings or limit mobile tracking through your device OS settings. Disabling certain technologies may impair App functionality or prevent access to some features.

16. Children's Privacy

The App is intended for adults 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18 in violation of the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected information from a minor, we will delete it promptly. Report concerns to [email protected].

17. International Users

The App is directed to users in the United States. If you access the App from outside the U.S., you consent to the transfer and processing of your information in the United States, where privacy laws may differ from those in your country.

18. Policy Updates

We may revise this Policy from time to time. When we make material changes, we will update the Effective Date above and provide notice through the App, by email, or by posting a conspicuous notice on our website. Continued use after the effective date of an updated Policy constitutes acceptance of the changes.

19. Contact Us

MAF Loans LLC
1007 N Garth Ave, Columbia, MO 65203-4051
Missouri, United States
General inquiries: [email protected]
Privacy requests: [email protected]
Website: mafloans.com