Scoreby Rate Tracker
Draft — finalized before V1 launch

Privacy Policy

Last updated: 2026-05-14

What this document is

Score is a Rate Tracker product. This privacy policy explains what data Score collects, why we collect it, what we do with it, and the rights you have over it. It applies to merchants who use Score to qualify their customers for financing, and to the consumers whose information is submitted through Score by those merchants.

Our core privacy promises

  • No credit pull. Score never pulls a hard or soft credit inquiry. Our ease score is a structural read of cash flow and obligation patterns — not a credit score.
  • You own your data. Consumers and merchants retain ownership of the information they submit. We process it on your behalf; we don’t sell it, rent it, or use it to train external models.
  • No silent sharing. We do not share personally identifying information with third parties without explicit, recorded consent — with the narrow operational exceptions called out below (payments processor, hosting, infrastructure subprocessors).

What we collect

From merchants: business name, contact email, billing details (handled by Stripe), and the application submissions you run through Score.

From consumers (via merchants): the information needed to compute an ease score — typically bank-statement documents, identity fields, and the financial signals derived from them. We do not retain bank credentials.

How we use it

We use submission data to compute the ease score, render the score report, and provide the merchant their dashboard view. We use account data to operate the service, send transactional email, and bill subscriptions. Aggregate, fully de-identified metrics may inform product improvement — never tied back to an individual.

Subprocessors

Score is built on a small, audited set of infrastructure partners (cloud hosting, managed Postgres, email delivery, error monitoring, payments). The full list will be published here before V1 launch alongside the data-processing addendum.

Your rights

You may request a copy of your data, request deletion, or withdraw consent for further processing at any time. Email privacy@ratetracker.io. Final response timelines and the formal DSAR process will be documented before V1 launch.

Data retention

We retain submission data for as long as the merchant account is active, plus a limited window after termination for export and dispute resolution. After that window, personally identifying fields are deleted or de-identified. Aggregated, non-identifying metrics may be retained for product analytics. The exact retention windows (by data category) will be enumerated in the final policy before V1 launch.

Cookies and tracking

Score uses a small number of first-party cookies necessary to keep you signed in, hold your session, and remember your view preferences. We do not run third-party advertising trackers, behavioral profiling pixels, or cross-site ad networks. Aggregated analytics on the marketing site (page views, referrers) are collected without persistent identifiers tied to individuals.

Children’s data

Score is built for businesses and the adult consumers their merchants serve. We do not knowingly collect data from individuals under 18. If you believe a minor has had data submitted through Score, email privacy@ratetracker.io and we will delete it.

U.S. state privacy rights

Residents of California, Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws have additional rights under those statutes — including access, correction, deletion, portability, and the right to opt out of certain processing. To exercise any of these rights, email privacy@ratetracker.io. We do not sell personal information and we do not use it for cross-context behavioral advertising.

International users

Score is operated in the United States. If you access Score from outside the U.S., your data will be processed in the U.S. under U.S. law. We are not currently designed for general availability in the EU/EEA or UK; cross-border transfer mechanisms and GDPR-specific controls are on the roadmap and will be addressed before any expansion into those jurisdictions.

Changes to this policy

We’ll update this policy as the product evolves and as our compliance posture matures. Material changes will be communicated in advance — via in-product banner, email to account owners, or both — with a clear effective date. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Rate Tracker, Inc. · privacy@ratetracker.io