Privacy Policy

Tower Logix Inc., a California corporation (“Company,” “we,” “us,” or “our”), operates the LendPitch platform (“Platform”), accessible at lendpitch.com and related subdomains (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you access or use the Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Service immediately.

1. Information We Collect

We may collect the following categories of information:

a. Personal Information You Provide

• Account information: name, email address, phone number, job title, and company name.
• Business information: dealership name, lender name, business address, dealer license number, and other professional identifiers.
• Deal and transaction data: customer names, vehicle information (year, make, model, VIN), loan amounts, credit tier information, stipulations, and funding status.
• Financial information: billing address, payment method details (processed by our third-party payment processor; we do not store full payment card numbers).
• Communications: messages you send to us, support requests, and feedback.

b. Information Collected Automatically

• Usage data: pages viewed, features used, actions taken, dates and times of access, and referring URLs.
• Device and browser information: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Log data: server logs, error reports, and performance data.
• Location data: approximate geographic location inferred from IP address.

c. Information from Third Parties

• Authentication providers: if you sign in via a third-party service (e.g., Google), we may receive your name, email address, and profile picture.
• Business partners: credit bureaus, data aggregators, and other partners may provide data to supplement the information we collect.
• Publicly available information: we may collect information from public records, professional licensing databases, and publicly available websites.

2. How We Collect Information

We collect information through the following means:

• Directly from you: when you create an account, submit deals, complete forms, or communicate with us.
• Automatically: through cookies, web beacons, pixels, and similar tracking technologies when you interact with the Service.
• From third parties: from business partners, data providers, authentication services, and publicly available sources as described above.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: to operate, maintain, and deliver the features and functionality of the Platform, including matching dealers with lenders, processing deal submissions, and facilitating communication between parties.
• AI-powered scoring and analysis: to generate proprietary confidence scores, deal analyses, and lender-matching recommendations. These outputs are informational only and do not constitute financial advice, credit decisions, or guarantees of any outcome.
• Document processing: to analyze, parse, and store documents you upload (e.g., stipulations, buyer's orders, credit applications) to facilitate deal processing.
• Account management: to create and manage your account, verify your identity, and authenticate your access.
• Communications: to send transactional emails, service updates, security alerts, deal status notifications, and administrative messages.
• Analytics and improvement: to understand how users interact with the Service, identify trends, and improve the Platform's performance, features, and user experience.
• Billing and payments: to process payments, send invoices, and manage subscription or per-deal fees.
• Compliance and legal obligations: to comply with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities.
• Security and fraud prevention: to detect, investigate, and prevent unauthorized access, fraud, and other illegal activities.
• Marketing (with consent): to send promotional communications where permitted by law and where you have provided consent, with the ability to opt out at any time.

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

a. With Lenders and Dealers on the Platform

Deal information submitted by dealers is shared with lenders on the Platform as necessary to facilitate deal matching, review, and funding. Lender feedback and decisions are shared with the submitting dealer.

b. Service Providers

We share information with third-party vendors and service providers that perform services on our behalf, including cloud hosting, payment processing, email delivery, analytics, customer support, and security services. These providers are contractually obligated to use your information only as necessary to perform their services and to protect your data.

c. Credit Bureaus and Data Partners

We may share or receive information from credit bureaus, data aggregators, and other data partners to facilitate deal processing and credit analysis.

d. Legal Requirements and Protection

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to: (i) comply with applicable law or respond to valid legal process; (ii) protect the rights, property, or safety of Tower Logix Inc., our users, or others; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) enforce our Terms of Service.

e. Business Transfers

In connection with any merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or dissolution of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

f. With Your Consent

We may share your information for other purposes with your express consent.

g. No Sale of Personal Information

We do not sell your personal information as that term is defined under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). We do not share your personal information for cross-context behavioral advertising.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected, including:

• Account data: retained for as long as your account is active, plus a reasonable period thereafter (typically 3 years) to comply with legal obligations, resolve disputes, and enforce agreements.
• Deal and transaction data: retained for a minimum of 7 years from the date of the transaction to comply with financial record-keeping requirements.
• Usage and analytics data: retained in identifiable form for up to 2 years; aggregated or de-identified data may be retained indefinitely.
• Communications: retained for as long as reasonably necessary for the purposes of customer support, dispute resolution, and compliance.
• Legal hold: data subject to a legal hold, litigation, or regulatory investigation will be retained until the matter is resolved, regardless of normal retention periods.

Upon expiration of the applicable retention period, we will delete or de-identify your information, unless a longer retention period is required or permitted by law.

6. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and disclosure, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls and least-privilege principles.
• Multi-factor authentication for administrative access.
• Regular security assessments and vulnerability scanning.
• Employee training on data protection and security practices.
• Incident response procedures for data breaches.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security. You use the Service and provide your information at your own risk.

7. Your Privacy Rights (California / CCPA / CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

a. Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.

b. Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions provided by law (e.g., completing a transaction, detecting security incidents, complying with legal obligations).

c. Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

d. Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As stated above, we do not sell or share your personal information for these purposes.

e. Right to Limit Use of Sensitive Personal Information

To the extent we collect sensitive personal information (as defined under the CPRA), you have the right to limit its use to purposes necessary to provide the Service.

f. Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, provide a different quality of service, or suggest you will receive a different level of service for exercising your rights.

g. Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require proof of the agent's authorization and verify your identity before processing the request.

h. How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@towerlogix.com or write to us at the address listed in Section 12. We will verify your identity before processing your request and respond within 45 days (which may be extended by an additional 45 days for complex requests, with notice).

i. CCPA Disclosure Table

The following table describes the categories of personal information we have collected in the preceding 12 months, the sources, the purposes, and the categories of third parties with whom we share such information:

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Strictly necessary cookies: required for the Service to function (e.g., session management, authentication, security). These cannot be disabled.
• Performance and analytics cookies: help us understand how users interact with the Service so we can improve it. These collect aggregate, anonymized data.
• Functional cookies: enable enhanced functionality and personalization (e.g., remembering your preferences).

Managing cookies: Most web browsers allow you to manage or disable cookies through browser settings. Disabling certain cookies may affect the functionality of the Service. For more information, visit your browser's help documentation.

Do Not Track: The Service does not currently respond to “Do Not Track” (DNT) browser signals. There is no uniform standard for how DNT signals should be interpreted, but we will update this policy if an industry standard is established.

9. Third-Party Links

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by Tower Logix Inc. We are not responsible for the privacy practices or content of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. Inclusion of a link does not imply endorsement of the linked site by Tower Logix Inc.

10. Children's Privacy

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us at privacy@towerlogix.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page.
• Provide notice via email to the address associated with your account and/or a prominent notice on the Service at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: