Privacy Policy

Effective Date: May 25, 2022

1. Introduction

Fundmates Inc. (“Fundmates,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit www.fundmates.com, platform.fundmates.com, any related subdomains (collectively, the “Sites”), or use the funding, financial, advisory, and creator-support services we offer (collectively, the “Services”).

Fundmates is a financial services platform designed for online content creators, including YouTube channel owners. We provide upfront capital in exchange for a contractual share of future advertising revenue, and we offer related creator-growth services. Funding is facilitated through partnered FDIC-member financial institutions; Fundmates is not itself a chartered bank or traditional lending institution.

Please read this Privacy Policy carefully. By accessing or using the Sites or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not use the Sites or Services.

2. Scope and Applicability

This Privacy Policy applies to personal information we collect from and about: (a) prospective and current creators who apply for, receive, or inquire about funding; (b) visitors to the Sites; (c) representatives of business partners and vendors; and (d) other individuals who interact with us. This Privacy Policy does not apply to third-party websites, platforms, or services to which we may link, including YouTube, Google, banking partners, and other integrated services, each of which is governed by its own privacy policy.

3. Information We Collect

We collect personal information from three primary sources: information you provide to us, information collected automatically when you use the Sites, and information we receive from third parties.

3.1 Information You Provide Directly

We collect information you submit through application forms, account registration, support requests, surveys, calculators, and other interactions, including:

  • Identity and contact information: full name, email address, telephone number, and mailing address.
  • Account credentials: username, password (stored in hashed form), and authentication factors.
  • Channel and creator information: YouTube channel URL or handle, niche, audience details, content category, and other information about your creator business.
  • Funding application information: estimated AdSense revenue, growth metrics, requested funding amount, revenue-share preferences, and information you provide via our funding calculator or chat.
  • Financial and payout information: bank account and routing numbers, payment processor identifiers, and payout instructions provided through secure intake channels.
  • Tax and identity verification information: tax identification numbers (such as SSN, ITIN, or EIN where required by U.S. tax law), IRS Forms W-9 or W-8BEN/W-8BEN-E, government-issued identification documents, date of birth, and other information required for know-your-customer (“KYC”), anti-money laundering (“AML”), and Office of Foreign Assets Control (“OFAC”) screening.
  • Communications: the content of messages, emails, chat transcripts, calls (including recordings where lawful and disclosed), and any documents you send us.
  • Marketing preferences: subscription choices, preferences, and feedback you provide.

3.2 Information from YouTube and Google APIs

When you connect your YouTube channel to Fundmates, you authorize us to access certain Google account data through YouTube Data API Services and related Google APIs. The specific scopes we access are disclosed at the time you grant consent and may include:

  • Channel and account metadata: channel ID, channel name, ownership confirmation, and basic profile information.
  • Performance and analytics data: views, watch time, subscriber counts, traffic sources, geography, RPM (revenue per mille), CPM, estimated AdSense earnings, and other channel and video analytics.
  • Content metadata: video titles, descriptions, upload dates, thumbnails, and aggregate engagement metrics.
  • OAuth tokens: access and refresh tokens issued by Google for the limited purposes you have authorized.

We use this information solely to evaluate funding eligibility, calculate proposed terms, monitor revenue subject to your funding agreement, provide channel-growth analyses, and operate the Services. See Section 6 (“Google API Services User Data Disclosure”) for our Limited Use commitment.

You may revoke our access to your Google account at any time by visiting https://myaccount.google.com/permissions or by contacting us. Revocation may prevent us from continuing to provide Services that depend on this access, but it does not relieve you of obligations under any funding agreement already in effect.

3.3 Information We Collect Automatically

When you visit the Sites, we and our service providers automatically collect certain information using cookies, pixels, log files, and similar technologies, including:

  • Device and browser data: IP address, device identifiers, browser type and version, operating system, language, time zone, and screen settings.
  • Usage data: pages visited, referring and exit URLs, links clicked, time spent, scroll depth, search terms entered on the Sites, and timestamps.
  • Approximate location: general geographic region inferred from IP address. We do not collect precise GPS location.
  • Advertising and measurement identifiers: identifiers used by Meta (Facebook) Pixel, Google Analytics, Google Ads, and similar marketing-measurement tools.

See Section 8 for details about specific cookies and tracking technologies and your choices.

3.4 Information from Third Parties

We may receive information about you from:

  • Banking and payment partners: FDIC-member financial institutions and payment processors that facilitate disbursements and ongoing payments.
  • Identity verification, KYC, AML, and fraud-prevention vendors: services that confirm your identity, screen against sanctions lists, and detect fraudulent activity.
  • Multi-channel networks (MCNs) and YouTube partner programs: where applicable to manage AdSense revenue allocation under your funding agreement.
  • Marketing and advertising partners: providers that supply audience-segment information, conversion data, and lead-generation contact details.
  • Public sources and references: publicly available channel statistics, news, and information you make publicly accessible.
  • Service providers: hosting, analytics, communications, and CRM providers who collect or process information on our behalf.

4. Sensitive and Financial Information

Some of the information we collect is considered sensitive under applicable law (for example, government identifiers, financial account information, and tax IDs). We collect sensitive information only as reasonably necessary to provide and administer the Services, comply with legal obligations (including tax reporting, KYC, AML, and OFAC requirements), prevent fraud, and protect our legal rights. We do not use sensitive personal information to infer characteristics about you, and we do not use or disclose it for purposes that California law (or any other applicable state law) requires us to allow you to limit, beyond what is necessary to operate the Services as you would reasonably expect.

5. How We Use Your Information

We use personal information for the following business and commercial purposes:

  • Provide and operate the Services: evaluate funding applications, calculate offers, execute funding agreements, monitor AdSense revenue subject to those agreements, process payouts, and provide creator-growth tools (e.g., editing, thumbnail design, channel translation, MCN access).
  • Verify identity and prevent fraud: perform KYC, AML, OFAC screening, and other compliance checks; detect and investigate fraud, security incidents, and prohibited activity.
  • Communicate with you: respond to inquiries, provide customer support, deliver service notices and account updates, and contact you about your funding or application.
  • Improve our Sites and Services: analyze usage, debug and maintain platforms, develop new features, and conduct research and analytics.
  • Marketing and creator outreach: send you newsletters, promotional content, partner offers, and information about our Services where permitted by law and consistent with your preferences.
  • Comply with legal obligations: satisfy tax-reporting, recordkeeping, audit, and regulatory requirements; respond to lawful requests by public authorities; enforce contracts.
  • Protect rights and safety: protect the rights, property, and safety of Fundmates, our creators, our partners, and the public.
  • Business transactions: evaluate, negotiate, and complete corporate transactions such as mergers, acquisitions, financings, or asset sales.

Where we rely on consent (for example, for certain marketing communications or non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. Google API Services User Data Disclosure

Fundmates’ use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements, available at https://developers.google.com/terms/api-services-user-data-policy.

Specifically, we affirm that we will:

  • Use Google user data only to provide and improve user-facing features of the Services that are prominent in the user experience (e.g., funding eligibility evaluation, revenue-share monitoring, and channel analytics);
  • Not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users;
  • Not use Google user data to serve advertisements, including retargeting, personalized advertising, or interest-based advertising;
  • Not allow humans to read Google user data unless we have obtained your affirmative agreement, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized;
  • Apply industry-standard security practices to protect Google user data, including encryption in transit and at rest, access controls, and regular security reviews.

7. How We Share Your Information

We do not sell your personal information for monetary consideration. We share personal information in the following circumstances:

7.1 Service Providers and Vendors

We share information with vendors and processors that perform services on our behalf, including hosting and infrastructure providers, payment processors, banking partners (FDIC-member institutions), KYC/AML and identity-verification providers, fraud-prevention services, analytics and marketing providers, customer-support tools, communications providers (email, SMS, chat), and professional advisors (legal, accounting, audit). These vendors are contractually required to use personal information only as needed to perform services for us.

7.2 Banking and Funding Partners

To facilitate the disbursement of funds and ongoing collection of revenue shares, we share necessary information with FDIC-member partner banks and other financial institutions. Their use of your information is subject to their own privacy policies and applicable U.S. financial-privacy laws, including the Gramm-Leach-Bliley Act.

7.3 Multi-Channel Networks and Platform Partners

Where your funding agreement provides, we may share information with MCNs and YouTube-affiliated entities to manage revenue allocation and channel-growth services.

7.4 Legal, Compliance, and Safety

We may disclose information to government authorities, regulators, courts, law enforcement, or private parties where we believe in good faith that disclosure is necessary to (a) comply with applicable law, subpoena, court order, or other legal process; (b) enforce our agreements; (c) protect the rights, property, or safety of Fundmates, our creators, or others; or (d) detect, prevent, or address fraud, security, or technical issues.

7.5 Business Transfers

If Fundmates is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, personal information may be transferred to the relevant counterparty, subject to standard confidentiality protections and, where applicable, prior notice to affected individuals.

7.6 Affiliates

We may share information with current and future entities under common ownership or control with Fundmates for the purposes described in this Privacy Policy.

7.7 With Your Direction or Consent

We may share information with other parties when you direct us to do so or otherwise consent to the sharing.

7.8 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose, including marketing, research, and reporting on creator-economy trends. We will not attempt to re-identify such data.

8. Cookies, Pixels, and Tracking Technologies

The Sites use cookies and similar technologies to operate, secure, analyze, and improve the Services, and to support marketing. We use the following categories:

  • Strictly necessary: required for the Sites to function (e.g., authentication, load balancing, security).
  • Analytics and performance: help us understand how visitors interact with the Sites (e.g., Google Analytics).
  • Functional: remember preferences and choices.
  • Advertising and measurement: help us measure marketing effectiveness and reach prospective creators on third-party platforms (e.g., Meta/Facebook Pixel, Google Ads tags). These technologies may share information with the corresponding ad platforms, who may use it for cross-context behavioral advertising on their platforms in accordance with their own policies.

You can manage cookies through your browser settings or our cookie preferences tool (where displayed). Most browsers allow you to refuse or delete cookies. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/. You can adjust Meta advertising preferences in your Facebook ad settings. Industry opt-out tools are available at https://optout.aboutads.info and https://optout.networkadvertising.org. Disabling cookies may impair certain Site features.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, complying with legal, accounting, tax, and regulatory obligations, resolving disputes, and enforcing agreements. Typical retention periods include:

  • Funding agreement records (including KYC, financial, and tax information): generally retained for the life of the agreement plus seven (7) years to satisfy U.S. tax, financial-reporting, and AML recordkeeping obligations.
  • Communications and support records: generally up to seven (7) years.
  • Account data for inactive accounts that did not result in a funded agreement: generally up to twenty-four (24) months from last activity, unless retention is required by law.
  • Marketing data: until you unsubscribe or object, plus a reasonable suppression-list period to honor your opt-out.
  • Cookies and Site analytics: per the retention period set in our analytics tools, typically not longer than twenty-six (26) months.

When we no longer need personal information, we will delete or de-identify it. Where deletion is not feasible (for example, information stored in backup archives), we will isolate and protect it from further processing.

10. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, and alteration. These include encryption of data in transit (TLS) and at rest, role-based access controls, multi-factor authentication for sensitive systems, vendor due diligence, security monitoring and logging, and periodic review of our security program.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and applicable authorities as required by law. You are responsible for maintaining the confidentiality of your account credentials.

11. Your Privacy Rights

Depending on where you live, you may have certain rights with respect to your personal information. We will not discriminate against you for exercising these rights.

11.1 Rights Available to All Users

  • Access: request confirmation of whether we process personal information about you and a copy of that information.
  • Correction: request correction of inaccurate personal information.
  • Deletion: request deletion of personal information, subject to legal exceptions (such as obligations to retain financial and tax records).
  • Marketing opt-out: unsubscribe from marketing emails using the link in any message or by contacting us. We will continue to send transactional and service-related communications.

11.2 Additional Rights Under U.S. State Laws

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have additional rights, including the rights to: opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising; opt out of certain profiling decisions; limit the use of sensitive personal information; obtain a portable copy of certain data; and appeal a denial of a rights request. See Sections 12 and 13 for state-specific notices.

11.3 Rights Under GDPR / UK GDPR (EEA, UK, and Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may also have the right to:

  • Object to processing based on legitimate interests, including direct marketing;
  • Restrict processing in certain circumstances;
  • Receive your information in a portable, machine-readable format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with your local data protection authority.

Our legal bases for processing under the GDPR/UK GDPR include: performance of a contract (to provide funding and Services); compliance with legal obligations (tax, AML, KYC); legitimate interests (security, fraud prevention, analytics, direct B2B marketing); and your consent (for non-essential cookies and certain marketing). For sensitive financial data, we rely on contract performance and legal compliance grounds.

11.4 How to Exercise Your Rights

To exercise any of these rights, email us at hello@fundmates.com with the subject line “Privacy Rights Request,” or write to the address in Section 20. We will need to verify your identity before processing your request, which may require you to confirm information already on file or provide reasonable proof of identity. Authorized agents may submit requests on your behalf with written authorization.

We will respond within the time required by applicable law (generally 45 days under U.S. state laws, with a possible 45-day extension; one month under GDPR, extendable by two additional months for complex requests). If we deny your request, you may appeal by replying to our denial email; we will respond to appeals within the time required by applicable law.

12. California Privacy Notice

This section supplements the rest of this Privacy Policy and applies solely to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”). Some personal information collected by Fundmates is exempt from the CCPA/CPRA because it is regulated by the Gramm-Leach-Bliley Act (“GLBA”) or other federal financial-privacy laws. The notice below addresses non-exempt categories.

12.1 Categories of Personal Information Collected (Last 12 Months)

  • Identifiers: name, postal address, email, phone, IP address, account name, online identifiers, channel ID. Collected: Yes.
  • California Customer Records categories (Cal. Civ. Code § 1798.80(e)): name, signature, address, phone, financial-account information, tax ID, government ID. Collected: Yes (subject in part to GLBA).
  • Protected classification characteristics: Collected: No, except where you voluntarily provide such information.
  • Commercial information: history of funding inquiries, agreements, and Services received. Collected: Yes.
  • Biometric information: Collected: No.
  • Internet or other network activity: browsing and Site interaction data. Collected: Yes.
  • Geolocation data: approximate (IP-based) only. Collected: Yes (general); No (precise).
  • Audio, electronic, visual, or similar information: call recordings or video meeting recordings where lawful and disclosed. Collected: Sometimes.
  • Professional or employment-related information: creator business information. Collected: Yes.
  • Education information: Collected: No.
  • Inferences: growth and revenue projections drawn from channel data. Collected: Yes.
  • Sensitive personal information: SSN/ITIN/EIN, financial-account credentials, government ID numbers, account log-in credentials. Collected: Yes; used only as described in Section 4.

12.2 Sources, Purposes, and Disclosures

Sources are described in Section 3, business and commercial purposes are described in Section 5, and the categories of recipients are described in Section 7.

12.3 “Sale” and “Sharing” of Personal Information

Fundmates does not sell personal information for monetary consideration. We may “share” personal information (as that term is defined under the CPRA) for cross-context behavioral advertising through our use of advertising and measurement technologies (such as the Meta/Facebook Pixel and Google Ads tags). The categories involved are identifiers and internet/network-activity information.

You have the right to opt out of this sharing. To opt out, click “Do Not Sell or Share My Personal Information” on the Sites (where displayed), email hello@fundmates.com, or enable a Global Privacy Control (“GPC”) signal in your browser. We will treat valid GPC signals as a request to opt out of sharing for cross-context behavioral advertising for the browser and device on which the signal is received.

We do not knowingly sell or share the personal information of consumers under 16 years of age.

12.4 Sensitive Personal Information

We use sensitive personal information only for purposes permitted by California law without an obligation to offer a right to limit, including to provide the Services you request, comply with legal obligations, prevent fraud, and ensure security.

12.5 Notice of Financial Incentive

We do not currently offer any financial incentive or price/service difference in exchange for personal information.

12.6 Shine the Light

California residents may request information about disclosures of personal information to third parties for those third parties’ own direct-marketing purposes during the prior calendar year. We do not disclose personal information to third parties for their own direct-marketing purposes.

13. Notices for Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have substantially similar rights to those described in Section 11, including the right to access, correct, and delete personal data; the right to data portability; the right to opt out of targeted advertising, the sale of personal data, and certain profiling; and (in most jurisdictions) the right to appeal a denied request. To exercise these rights or appeal a decision, contact hello@fundmates.com. Some processing is exempt from these laws because it is regulated by the GLBA.

Nevada residents have the right to opt out of the sale of certain personal information. To submit a request, email hello@fundmates.com.

14. Notice of Financial Privacy (Gramm-Leach-Bliley Act)

Because Fundmates provides financial services, certain information we collect and process is regulated under the GLBA and related federal regulations. Below is a summary of our financial-privacy practices. We will provide a separate GLBA privacy notice to applicants and customers as required.

  • Information collected: application data, transaction history with us, information from consumer reporting agencies (where applicable), and information from our affiliates and non-affiliated third parties.
  • Information shared: with service providers, banking partners, and as required by law. We do not share nonpublic personal information with non-affiliated third parties for their own marketing purposes.
  • Your choices: you may have rights to limit certain sharing under federal law. We will explain those choices in the separate GLBA notice provided at the time of application or as otherwise required.

15. Do Not Track and Global Privacy Control

Our Sites do not respond to traditional browser “Do Not Track” signals because no common standard for such signals exists. However, we honor Global Privacy Control (“GPC”) signals as an opt-out of sharing personal information for cross-context behavioral advertising where required by applicable law.

16. Children’s Privacy

The Sites and Services are not directed to, and we do not knowingly collect personal information from, children under 18. The Services are intended for adult creators who can lawfully enter into financial agreements. If we learn that we have collected personal information from a child under 18 (or under 13 in jurisdictions where applicable children’s online privacy laws apply), we will delete it promptly. Parents or guardians who believe their child has provided personal information should contact us at hello@fundmates.com.

17. International Data Transfers

Fundmates is based in the United States, and we and our service providers process personal information in the United States and other countries. The data-protection laws of these countries may differ from those of your country of residence. Where required by law, we use appropriate safeguards for international transfers, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, and equivalent mechanisms. Where consent is required, we obtain it before transferring your information. You may request a copy of the relevant safeguards by contacting us.

18. Third-Party Links and Services

The Sites may contain links to, or integrations with, third-party websites, services, and tools, including YouTube, Google, MCNs, banking partners, and creator-tool partners. We are not responsible for their privacy practices. We encourage you to read each third party’s privacy policy before providing information.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page and, where required by law, provide additional notice (for example, by email or by a prominent notice on the Sites). We encourage you to review this page periodically. Your continued use of the Sites or Services after changes take effect constitutes acceptance of the revised Privacy Policy to the extent permitted by law.