Privacy Policy

Last updated: May 2025

RFFC Financial, LLC (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. We want you to understand how we collect, use, share, and protect your personal information. This website, rffc.biz (“Site”), is operated by RFFC Financial LLC. RFFC Financial LLC, along with its affiliated companies, are the primary controllers of your personal information provided or collected through this Site and our services.

This Privacy Policy applies to all personal data we collect, whether through our Site, offline interactions, or other means, as it may be modified or updated from time to time. This policy describes our practices in connection with information collected from individuals applying for or obtaining financial products and services from us, including retail installment contracts.

If you do not agree with the data handling practices described in this Privacy Policy, please do not use this Site or our services. Your use of this Site or provision of information to us constitutes your acceptance of this policy and your consent to these practices.

Personal data refers to information that identifies you as an individual or relates to an identifiable individual.

WHAT PERSONAL DATA WE COLLECT

Children’s Online Privacy Protection Act (COPPA) Compliance

We do not knowingly collect personal information from children under the age of 18. Our Site, products, and services are intended for users aged 18 and older. If you are under 18, you are not authorized to use this Site or provide us with your personal information. If we learn we have collected personal information from a child under 18, we will delete that information.

We collect the following categories of personal data:

a) Contact Information:

• Name
• Email address
• Phone number
• Mailing address / Postal address

b) Identification Information:

• Social Security Number
• Driver's license number
• Date of birth
• Account Credentials: Usernames and passwords for accessing our Site or services.

c) Financial Information:

• Income and income verification
• Credit history
• Bank account information
• Payment history (with us and potentially others)
• Retail installment contract details
• Payment Information for transactions: Including your billing address, credit card number, expiration date, and CVV. This information is typically transmitted securely via Transport Layer Security (TLS) encryption to a third-party order and payment processor under contract with us. We generally do not store full credit card information on our servers.

d) Employment Information:

• Employer name
• Job title

e) Transaction Information:

• Information related to your application for or purchase of retail installment contracts, including product or service details and delivery address.

f) Information from Third Parties:

• Credit reports from credit bureaus (e.g., Experian, Equifax, TransUnion).
• Public records, which may include information from social media sites, for identity verification, fraud prevention.
• Information from sellers of retail installment contracts (e.g., door-to-door sales companies, brick-and-mortar stores, online sellers) from whom we purchase contracts.

g) Website/Online Activity (Information We Collect Through Technology):

   When you visit our Site, we and, in some cases, our third-party service providers may collect:

• IP Address and Connection Information: Your device identifier, browser information, and Internet Protocol (IP) address. An IP address is often associated with your internet service provider (ISP), company, or university. While an IP address may reveal your ISP or geographic area, it does not typically reveal your individual identity on its own. Where local law considers IP addresses as personal data, we treat them accordingly. We do not link your personal data to device identifier or IP address information unless necessary for fraud prevention or security.
• Specific Device and Browser Information: This may include operating system (e.g., Windows, Chrome OS, Android, Mac OS) and version, browser name (e.g., Internet Explorer, Chrome, Firefox, Safari) and version, navigator.platform, navigator.vendor, navigator.userAgent, and navigator.appVersion.
• Session IDs: Unique identifiers for your browsing session.
• Cookies and Similar Technologies: Cookies are small files that the Site or our service provider transfers to your computer’s hard drive through your web browser, enabling the Site’s or service provider’s systems to recognize your browser and capture and remember certain information. We use cookies to help us understand how users interact with the Site (e.g., how long users spend on a web page, most popular content), to remember your preferences, and for site functionality. If you prefer, you can choose to have your computer warn you each time a cookie is sent, or you can choose to turn off cookies by adjusting your browser settings. If you turn off cookies, some features on the Site may not function properly.
• Aggregate Data: We also collect certain non-personally identifiable information, such as aggregate data about website visits and page views.

h) Communications:

• Records of your communications with us, including records of calls, emails, and SMS text messages.

Information You Provide to Third Parties

The Site may include links to, and plug-ins (such as social media buttons) from, sites or applications operated by third parties (“Third-Party Sites”). Company does not control any Third-Party Sites and is not responsible for any information they may collect. The information collection practices of a Third-Party Site are governed by its privacy policy. It is your choice to enter any Third-Party Site. We recommend that you read its privacy policy if you choose to do so.

PURPOSES FOR WHICH WE USE THE PERSONAL DATA WE COLLECT

We use the personal data we collect for the following purposes:

a) Processing Applications and Servicing Accounts:

• Processing credit applications and making credit decisions.
• Originating, managing, and servicing your accounts (e.g., processing payments, sending statements, managing account changes).

b) Communication:

• Communicating with applicants and customers (e.g., responding to inquiries, providing account updates, sending legally required notices).
• Addressing service complaints.
• Sending you marketing and promotional information about our products and services or those of our affiliates, where permitted by law and unless you have opted out.

c) Verification and Security:

• Verifying your identity.
• Preventing, detecting, and investigating fraud, security breaches, and other potentially prohibited or illegal activities.
• Protecting the rights, property, or safety of Company, our users, or others.
• Maintaining network and information security.

d) Operational and Business Improvement:

• For internal analytics, research, and reporting.
• Troubleshooting technical problems on the Site.
• Continuously evaluating and improving our Site, products, services, and the online and mobile user experience.

e) Legal and Compliance:

• Complying with applicable laws, regulations, court orders, subpoenas, or other legal processes.
• Enforcing our agreements and policies, including this Privacy Policy or any applicable terms of service.
• Reporting suspected criminal acts.

Data Retention

We retain your personal data for the duration necessary to fulfill the purposes outlined in this Privacy Policy, including for the duration of any customer relationship you have with us. We also retain your personal data for as long as required by applicable law or as necessary to resolve disputes or defend our legal rights, typically for a period after our last interaction with you (e.g., 12 months, or as legally mandated for financial records which can be longer).

HOW WE SHARE THE PERSONAL DATA WE COLLECT

We do not sell or rent your personal data to outside parties for their own independent marketing purposes. We may share your information in the following ways:

a) Service Providers/Vendors: We share personal data with third-party service providers who perform services on our behalf. These may include:

• Payment processors.
• Electronic document signature platforms.
• Collection agencies.
• Data hosting and storage providers.
• Communication platforms (for email, SMS).
• Analytics providers.
• Legal counsel and other professional advisors.

We require these service providers by contract to maintain security measures comparable to our own and to use the personal data only for the purposes for which we provide it to them.

b) Original Sellers/Merchants: We purchase Retail Installment Contracts from various sellers (e.g., door-to-door sales companies, brick-and-mortar stores, online sellers) who may use rffc.biz to submit contract information. These sellers may retain access to some of the data they originally entered into rffc.biz related to the contracts they sold to us, for their own record-keeping and customer service purposes related to the initial sale.

c) Credit Bureaus: We share information with credit bureaus (e.g., Experian, Equifax, TransUnion) as permitted or required by law, such as reporting account and payment history.

d) Affiliated Companies: Company may share your personal data with other entities within our corporate group (our affiliates) for purposes consistent with this Privacy Policy, such as to effectively respond to your requests, provide our services, for internal reporting, or for marketing their products and services if you have consented.

e) Government Authorities/Law Enforcement: We will disclose your personal data as required by law, regulation, or legal process, including in response to court orders, subpoenas, or requests from government or law enforcement authorities.

f) Legal Compliance and Protections: We may share your data if we believe it’s necessary to comply with legal obligations; to protect the rights, property, or safety of Company, our users, or others; to enforce our agreements; or for fraud prevention and credit risk reduction.

g) In Case of Business Transfers (Corporate Transactions): We reserve the right to disclose and transfer your data, including your personal data:

• To a subsequent owner, co-owner, or operator of the Site or successor database.
• In connection with a corporate merger, consolidation, bankruptcy, the sale of substantially all of our assets, or other corporate change, including to any prospective purchasers during due diligence.

HOW WE PROTECT THE PERSONAL DATA WE COLLECT

We are committed to protecting the security and confidentiality of your personal data. We maintain technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, or disclosure.

For example, we use Transport Layer Security (TLS) encryption to secure data collection forms on our Site. We also restrict access to your personal data; only employees with a legitimate business need (e.g., customer service representatives, underwriters) are authorized to access it. Employees with access to personal data receive regular training on our security and privacy practices.

While we take these measures, it’s important for you to protect against unauthorized access to your password and computer. Always close your browser after using the Site.

Please note that, despite our reasonable efforts, no security system is foolproof, and we cannot guarantee the absolute security of your personal data.

YOUR DATA RIGHTS

You may have certain rights regarding your personal data, subject to local law. These may include the right to access, update, correct, or request deletion of your personal data.

You can contact us using https://www.rffc.biz/Contact_Us.aspx to make such requests. If you wish to unsubscribe from our marketing mailing list, please include ‘Unsubscribe’ in the comments/question box, specifying the email address(es) you wish to remove. We will process your request within a reasonable timeframe and in accordance with applicable law.

QUESTIONS?

If you have any questions about this Privacy Policy, please contact us:

Phone: 855-438-7398

Website: https://www.rffc.biz/Contact_Us.aspx

Mail:

2912 W. DAVIS ST. STE 200

CONROE, TX 77304

UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the "Last updated" date at the top of this policy will be revised. If material changes are made that significantly affect how we use or disclose your personal data, we will provide a prominent notice of these changes and their effective date before they take effect, or as otherwise required by law.

CALIFORNIA CONSUMER RIGHTS (CCPA/CPRA Addendum)

This section supplements the information contained in our Privacy Policy and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA) and any implementing regulations.

1. Right to Know and Access: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (or longer, as permitted by law). This includes the categories of personal information collected, sources, purposes for collecting/selling/sharing, and categories of third parties to whom it was disclosed.

2. Right to Delete: You have the right to request that we delete your personal information that we collected from you and retained, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, comply with legal obligations).

3. Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.

4. Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" of your personal information and the "sharing" of your personal information for cross-context behavioral advertising.

• "Sale": We do not "sell" personal information in the traditional sense (i.e., for monetary gain). However, the CCPA/CPRA has a broad definition of "sale."
• "Sharing": This refers to sharing for cross-context behavioral advertising.
• As of the "Last Updated" date of this policy, we do not believe we "sell" or "share" personal information as defined by CCPA/CPRA. If our practices change, we will update this policy and provide you with a method to opt-out. You can always contact us with questions.

5. Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): You have the right to direct us to limit our use of your SPI to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer. We only collect and use SPI (such as Social Security number, driver's license, financial account information) for purposes permitted by the CCPA/CPRA that do not require offering a right to limit (e.g., to perform services you requested, ensure security, prevent fraud, verify identity).

6. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

7. How to Exercise Your Rights:

You can exercise your CCPA/CPRA rights by contacting us through the following methods:

• Email: ccpa@rffcfinancial.com
• Phone: 855-438-7398
• Mailing Address:
• 2912 W. DAVIS ST. STE 200
• CONROE, TX 77304

We will need to verify your identity before fulfilling your request. We will respond to your request within 45 days of receiving it, unless we notify you that we need more time.

8. Categories of Personal Information Collected:

In the preceding 12 months, we have collected the following categories of personal information, as also described in the "WHAT PERSONAL DATA WE COLLECT" section of our main Privacy Policy:

• Identifiers: Such as name, email address, phone number, mailing address, IP address, Social Security Number, driver's license number, account usernames.
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): Such as name, Social Security number, address, telephone number, driver's license number, bank account number, credit card number (processed by third party), employment information, financial information.
• Protected classification characteristics under California or federal law: Such as date of birth (age).
• Commercial information: Such as records of products or services purchased (account details, payment history), or considered.
• Internet or other electronic network activity information: Such as IP addresses, Session IDs, Device information, Browser information, information regarding a consumer's interaction with an internet website (cookies, browsing history on our Site).
• Geolocation data: Physical location (derived from IP address or mailing address).
• Audio, electronic, visual, thermal, olfactory, or similar information: Records of calls.
• Professional or employment-related information: Such as employer name, job title, income verification.
• Inferences drawn from other personal information: Profile reflecting a person's creditworthiness.
• Sensitive Personal Information: Social Security number, driver's license number, financial account information, precise geolocation (if collected, though current practice is general geolocation from IP/address), racial or ethnic origin (if voluntarily provided and relevant, though not explicitly requested).

9. Sources of Personal Information:

We collect personal information directly from you when you provide it to us (e.g., through our website, applications, communications). We also collect information through automated technologies on our Site and receive personal information from third parties such as credit bureaus, public record sources, and the original sellers/merchants of retail installment contracts.

10. Purposes for Collecting, Selling, or Sharing Personal Information:

We collect and use personal information for the business and commercial purposes described in the "PURPOSES FOR WHICH WE USE THE PERSONAL DATA WE COLLECT" section of our main Privacy Policy. As stated, we do not currently "sell" or "share" personal information as defined by CCPA/CPRA.

11. Disclosure of Personal Information for a Business Purpose:

In the preceding 12 months, we have disclosed the categories of personal information listed in point 8 above for a business purpose to the categories of third parties listed in the "HOW WE SHARE THE PERSONAL DATA WE COLLECT" section of our main Privacy Policy.