LAST REVISED: MAY 7, 2021
The CCPA also includes certain exceptions related to certain information in a business-to-business context, information collected about employees, job applicants, and contractors, and public information lawfully obtained from government records. You can review Figure Lending LLC’s Gramm-Leach-Bliley Act Privacy Notice Opens a new window., and, if you are a user of Figure Pay, the Figure Pay Gramm-Leach-Bliley Act Privacy Notice Opens a new window., for more information on how we share information here Opens a new window..
Under the CCPA, “Personal Information” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. This information is referred to in this Notice as “Personal Data.”
We collect Personal Data in a variety of contexts. For example, we collect Personal Data to provide individual and commercial financial products and services, and for our employment and human resource purposes.
The Personal Data that we collect about a specific California resident will depend on, for example, our relationship or interaction with that individual.
In the past 12 months, we may have collected and disclosed the following categories of Personal Data for business purposes to our third-party service providers, our affiliates and business partners, and regulators/government agencies. We may also continue to collect these categories of Personal Data.
|Categories of Information||Examples|
|Address and other identifiers||Name, postal address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers|
|Characteristics of protected classifications||Age, gender, and marital status|
|Unique and online identifiers||IP address, device IDs, browsing history, search history, and information on consumer’s interaction with a website|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies|
|Internet or other electronic network activity information||Browsing history, search history, settings, and information regarding an individual’s interaction with an internet website, application, or advertisement, device information, including name of device and operating system, cookies and pixel tags, city of login, and other data that your browser automatically sends|
|Audio or video footage or other visual information||Service calls, video recording of notary session, voicemails and other audio recordings, photographs|
|Professional or Employment Information||Employer, years of employment|
|Educational Information||School attended, level of educational attainment, schools attended|
The table includes examples in each category but these examples are not exclusive and may not be applicable to job applicants or employees. In addition, we may draw inferences about you based on the information you provide, such as individual preferences or characteristics, and we may collect and use information as described to you when collecting the information. We may also receive Personal Data that individuals provide to us or store on our systems.
The purposes for which we collect and use Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The table below lists the purposes for which we collect and use Personal Data in different contexts.
|Purposes for Collection and Use||Examples|
|Provide and manage products and services|
|Support our everyday operations, including to meet risk, legal, and compliance requirements|
|Manage, improve, and develop our business(es)|
|Support employment, infrastructure, and human resource management|
The sources from which we collect Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Data in different contexts.
The categories of third parties to whom we disclose Personal Data about a specific individual depend on, among other things, our relationship or interaction with a specific California resident. During the past 12 months, we have disclosed for our business purposes the eleven categories of Personal Data listed above to the following categories of third parties:
California residents have the right to opt out of the sale of their information by businesses that sell Personal Data. The CCPA defines a “sale” as the disclosure of Personal Data for monetary or other valuable consideration. Figure does not offer an opt out from the sale of Personal Data because we do not and have not within at least the last 12 months sold Personal Data that is subject to the CCPA’s sale limitation. The CCPA also requires that we state that we have no actual knowledge that we have sold Personal Data of California residents 15 years of age and younger.
If you are a California resident, you have the right to request that we:
a. The categories of Personal Data Figure has collected about you and the categories of sources from which Figure collected the Personal Data;
b. The business or commercial purpose for collecting Personal Data about you;
c. The categories of third parties to whom Figure disclosed Personal Data about you, and the categories of Personal Data disclosed;
d. The specific pieces of Personal Data Figure collected about you; and
In addition, you have the right to be free from discrimination by a business for exercising your rights under the CCPA.
Privacy and data protection laws, other than the CCPA, apply to the Personal Data that we collect, use, and disclose. When these laws apply, Personal Data may be exempt from, or outside the scope of, Access Requests and Deletion Requests. For example, information subject to certain federal privacy laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability, is exempt from CCPA Requests. As a result, in some instances, we may decline all or part of an Access Request or Deletion Request related to Personal Data exempt from CCPA Requests. This means that we may not provide some or all of this Personal Data when you make an Access Request. Also, we may not delete some or all of this Personal Data when you make a Deletion Request.
There may be some types of Personal Data that can be associated with a household (a group of people living together in a single home). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify each member of the household using the verification criteria explained below. If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request.
Furthermore, we are not required to delete information that is necessary for us to: complete the transaction for which we collected the information; provide you with a good or service you requested; perform a contract Figure entered into with you; detect security incidents; maintain the functionality or security of Figure’s systems; comply with or exercise rights provided by the law; or use the information internally in ways that are comparable with the context in which you provided the information to Figure or that are reasonably aligned with expectations based on your relationship with Figure, among other things. We may also retain information where another exception to the deletion requirements in Cal. Civ. Code § 1798.105(d) applies.
In addition to the above, we may not include Personal Data when we respond to or process Access Requests or Deletion Requests when the CCPA recognizes another exception. For example, we will not provide the Personal Data about another individual where doing so would adversely affect the data privacy rights of that individual. As another example, we will not delete Personal Data when it is necessary to maintain that Personal Data to comply with a legal obligation.
If you are a California resident, you can make an Access Request or a Deletion Request by:
Our responses to such requests will cover the 12-month period preceding our receipt of the request. You will need to submit certain information in order for us to verify your identity or request before we process your request including your name, address, email address, phone number, attestation that you are a California resident and relationship with Figure. You may also designate an agent to submit a request on your behalf.
If you are a California resident, you may authorize an agent to make an access or deletion request on your behalf. A California resident’s authorized agent may make a request on behalf of the California resident by contacting us at the toll-free number or email listed above. As part of our verification process, we may request that you provide, as applicable:
We will respond to requests for access or deletion as soon as practicable and in any event generally not more than within 45 days after receipt of your request. We may extend this period to 90 days in some cases.
Non-Discrimination: If you exercise any of the rights explained in this Privacy Notice, we will continue to treat you fairly. If you exercise your rights under this Privacy Notice, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than other consumers.
Accessibility: We are committed to ensuring that our communications are accessible to individuals with disabilities. Individuals with disabilities can access this policy in alternative formats by contacting us at the address, phone, or email address below. This website is designed to meet content accessibility guidelines. To submit accessibility-related requests or report barriers to accessibility, please contact us by either:
This Privacy Notice only applies to information collected by Figure through our Services. Our Services may contain links to other web sites, apps or online services not operated or controlled by Figure (“Third Party Sites”). The policies and procedures described here do not apply to Third Party Sites. By providing links to Third Party Sites or services we do not imply that we endorse or have reviewed such websites or services. We suggest that you contact those sites directly for information about their data practices and policies and we encourage you to read their privacy policies before providing any information to them.
You use the Services at your own risk. We use reasonable precautions, including technical and administrative measures, to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us in connection with the Services may not be secure. Therefore, you should take special care in deciding what information you send to us.
You may be able to update some of your account information through your App settings.
We reserve the right to amend, alter, or otherwise change this Privacy Notice at our sole and absolute discretion. If we make material changes to this Privacy Notice, we will post notice that the Policy has been updated in the “Last Revised” section of the Policy, and the revised version will be effective when it is posted. For material retroactive changes, we will notify you consistent with the law. Further use of the Services following any such changes constitutes your agreement to follow and to be bound by the amended Privacy Notice, so we encourage you to check for updates.