Privacy Policy

This Privacy Policy explains how Gate Rock Capital collects, uses, shares, and protects information in connection with our website, merchant cash advance products, and related services (collectively, the “Services”).

Effective as of: 01/06/2025
Last updated: 12/01/2025

1. Overview & Scope

Gate Rock Capital (“Gate Rock,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy explains how we collect, use, share, and safeguard information about you and your business when you visit or use our website, mobile experiences, and Services (collectively, the “Site”).

By accessing or using the Site or Services, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, processing, and sharing of information as described here. If you do not agree to this Privacy Policy, you may not access or use the Site or Services.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where required by law, provide additional notice. Your continued use of the Site or Services after any changes are posted constitutes your acceptance of the revised Privacy Policy.

2. Categories of Information We Collect

For purposes of this Privacy Policy, “Personal Information” means information that identifies, relates to, describes, or can reasonably be associated with a particular individual or household, and that we maintain in an accessible form. When you seek our Services on behalf of your business, we may collect Personal Information about you, the business, and other related parties.

2.1 Account, Business & Contact Details

  • Name, business name, and job title;
  • Email address, phone number, and mailing or physical address;
  • Business profile information such as industry, size, time in business, and ownership structure.

2.2 Application & Financial Information

When you apply for a merchant cash advance or related products, we may collect:

  • Business and owner addresses and other identifying details;
  • Personal identifiers such as date of birth and, where required for identity verification and underwriting, Social Security number or other government identifiers;
  • Tax identification numbers;
  • Financial data including bank account details, bank statements, card processing statements, average balances, revenue and expense information, and payment history;
  • Personal and business credit history, where permitted by law;
  • Ownership and management information, including beneficial ownership details where required under applicable regulations.

2.3 Communications & Feedback

We may collect information contained in:

  • Emails, phone calls, text messages, chat messages, and web forms you use to contact us;
  • Documents and files you choose to upload or send to us;
  • Feedback such as reviews, survey responses, testimonials, and suggestions about our Services.

2.4 Technical & Usage Information

When you interact with the Site, we and our service providers may automatically collect:

  • Usage information, such as pages viewed, features used, time spent on pages, referring / exit pages, search terms, and clickstream data;
  • Device information, such as IP address, device ID, browser type and version, operating system, hardware model, and language settings;
  • Mobile information, such as device type, operating system, and mobile network;
  • Approximate location, such as city and region derived from IP address or similar signals.

3. Where We Obtain Information

We collect Personal Information directly from you, automatically through your use of the Site, and from third-party sources, including:

  • Credit reporting agencies and bureaus – to obtain business and, where permitted and with any required consent, personal credit reports, scores, and related information;
  • Identity verification and fraud prevention services – to confirm identity, detect suspicious activity, and reduce fraud;
  • Bank data aggregators (such as Plaid) – where you authorize us, we use Plaid Inc. (“Plaid”) to help you connect your financial institution account(s) and to securely access and retrieve information such as account details, balances, and transaction history for underwriting, verification, and servicing purposes;
  • Payment processors and point-of-sale providers – for processing history, chargeback information, and settlement activity;
  • Public and governmental sources – including corporate registries, business licenses, and public records.
  • Identity verification and fraud prevention services – to confirm identity, authenticate government-issued identification documents, perform liveness and selfie checks where applicable, detect suspicious or fraudulent activity, and manage risk. These providers may collect and process information such as identification document data (e.g., name, date of birth, document number and expiration date), images of identification documents, and biometric information (such as facial images or face geometry derived from images) on our behalf, subject to contractual restrictions and applicable law. We use this information for identity verification, fraud prevention, underwriting, and compliance with applicable laws.

4. How We Use Information

We use Personal Information for business and commercial purposes in connection with operating, improving, and protecting our Site and Services, including to:

  • Provide, structure, underwrite, fund, and service merchant cash advances and related products;
  • Verify identity, conduct due diligence, and assess creditworthiness and risk;
  • Create and manage user accounts and maintain our relationship with you and your business;
  • Communicate with you about applications, account status, payments, renewals, and support;
  • Analyze usage of the Site and Services, troubleshoot issues, and improve performance and design;
  • Personalize content, offers, and marketing communications (where permitted by law);
  • Monitor and protect the security and integrity of our systems, reduce fraud, and manage risk;
  • Conduct internal research, reporting, and analytics to understand trends and improve operations;
  • Comply with legal, regulatory, tax, and reporting obligations (including KYC, KYB, and AML);
  • Enforce our agreements and protect our rights, property, and the safety of Gate Rock, our customers, and others;
  • Generate aggregated or de-identified data sets that do not identify individuals or businesses, which we may use for our own purposes or share with partners;
  • Fulfill any other purpose disclosed to you at the time of collection, or with your consent where required by applicable law.

5. Data Sharing & Disclosure

We may share Personal Information as described below. We do not sell Personal Information in the traditional sense (exchanging your name or contact information for money). Certain uses of cookies and advertising tools may be considered a “sale” or “sharing” under some privacy laws; see Section 12 for details.

  • Affiliates – we may share information with our current and future affiliates and controlled entities for purposes consistent with this Privacy Policy.
  • Service providers – third parties who perform services on our behalf, such as data hosting, cloud infrastructure, analytics, identity verification, fraud prevention, communications, marketing support, and customer support.
  • Advertising and analytics providers – companies that help us deliver and measure ads and understand how users interact with our Site and marketing.
  • Regulators and governmental authorities – when required to comply with law, regulation, legal process, or governmental requests, or to protect rights and safety.
  • Professional advisors – such as auditors, legal counsel, and consultants, where necessary in the course of the professional services they provide to us.
  • Business transaction counterparties – in connection with, or during negotiations for, a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar event, in which your information may be transferred as part of the transaction.
  • With your direction or consent – when you ask us to share information with a third party, or when we otherwise notify you and you consent.

Plaid. We use Plaid Inc. (“Plaid”) as a service provider to help you connect your financial institution account(s) to our Services. When you choose to connect your account(s) through Plaid, Plaid may collect and process information from and about you and your financial institution account(s) in accordance with Plaid’s End User Privacy Policy. Please review Plaid Privacy Policy to understand how Plaid collects and uses your information.

Sharing excludes text messaging originator opt-in data and consent; this information is not shared with third parties for their own marketing purposes.

6. Cookies & Online Tracking

We use cookies, pixels, web beacons, and similar technologies (“Cookies”) to operate, secure, and improve the Site and Services.

We use Cookies to, for example:

  • Remember your preferences and settings for future visits;
  • Maintain and secure your session when you are logged in;
  • Understand traffic patterns and on-site behavior;
  • Measure the effectiveness of marketing campaigns;
  • Deliver and measure relevant advertising; and
  • Compile statistics to improve the Site and Services.

Some Cookies are set directly by us; others may be set by third-party service providers, including analytics and advertising partners. These third parties may collect data over time and across different sites and services.

6.1 Managing Cookies

You can control certain Cookies by adjusting your browser settings (e.g., to block or delete cookies). If you disable Cookies, some features of the Site may not function properly.

Many third-party analytics and advertising providers also offer individual opt-out mechanisms. You can learn more through industry resources such as the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).

6.2 Analytics & Behavioral Tools

We may use analytics providers (such as Google Analytics) and session-level tools to monitor usage and improve user experience. These tools may collect information such as your IP address, device type, browser, and interactions with the Site. We use this information to understand how the Site is used and to address performance, security, and usability.

7. Your Privacy Choices & Controls

7.1 Accessing & Updating Your Information

If you maintain an account with us, you may be able to access and update certain account information directly through the Site. You can also contact us using the details in Section 14 to request access to or correction of certain Personal Information, subject to applicable law.

7.2 Marketing Preferences

We may send you marketing emails or other promotional communications where permitted by law. You can opt out of marketing emails at any time by using the unsubscribe link in those emails or by contacting us. Even if you opt out of marketing communications, we may still send you non-promotional messages such as service or account notices.

7.3 Testimonials, Blogs & Forums

We may display customer testimonials, reviews, or similar content on the Site. With your consent, we may include your name or business name. To update or remove a testimonial, please contact us. If the Site includes blogs or forums, any information you submit there may be publicly available.

7.4 Revoking Plaid Access

If you previously connected your financial institution account(s) through Plaid, you may revoke Gate Rock Capital’s access to those account(s) at any time by contacting us using the information in Section 14. Depending on your financial institution, you may also be able to revoke access through your financial institution’s settings or Plaid’s tools. Revoking access will not affect any information that was collected prior to revocation, and we may retain such information as described in this Privacy Policy and as permitted by applicable law.

8. Security & Data Retention

We maintain administrative, technical, and physical safeguards designed to help protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or misuse. These measures may include encryption, access controls, monitoring, and periodic assessments.

No security safeguards are perfect, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for limiting access to your devices and accounts.

We retain Personal Information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including providing Services, managing our business, and satisfying legal, regulatory, and accounting requirements. Retention periods may vary based on the type of data and the context in which it was collected.

9. Third-Party Websites & Services

The Site may contain links to third-party websites, applications, or services that are not owned or controlled by Gate Rock. We provide these links as a convenience and do not endorse or control the content, security, or privacy practices of those third parties.

This Privacy Policy applies only to information collected by Gate Rock in connection with our Site and Services. We encourage you to review the privacy policies of any third-party websites or services that you visit.

10. Children’s Privacy (Under 16)

Our Site and Services are not directed to, and we do not knowingly solicit or collect Personal Information from, individuals under the age of 16. If you are under 16 years old, you may not use the Site or Services or provide any Personal Information to us.

If we become aware that we have collected Personal Information from an individual under the age of 16 without appropriate consent or authorization, we will take reasonable steps to delete such information and, where applicable, terminate related access or accounts.

If you believe that a person under the age of 16 has provided Personal Information to Gate Rock, please contact us using the details in Section 14 so that we can investigate and take appropriate action.

11. International & Regional Notices

Our Services are primarily intended for businesses located in the United States. If you access the Site or Services from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States or other jurisdictions that may have data protection laws different from those in your country of residence.

We will take appropriate steps to protect Personal Information in accordance with this Privacy Policy and applicable laws, but some rights and obligations described herein may not be available to you depending on your jurisdiction.

12. State-Specific Privacy Rights

Certain U.S. states provide additional privacy rights to their residents. This section summarizes key rights for Nevada and California residents. If other state-specific privacy laws apply to you, you may have similar rights, and we will honor them as required by law.

12.1 Nevada Residents

Nevada law allows certain Nevada consumers to opt out of the sale of covered information. At this time, Gate Rock does not sell Personal Information as “sale” is defined under Nevada law. If you are a Nevada resident and would like to register an opt-out preference for future changes, you may contact us using the information in Section 14.

12.2 California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), may provide you with additional rights regarding your Personal Information. Subject to certain exceptions, you may have the right to:

  • Know and access the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share Personal Information;
  • Request deletion of Personal Information we collected from you, subject to exceptions (for example, where we must retain information to comply with law or complete transactions);
  • Request correction of inaccurate Personal Information that we maintain about you;
  • Opt out of “sale” or “sharing” of Personal Information where our data practices are considered a sale or sharing under California law (for example, certain advertising-related activities);
  • Limit the use and disclosure of sensitive Personal Information if we use such information beyond certain permitted purposes; and
  • Be free from discrimination for exercising your CCPA rights.

To exercise your California privacy rights, you may contact us using the information in Section 14 and specify the nature of your request (for example, “CCPA request to know,” “CCPA request to delete,” or “CCPA request to opt out”). We will take reasonable steps to verify your identity before responding, which may include matching information you provide with information we maintain.

Where applicable, we will also recognize certain browser-based opt-out preference signals, such as the Global Privacy Control (GPC), in accordance with California law. We do not knowingly sell or share the Personal Information of consumers under 16 years of age.

13. Updates to This Privacy Notice

We may revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the “Last updated” date at the top of this page. In some cases, we may provide additional notice (such as a banner or email) for significant changes as required by law.

We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

14. How to Contact Gate Rock

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@gaterockcapital.com
Phone: +1 (888) 397-8472
Mailing address: Gate Rock Capital, 211 E 43rd St, 7th Flr #384, New York, NY 10017