Home / Privacy Policy
Legal

Privacy Policy

Entity: Petal Card LLCNMLS: #XXXXXXXJurisdiction: Wilmington, DE
Plain-language summary: Petal Card is a direct lender. We collect only the information needed to process and service your loan. We never sell your data to third parties, marketers, or data brokers. We use 256-bit encryption and comply with GLBA. Your information is used by Petal Card and no one else.

1. Overview

Petal Card LLC ("Petal Card," "we," "us," or "our") operates the website petalcard.us and provides direct short-term consumer loans to eligible US residents. This Privacy Policy describes how we collect, use, disclose, and protect your personal and financial information in connection with our services.

As a direct lender, Petal Card is both the entity that collects your information and the entity that makes the lending decision and funds the loan. We do not pass your application or personal data to other lenders. By using petalcard.us or submitting a loan application, you acknowledge this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

CategoryExamplesWhy We Need It
Identity DataFull legal name, date of birth, Social Security NumberIdentity verification, fraud prevention, legal compliance
Contact DataHome address, email, phone numberLoan communication, account management, TILA notices
Financial DataEmployment status, monthly income, bank account routing/account numbersUnderwriting, fund disbursement via ACH, repayment collection
Government IDDriver's license number, state of issuanceIdentity verification per BSA/AML requirements

2.2 Automatically Collected Data

When you visit petalcard.us, our servers and analytics tools automatically record your IP address, browser type and version, device type and operating system, pages visited, time spent on pages, and referring URL. This data is collected in aggregate form and is used to maintain and improve our website.

2.3 Data from Third-Party Sources

We may receive supplemental information from identity verification services, fraud detection databases, and credit reporting agencies (soft inquiry only). This data is used solely for underwriting and fraud prevention purposes.

3. How We Use Your Information

  • Loan origination and servicing โ€” evaluate your application, make a lending decision, disburse funds, and collect repayment
  • Identity and fraud verification โ€” confirm your identity, detect and prevent fraudulent applications
  • Legal and regulatory compliance โ€” TILA disclosures, ECOA adverse action notices, BSA/AML recordkeeping, GLBA data governance
  • Customer service โ€” respond to your questions, process payment arrangements, address complaints
  • Service security and improvement โ€” monitor for unauthorized access, analyze anonymized usage patterns to improve our systems
We do not use your data for targeted advertising, we do not build marketing profiles, and we do not sell your data to any third party for any reason.

4. Information Sharing Policy

Petal Card does not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • Service providers acting on our behalf under strict confidentiality agreements (e.g., ACH processors, cloud infrastructure providers, identity verification vendors)
  • Legal requirements โ€” when required by law, court order, subpoena, or regulatory examination
  • Business transfer โ€” in the event of a merger, acquisition, or sale of substantially all of our assets, subject to the same privacy protections
  • With your explicit written consent โ€” in any other circumstances, we will ask you first

We do not share your information with other lenders, lead buyers, marketing networks, or data aggregators under any circumstances.

5. Data Security

We implement industry-standard technical and organizational security measures including 256-bit SSL/TLS encryption for all data in transit, AES-256 encryption for sensitive fields stored in our databases, strict role-based access controls limiting data access to personnel with a specific operational need, multi-factor authentication for all internal systems, regular third-party security assessments, and a documented incident response plan compliant with state data breach notification laws.

No data transmission over the internet or electronic storage system is 100% secure. However, we make every commercially reasonable effort to protect your information.

6. Data Retention

  • Loan records, financial data, signed agreements: minimum 5 years (federal financial recordkeeping and state lending law requirements)
  • Identity verification records: minimum 5 years (Bank Secrecy Act / AML compliance)
  • Customer service communications: 3 years
  • Declined applications: up to 25 months (ECOA adverse action notice requirements)
  • Website analytics: 24 months (anonymized)

7. Your Rights

You have the right to request access to the personal information we hold about you, to request correction of inaccurate information, and to request deletion of your data subject to our legal retention obligations. California residents have additional rights under the California Consumer Privacy Act (CCPA).

To submit a data request: email privacy@petalcard.us or call +1 (877) 444-0288. We respond within 30 calendar days.

8. Cookies & Tracking

We use essential session cookies required for our website to function, functional cookies to remember your preferences, and anonymized analytics cookies to understand aggregate website traffic. We do not use advertising cookies, third-party retargeting pixels, or cross-site tracking technologies. You can control cookie settings through your browser preferences.

9. Children's Privacy

Our services are available only to individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted information to us, please contact privacy@petalcard.us and we will delete the data promptly.

10. FCRA Notice

Petal Card may obtain consumer report information from consumer reporting agencies in connection with your loan application. We perform a soft inquiry only, which does not affect your credit score and is not visible to other lenders reviewing your credit report.

If we take an adverse action (such as denying your application) based wholly or partly on information in a consumer report, we will provide you with an Adverse Action Notice as required by the Fair Credit Reporting Act (FCRA), which will identify the consumer reporting agency used and explain your right to obtain a free copy of your report.

For a full description of your FCRA rights, visit the Consumer Financial Protection Bureau at consumerfinance.gov or the FTC at ftc.gov.

11. GLBA Privacy Notice

As a licensed lender, Petal Card is subject to the Gramm-Leach-Bliley Act (GLBA), which requires us to provide you with notice of how we share your financial information.

Reason We May ShareDoes Petal Card Share?Can You Limit?
For our everyday business purposes (process transactions, maintain accounts)YesNo
For our marketing purposesNoN/A
For joint marketing with other financial companiesNoN/A
For affiliates to market to youNoN/A
For non-affiliates to market to youNoN/A

12. Changes to This Policy

We review and update this Privacy Policy when our data practices change. Material changes will be communicated via a prominent notice on petalcard.us. The most current version of this policy is always available at petalcard.us/privacy-policy. Continued use of our services after an update constitutes acceptance of the revised policy.

13. Contact Our Privacy Team

For unresolved privacy concerns, you may also contact the Consumer Financial Protection Bureau at consumerfinance.gov or 1-855-411-2372.