Privacy Policy

Effective Date: April 14, 2026
Last Updated: May 8, 2026 (security additions)

1. Introduction

This Privacy Policy explains how Commera LLC ("Commera," "we," "us," or "our"), collects, uses, shares, and protects information about you when you visit commerafunding.com (the "Site"), apply for commercial financing through us, or otherwise interact with our services (collectively, the "Services").

Commera is a commercial financing broker. We connect business owners with funding partners ("Funding Partners") who provide commercial financing products, including merchant cash advances, revenue-based financing, term loans, and lines of credit. We are not a lender, bank, or financial institution.

By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

State availability notice: Commera currently accepts applications only from businesses located in certain states. See our State Availability page for the current list.

2. Information We Collect

2.1 Information You Provide

When you apply for financing or contact us, you may provide:

• Contact Information: Full name, email address, phone number, business name, business address
• Identity Information: Date of birth (for business principals), Social Security Number or ITIN, Employer Identification Number (EIN), and driver's license or other government ID (required during funding)
• Business and Financial Information: Business bank account information and statements, monthly and annual revenue, industry, time in business, ownership structure, tax returns, credit card processing statements, and outstanding debts
• Communications: The content of emails, text messages, phone calls, and other communications

2.2 Information Collected Automatically

When you visit the Site, we and our service providers may automatically collect:

• Device and Usage Data: IP address, browser type, operating system, device type, referring website, pages viewed, and dates/times of visits
• Cookies and Similar Technologies: Session cookies, persistent cookies, and web beacons
• Approximate Location: Based on IP address (used to confirm your state for availability)

2.3 Information From Third Parties

We may receive information about you from:

• Credit Bureaus and Data Providers: Soft-inquiry credit reports (which do not affect your credit score) and business credit reports
• Funding Partners: Application status updates, offer terms, and funding decisions
• Lead Generation Partners: Contact information when you have submitted an inquiry through a partner site with your prior consent
• Public Sources: Business registries, UCC filings, and Secretary of State records

3. How We Use Your Information

We use your information to:

• Process your application and match you with Funding Partners
• Communicate with you about your application, offers, and funding
• Verify your identity and prevent fraud
• Conduct soft-inquiry credit checks
• Respond to your inquiries and provide customer support
• Send you marketing communications (when you have consented)
• Improve our Services
• Comply with applicable laws and enforce our Terms of Service

4. How We Share Your Information

We do not sell your personal information. We share information only as described below.

4.1 Funding Partners

We share your application information with Funding Partners in our network so they can evaluate your business and make financing offers. We select Funding Partners based on your business profile to minimize the number who receive your information.

4.2 Service Providers

We share information with vendors who perform services on our behalf, including:

• Cloud hosting and data storage
• Customer relationship management (CRM) platforms
• Bank statement analysis and underwriting technology
• Phone, SMS, and email communication platforms
• Electronic signature providers
• Fraud prevention and identity verification services

These service providers are contractually required to use your information only for the services they perform for us.

4.3 Legal and Safety

We may share information when necessary to comply with law, court orders, subpoenas, or government requests; to enforce our Terms of Service; or to protect the rights, property, or safety of Commera, our users, or others.

4.4 Business Transfers

If Commera is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.5 With Your Consent

We may share your information with other parties when you have given us your consent.

4.6 Federal Privacy Notice (GLBA)

As a commercial financing broker, Commera is a "financial institution" under the federal Gramm-Leach-Bliley Act ("GLBA"). GLBA requires us to explain how we collect, share, and protect your nonpublic personal information ("NPI").

Categories of NPI we collect: identifying information (name, address, phone, email), Social Security or tax ID numbers, business and financial information (revenue, bank account information, credit history, time in business), and information about your transactions with us.

Categories of parties with whom we share NPI: our Funding Partners (to evaluate your application and present financing offers), our service providers acting on our behalf under contract, and parties to whom disclosure is required by law or to prevent fraud. We do not sell your NPI to anyone for their independent marketing purposes.

Your opt-out rights:

• You may opt out of our sharing your NPI with nonaffiliated third parties for those parties' own independent marketing purposes. Note: this opt-out does not apply to sharing with Funding Partners for the purpose of evaluating your application, because that sharing is necessary to deliver the service you requested.
• Under federal law you may also opt out of certain affiliate sharing for marketing purposes; Commera does not currently engage in such affiliate sharing.

Vermont residents: Vermont law requires us to obtain your affirmative opt-in consent before sharing your NPI with any nonaffiliated third party, including our Funding Partners. If you are a Vermont resident, we will obtain your specific written consent at the time you apply, and your application will not be shared with Funding Partners until that consent is recorded.

To exercise opt-out rights: email contact@commerafunding.com with "GLBA Opt-Out" in the subject. We will process opt-out requests within 30 days as required by federal law. Opting out does not affect sharing strictly necessary to complete a transaction you have already authorized.

5. Phone Calls and Text Messages (TCPA)

When you apply for financing or submit an inquiry, you may consent to receive autodialed calls, prerecorded messages, and text messages from Commera and our Funding Partners at the phone number you provide. Your consent is not required as a condition of applying for or receiving financing. Standard message and data rates apply. Message frequency varies.

To stop text messages: reply STOP to any text. For help, reply HELP.

To stop calls: tell any caller you wish to be added to our internal Do-Not-Call list, or email contact@commerafunding.com with "DNC Request" in the subject.

Opting out of marketing communications does not stop transactional communications about your application.

6. Your Privacy Rights

We offer the following rights to all applicants, regardless of state:

• Access — Request a copy of the personal information we hold about you
• Correction — Request that we correct inaccurate information
• Deletion — Request that we delete your information, subject to legal exceptions
• Opt-Out of Marketing — Request that we stop sending marketing communications

To exercise any of these rights, email contact@commerafunding.com with "Privacy Request" in the subject and describe what you're asking for. We will verify your identity before responding and will respond within a reasonable time, generally within 30–45 days. Note: requests to stop receiving calls or text messages (TCPA opt-outs) are processed within 10 business days.

7. State Privacy Laws

Several states grant additional privacy rights to their residents. The rights below supplement the general rights in Section 6. To exercise any of them, email contact@commerafunding.com with the relevant state name and request type in the subject. We verify identity before responding and will respond within the timeframe required by your state's law (generally 45 days, extendable once by 45 days when reasonably necessary).

7.1 California (CCPA / CPRA)

California residents have the right to: know the specific categories of personal information ("PI") we have collected, used, disclosed, and sold or shared in the past 12 months; access a copy of that PI; correct inaccurate PI; delete PI (subject to financial-services exceptions under Cal. Civ. Code § 1798.145); limit the use of "sensitive personal information"; opt out of any sale or sharing of PI; and not be discriminated against for exercising these rights. You may designate an authorized agent to act on your behalf.

Categories of PI collected in the past 12 months: identifiers (name, email, phone, IP), Social Security or tax ID numbers, commercial information (application data), financial information (bank statements, revenue), internet/network activity (cookies, page views), inferences drawn from the above.

Categories of sources: directly from you, from credit bureaus and data providers, from public business registries.

Business purpose for collection: evaluating financing applications, fraud prevention, communications, legal compliance.

Categories of recipients: Funding Partners (nonaffiliated third parties), service providers, parties to whom disclosure is required by law.

Sale/sharing of PI: we do not sell PI to anyone for their independent marketing purposes. Under CCPA, sharing with Funding Partners to evaluate your application is a "business purpose" disclosure, not a sale. To opt out of any sharing classified as a sale, use our Do Not Sell or Share My Personal Information form.

7.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA)

Residents of these states have the right to: confirm whether we process their personal data; access a copy; correct inaccuracies; delete personal data; obtain a portable copy; and opt out of certain processing (sale, targeted advertising, profiling that produces legal or similarly significant effects).

Right to appeal: if we deny your request, you may appeal by replying to our denial email within 30 days. We will respond to the appeal within 60 days. If your appeal is denied and you remain dissatisfied, you may contact your state Attorney General to submit a complaint.

7.3 Vermont

Vermont law (8 V.S.A. § 10204) requires affirmative opt-in consent before a financial institution may share nonpublic personal information with any nonaffiliated third party. See Section 4.6 above for how we obtain that consent. Vermont residents who have already opted in may revoke consent at any time by emailing contact@commerafunding.com.

7.4 Other states

Several additional state privacy laws are scheduled to take effect (including in Iowa, Tennessee, Indiana, Montana, Oregon, and Delaware). As they do, we will update this Section. In the meantime, residents of any U.S. state may exercise the general rights described in Section 6.

8. Cookies and Tracking Technologies

We currently use only the following category of cookies:

• Strictly Necessary: Required for the Site to function (session continuity, security, form submission). These cannot be disabled without breaking core functionality.

We do not currently run third-party analytics, advertising, or marketing cookies. If we add any non-essential cookies in the future (for example, analytics), we will update this Policy and provide an in-page consent mechanism before any such cookies are set.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect Site functionality.

9. Data Security

We use commercially reasonable safeguards to protect your information, including:

• Encryption in transit: all traffic between your browser and our site, and between our application and our service providers, uses TLS 1.2 or higher. HSTS is enforced at the platform edge.
• Encryption at rest: applicant data resides only inside our managed third-party services (named below), each of which encrypts data at rest using AES-256 or equivalent with provider-managed keys. We do not maintain a self-hosted database.
• Access controls: production access is limited to personnel with a documented business need and requires multi-factor authentication. Credentials are never committed to source control.
• Application-layer protections: rate limiting on all submission endpoints, server-side input validation and length limits, TCPA/Vermont consent timestamps, and no third-party advertising or tracking scripts.
• Regular review: we review security practices, dependencies, and provider attestations on an ongoing basis.

9.1 Subprocessors (named)

The following third-party services may process applicant personal information on our behalf. Each is bound by a written agreement requiring confidentiality and use only for the services they perform for us:

• Vercel (hosting, edge network, function execution, log retention) — SOC 2 Type 2 attested.
• Upstash (Redis-compatible rate-limit counters; stores IP-derived keys with 1-hour TTL, no other applicant PII) — SOC 2 Type 2 attested.
• Zoho CRM (lead/applicant record system; full applicant PII) — SOC 2 Type 2 and ISO/IEC 27001 attested.
• Resend (transactional email delivery; applicant name + email + summary) — SOC 2 Type 2 attested.
• Termly (cookie consent UI; does not receive applicant form data).

We will update this list before adding any new subprocessor that processes applicant personal information. The current list is also published on our Security page.

9.2 Breach Notification

If we confirm an unauthorized access event affecting your personal information, we will notify you and the applicable state regulators within the timeframe required by law and, in any event, no later than 72 hours after confirmation where practicable. The notice will describe the categories of information affected, what we have done to contain the incident, and steps you can take to protect yourself.

9.3 Reporting a Vulnerability

Security researchers and applicants who discover a vulnerability should email contact@commerafunding.com with "Security Disclosure" in the subject. See our Security page for scope and process. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention is 7 years from your most recent application or transaction.

11. Children's Privacy

Our Services are directed to business owners and are not intended for individuals under 18. We do not knowingly collect personal information from children under 13.

12. Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites.

13. Managing Your Cookie and Privacy Preferences

You have the right to manage your cookie preferences and privacy settings at any time. Under GDPR and other privacy regulations, you can change your consent choices even after you've already given them.

To update your cookie preferences and manage your consent settings:

Click here to open your Consent Preferences Center

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated Policy on this page and update the "Last Updated" date above.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Commera LLC
Attention: Privacy Officer
5830 E 2nd St
Casper, WY 82609
Email: contact@commerafunding.com
Phone: +1 (888) 451-5255

This Privacy Policy reflects Commera's practices as a Wyoming-based commercial financing broker accepting applications from specific U.S. states. It will be updated as our operations expand. This is not legal advice.