Privacy Policy

Aloha and Welcome


This Privacy Policy ("Policy") discloses the privacy practices for Hawaii Merchant Funding, LLC ("HMF," "we," "us," or "our") and applies to information collected through our website www.hmfhawaii.com, our mobile applications, and all related services (collectively, the "Platform"). This Policy complies with Hawaii Revised Statutes Chapter 487N (Security Breach of Personal Information Act), the Hawaii Consumer Data Protection Act, and all applicable federal and state privacy laws.

We respect your privacy and are committed to protecting your personal information with the same care and Aloha spirit that guides all our business relationships. This Policy is subject to and incorporates by reference our Terms of Use. Your use of our Platform and provision of Personal Information constitutes acceptance of this Policy.


Table of Contents

1. Definitions


2. Types of Information We Collect


3. Legal Basis and Purpose of Collection


4. Information Sharing and Disclosure


5. Data Security


6. Your Privacy Rights


7. Cookies and Tracking


8. Data Retention


9. Children's Privacy


10. Marketing and Communications


11. California Privacy Rights


12. Hawaii-Specific Provisions


13. Third-Party Links


14. International Users


15. Changes to This Policy


16. Contact Information


17. Accessibility


18. Severability


19. Governing Law


20. Mahalo



1. Definitions

For purposes of this Policy:


• "Personal Information" means an individual's first name or first initial and last name

in combination with any one or more of the following data elements: (1) Social security

number; (2) Driver's license number or Hawaii identification card number; (3) Account

number, credit or debit card number, access code, or password that would permit

access to an individual's financial account; (4) Unique biometric data; or (5) Other

information as defined under Hawaii law.


• "Sensitive Data" means data revealing racial or ethnic origin, religious beliefs, mental

or physical health diagnosis, sexual orientation, or citizenship or immigration status.


• "Processing" means any operation performed on personal information.



2. Types of Information We Collect

2.1 Information You Provide Directly


Business Application Information:


Business name, DBA, EIN, and business license numbers


Owner/principal information (name, SSN, DOB, driver's license)


Business physical and mailing addresses


Business bank account and routing numbers


Monthly revenue, time in business, industry type


Business tax returns and financial statements


Account Registration:


Name, email address, phone numbers


Username and secure password


Business role and authorization documentation


Communication preferences


Security questions and answers


Service Enrollment:


Merchant cash advance preferences


AI-powered analytics selections


Virtual CFO service requirements


Business consulting needs


Technology integration preferences


2.2 Information Collected Automatically


Technical Information:


IP address and device identifiers


Browser type, operating system, device type


Access dates, times, and duration


Pages visited and features used


Referral sources and exit pages


Geolocation data (only with explicit consent)


Business Intelligence Data (via AI Systems):


Daily transaction volumes and patterns


Seasonal business trends and cycles


Cash flow patterns and projections


Industry-specific performance metrics


Merchant category code (MCC) data


2.3 Information from Third Parties


We may receive information from:


Financial Institutions: Via Plaid for bank account verification and transaction

data


Credit Bureaus: Experian, Equifax, TransUnion for credit reports


Public Records: Hawaii DCCA, tax records, UCC filings


Payment Processors: Transaction and sales data


AI Systems Provider: Processed insights and risk assessments


Referral Partners: Basic business contact information



3. Legal Basis and Purpose of Collection

3.1 Legal Basis for Processing


We process your information based on:


Consent: For marketing communications and optional services


Contract Performance: To provide funding and related services


Legal Obligations: To comply with BSA/AML requirements, tax laws


Legitimate Interests: For fraud prevention, security, and service improvement


3.2 How We Use Your Information


Core Business Purposes:


Evaluate merchant cash advance applications


Perform underwriting and risk assessment


Process funding disbursements


Monitor and collect daily remittances via ACH


Provide customer support and account management


Comply with legal and regulatory requirements


Technology Services:


Generate AI-powered business insights


Create automated financial reports


Provide predictive analytics and alerts


Deliver virtual CFO recommendations


Optimize cash flow management strategies


Security and Compliance:


Verify identity and prevent fraud


Conduct BSA/AML screening (OFAC checks)


Monitor for suspicious activities


Maintain transaction records (7 years per federal law)


Respond to legal process and regulatory inquiries


Communications:


Send funding decisions and account updates


Provide service notifications and alerts


Share educational content and best practices


Deliver security alerts and breach notifications


Respond to customer inquiries



4. Information Sharing and Disclosure

4.1 Service Providers


We share information with carefully selected service providers who assist us:


Technology Partners:


AI and automation systems provider


Plaid (bank verification) - SOC 2 certified


DocuSign (e-signatures) - ISO 27001 certified


Cloud hosting provider - FedRAMP authorized


Communication services provider


Financial Partners:


Central Pacific Bank, First Hawaiian Bank, Bank of Hawaii (ACH processing)


Payment processing services - PCI DSS Level 1


Credit bureaus for underwriting


Professional Services:


Legal counsel


Independent auditors


Marketing partners (anonymized data only)


4.2 Legal Disclosures


We may disclose information when:


Required by subpoena, court order, or legal process


Necessary to comply with Hawaii state or federal law


Required to investigate or prevent fraud


Needed to protect rights, property, or safety


Necessary for law enforcement cooperation


4.3 Business Transfers


In the event of merger, acquisition, reorganization, or asset sale:


We will notify you before your information is transferred


The acquiring entity must honor this Privacy Policy


You may opt out of the transfer where legally permitted


4.4 No Sale of Personal Information


We do not and will not sell your personal information to third parties. We do not

share your information for cross-context behavioral advertising.



5. Data Security


5.1 Technical Safeguards


We implement industry-standard security measures:


Encryption: 256-bit SSL for transmission, AES-256 for storage


Access Controls: Role-based permissions, multi-factor authentication


Monitoring: 24/7 security monitoring, intrusion detection


Infrastructure: SOC 2 Type II compliant data centers


Backups: Daily encrypted backups, geographic redundancy


5.2 Administrative Safeguards


Background checks for all employees


Annual security training requirements


Confidentiality agreements for all staff


Principle of least privilege access


Regular security audits and assessments


5.3 Breach Response


In accordance with HRS §487N-2, if a security breach occurs:


We will notify you without unreasonable delay


Notice will include nature of breach and steps to take


We will provide credit monitoring if SSN compromised


We will notify Hawaii Office of Consumer Protection


We maintain cyber liability insurance coverage



6. Your Privacy Rights

6.1 Rights Under Hawaii Law


Hawaii residents have the right to:


Access: Obtain copies of your personal information


Correction: Request correction of inaccurate information


Deletion: Request deletion (subject to legal retention requirements)


Opt-Out: Opt out of sale/sharing (we don't sell data)


Portability: Receive data in portable format


Non-Discrimination: Not face retaliation for exercising rights


6.2 Exercising Your Rights


To exercise your rights:


Online: Privacy portal at www.hmfhawaii.com/privacy-rights


Email: privacy@hmfhawaii.com


Phone: (808) 555-FUND (3863)


Mail: Privacy Office, 1388 Bishop Street, Suite 1010, Honolulu, HI 96813


Verification Process:


We will verify your identity before processing requests


May require government ID and account information


Authorized agents must provide written authorization


We will respond within 30 days (45 days for complex requests)


6.3 Appeal Process


If we deny your request:


We will explain the reason for denial


You may appeal to our Data Protection Officer


Appeals resolved within 30 days


You may file complaint with Hawaii OCP



7. Cookies and Tracking

7.1 Types of Cookies We Use


Essential Cookies:


Session management and security


User authentication


Feature functionality


Cannot be disabled


Analytics Cookies:


Google Analytics (anonymized IP)


Usage patterns and performance


User experience optimization


Can be disabled via browser


Marketing Cookies:


Used only with explicit consent


Preference remembering


Relevant content delivery


Full opt-out available


7.2 Managing Cookies


Browser settings control most cookies


"Do Not Track" signals honored


Cookie-free access available on request


See www.hmfhawaii.com/cookie-policy for details



8. Data Retention

We retain information according to legal and business requirements:


Data Type Retention Period Legal Basis


Funding Records 7 years IRS requirements


Transaction Data 7 years BSA/AML


regulations


Account


Information


Duration of relationship + 7


years Business records


Marketing Data Until opt-out or 3 years inactive Legitimate interest


Security Logs 1 year Security purposes


Cookies Session or up to 1 year Per cookie policy


Deletion performed securely using DoD 5220.22-M standards.



9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect

information from minors. If we discover collection from someone under 18, we will

promptly delete the information and terminate any account.



10. Marketing and Communications

10.1 Marketing Preferences


We will only send marketing with your consent:


Opt-in required for marketing emails


SMS marketing requires explicit consent


Recorded calls require prior consent


10.2 Opt-Out Methods


Click "unsubscribe" in any marketing email


Text STOP to any SMS message


Call (808) 555-FUND


Email optout@hmfhawaii.com


Update preferences at www.hmfhawaii.com/preferences


10.3 Essential Communications


You cannot opt out of:


Funding agreements and changes


Security alerts and breach notices


Payment confirmations


Legal notices


Account verification



11. California Privacy Rights

California residents have additional rights under CCPA/CPRA:


Right to know categories and specific pieces of information


Right to delete (with exceptions)


Right to opt-out of sale (we don't sell)


Right to non-discrimination


Right to limit use of sensitive information


See our California Privacy Notice at www.hmfhawaii.com/privacy-ca



12. Hawaii-Specific Provisions


12.1 Compliance with Hawaii Law


We comply with:


HRS Chapter 487N (Security Breach Act)


Hawaii Consumer Data Protection Act


Hawaii Consumer Protection Act (HRS §480)


Hawaii Electronic Communications Privacy Act (HRS §803)


Office of Consumer Protection regulations


12.2 Special Protections


Social Security numbers encrypted and access restricted


Biometric data requires explicit written consent


Native Hawaiian cultural values respected in all practices


Local data residency available upon request



13. Third-Party Links

Our Platform may contain links to third-party websites. We are not responsible for their

privacy practices. We encourage you to read their privacy policies before providing

information.




14. International Users

Our Platform operates from Hawaii, USA. By using our services from outside the United

States, you consent to transfer and processing of your information in the United States,

which may have different privacy protections than your jurisdiction.



15. Changes to this Policy

We may update this Policy to reflect changes in law or our practices:


Material changes notified 30 days in advance


Email notice to registered users


Banner notification on Platform


Continued use constitutes acceptance



16. Contact Information


Hawaii Merchant Funding, LLC


Privacy Office


1388 Bishop Street, Suite 1010


Honolulu, HI 96813


General Privacy Inquiries:


Phone: (808) 555-FUND (3863)


Email: privacy@hmfhawaii.com


Hours: Monday-Friday, 8:00 AM - 8:00 PM HST


Data Protection Officer:


Email: dpo@hmfhawaii.com


Phone: (808) 555-3864


Regulatory Complaints:


Hawaii Office of Consumer Protection


Phone: (808) 586-2630


Website: cca.hawaii.gov/ocp



17. Accessibility


This Policy is available in alternative formats:


Large print version


Audio version


Hawaiian language version (upon request)


Screen reader compatible HTML


Contact accessibility@hmfhawaii.com for assistance.



18. Severability


If any provision of this Policy is found unenforceable, the remaining provisions will

continue in full force and effect.



19. Governing Law


This Policy is governed by Hawaii law without regard to conflict of law principles. Any

disputes will be resolved in Hawaii state courts in Honolulu.



20. Mahalo


Thank you for trusting Hawaii Merchant Funding with your information. We are

committed to maintaining that trust through transparent practices, robust security, and

full compliance with all applicable privacy laws.


E mālama pono - Take good care,

The Hawaii Merchant Funding Team