Privacy Policy

1. Overview

This Privacy Policy explains how Sparrow Labs Inc. ("Sparrow," "we," "us," or "our") collects, uses, and processes information in connection with its websites, applications, platforms, and related services (collectively, the "Services").

Sparrow provides technology platforms that support consumer loan comparison experiences and partner-led marketing and communications. Our data practices vary depending on how you interact with the Services.

2. Roles and Responsibilities

Individual Consumers. For Sparrow-branded consumer marketplaces, Sparrow acts as a data controller for information collected directly through those experiences.

Business Customers and End Recipients. For white-labeled marketplaces and Crest, Sparrow acts as a service provider or data processor on behalf of Business Customers. Business Customers are responsible for providing required notices, obtaining consent, honoring opt-out requests, and ensuring lawful use of the Services.

3. Information We Collect

Depending on your interaction with the Services, we may collect:

• Identifiers such as name, email address, and contact information
• Application or eligibility information provided by Individual Consumers
• Account credentials and administrative information for Business Customers
• Usage data, log data, device information, and IP addresses
• Customer data processed on behalf of Business Customers, including contact and engagement data

4. How We Use Information

We use information to:

• Provide, operate, and maintain the Services
• Enable consumer loan comparison and application routing
• Process data at the direction of Business Customers
• Secure accounts and monitor platform performance
• Comply with legal and regulatory obligations

5. Marketing Communications and SMS

Sparrow does not send SMS messages to Individual Consumers using its direct-to-consumer loan marketplace.

When Business Customers use Crest to send email, direct mail, or SMS communications, Sparrow processes data solely as a technology service provider and does not select recipients, determine message content, or initiate communications. Business Customers are responsible for consent and compliance with applicable law.

6. Data Sharing

We may share information with:

• Service providers that support our operations and infrastructure
• Financial institutions involved in providing loan offers
• Regulators, law enforcement, or authorities when required by law

We do not sell personal information.

7. Data Retention

We retain information only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

8. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Individual Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or restrict certain processing of personal information. Requests may be directed to the applicable Business Customer or to Sparrow where appropriate.

10. International Processing

Sparrow primarily operates in the United States. Information may be processed and stored in the United States or other jurisdictions where Sparrow or its service providers operate.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised effective date.

12. Contact

Privacy-related inquiries may be directed to privacy@sparrowfi.com.