1. Overview and scope
ICG Funding is a trade name of Infinite Capital Group, a commercial finance company headquartered at 1315 Ave J, Brooklyn, NY 11230. This Privacy Policy applies to information we collect through https://icg-funding.com, any subdomain, our funding application, customer portals, email and telephone communications, and services we provide in connection with a funding application or a funded account (collectively, the “Services”).
Because ICG Funding is a financial institution as defined by the federal Gramm-Leach-Bliley Act (GLBA), most of the personal information we collect about applicants and customers is treated as nonpublic personal information(NPI) and is governed by GLBA and the CFPB’s Regulation P (12 CFR Part 1016). The GLBA carve-out in most state privacy statutes applies to that NPI; this policy describes the rights that continue to apply to you outside of the GLBA carve-out.
By using the Services, you agree to the data practices described here, as supplemented by any product- or jurisdiction-specific notice we deliver to you. If you do not agree, please do not use the Services.
2. Information we collect
We collect information in three ways: what you give us, what we gather automatically, and what we receive from other sources.
Information you provide
- Contact details: your name, title, business name, email, phone number, and mailing address.
- Business details: legal entity type, industry, time in business, revenue, funding amount requested, intended use of funds, ownership structure, and beneficial-owner information.
- Financial documents: business bank statements, tax returns, voided checks, accounts- receivable aging reports, profit-and-loss statements, balance sheets, and other records you upload.
- Government IDs and sensitive identifiers: driver’s license or passport image for identity verification; Social Security Number or Individual Taxpayer Identification Number; Employer Identification Number; date of birth. Sensitive identifiers are collected only when needed for underwriting, identity verification, a credit pull, or anti-money-laundering compliance.
- Communications you send us: emails, chat messages, voicemails, and recordings of phone calls (see § 12).
Information we collect automatically
- Device and log data: IP address, approximate location derived from IP, browser type and version, operating system, device identifiers, pages visited, timestamps, referrer URL, and session interactions.
- Cookies and similar technologies: see Section 13 and our Cookie Policy.
- Session-replay, heat-map, and form- analytics data (e.g., Microsoft Clarity) collected to diagnose user-experience issues, with PII masked in transit where supported.
Information from other sources
- Credit bureaus:consumer and business credit reports and scores from Experian, Equifax, TransUnion, Dun & Bradstreet, Experian Business, Paynet, and similar agencies.
- Bank-statement aggregators:with your authorization, read-only business bank-account data through DecisionLogic or a similar provider, at your bank’s authentication.
- Identity, KYC, and fraud-prevention services: identity-verification vendors, device-reputation networks, OFAC and sanctions screening tools.
- Public records: Secretary of State entity records, UCC filings, court records, liens, and business licenses.
- Referral partners and service providers: limited information from partners who refer your business to us with your knowledge.
3. How we use information
We use information to:
- Evaluate your application and make funding decisions.
- Verify identity and detect fraud, money-laundering, and sanctions risk.
- Service approved funding, including payments, statements, renewals, modifications, collections, and customer support.
- Comply with legal, regulatory, tax, licensing, and record-keeping obligations.
- Operate, secure, monitor, audit, and improve the Services and our underwriting models.
- Send transactional communications about your application or account.
- With your consent, send marketing communications; you can opt out at any time (see § 12).
- Measure the performance of our advertising campaigns and website (using aggregated or pseudonymous data where possible).
4. Automated decision-making and credit decisioning
ICG Funding uses a combination of automated tools and human underwriter review when evaluating applications. Automated tools assist in flagging applications that meet or fail eligibility thresholds, scoring revenue stability, and triaging files to specialists. An application is not declined on the basis of an automated decision alone. Adverse actions (declines, counteroffers, or withdrawals of a previously extended offer) are reviewed by a human underwriter and are accompanied by an Equal Credit Opportunity Act adverse-action notice explaining the specific reasons and, where applicable, identifying the consumer-reporting agency we relied on.
You can request a human review of any decision by contacting compliance@icg-funding.com. See also our Responsible Lending page.
5. FCRA disclosures
The Fair Credit Reporting Act (15 U.S.C. § 1681) and equivalent state laws regulate how we obtain and use consumer reports.
Permissible purpose. When you apply for funding, you authorize ICG Funding to obtain consumer reports about you (including credit reports and scores) for the permissible purposes of evaluating your application, account review, the collection of an account, and other permissible purposes listed in 15 U.S.C. § 1681b, including during the life of any funding relationship.
Adverse action. If we take adverse action based in whole or in part on information in a consumer report, we will provide a notice that identifies the consumer-reporting agency that furnished the report, along with its address and toll-free number, and will explain your right to obtain a free copy of your report and to dispute inaccuracies.
Risk-based pricing. Pricing for some ICG products is set in part based on information in your consumer report. When required under the FCRA risk-based-pricing rule (12 CFR § 1022.72), we will provide a risk-based-pricing notice or a credit-score disclosure notice.
Identity theft. If you believe information in an application or account has been affected by identity theft, contact security@icg-funding.com immediately and visit IdentityTheft.gov.
7. GLBA privacy notice
8. How we protect your information
We maintain an administrative, technical, and physical information-security program designed to comply with the GLBA Safeguards Rule (16 CFR Part 314), New York DFS 23 NYCRR Part 500, and applicable state security statutes including the NY SHIELD Act (N.Y. Gen. Bus. Law § 899-bb). Elements include:
- Encryption. TLS 1.2 or higher for data in transit; AES-256 for data at rest in our systems.
- Access controls. Role-based access restricted to employees with a business need; multi-factor authentication for administrative access.
- Monitoring. Logging and alerting on unusual access patterns and anomalous behavior.
- Vendor diligence. Written data- protection terms with every service provider; at least annual diligence of material providers.
- Training. Ongoing security and privacy training for all staff with access to NPI.
- Incident response. Documented response and breach-notification procedures with designated officers and regulator-notification timelines.
No security program can guarantee the security of data transmitted over the internet. Security researchers can reach us at security@icg-funding.com (see our security.txt).
9. Breach notification
If an unauthorized acquisition or unauthorized access affects personal information we hold about you and triggers a notification obligation under applicable law (including the NY SHIELD Act, state breach- notification statutes, and the GLBA Safeguards Rule notification requirement), we will notify you without unreasonable delay and consistent with the legitimate needs of law enforcement and any investigation required to determine the scope of the incident and restore the integrity of our systems. Notification will identify the categories of information involved, what we are doing in response, and what you can do.
10. Retention and disposal
We retain information for as long as needed to deliver the Services, comply with our legal and regulatory obligations (including record-keeping rules that may require us to hold funding files and related records for seven years or longer after an account is closed), and resolve disputes, enforce our agreements, and cooperate with audits.
When information is no longer needed, we dispose of it using methods designed to prevent unauthorized access, consistent with the FACTA Disposal Rule (16 CFR Part 682) and our information-security program.
11. State privacy rights
Depending on your state of residence and the nature of the information we hold about you, you may have the rights below. Most state privacy laws include a financial-institution or GLBA exemption that covers the NPI we collect in the funding application process; the rights below apply to information outside that exemption (for example, marketing-only website data).
- Right to know / access. Request a copy of the personal information we have about you.
- Right to correct. Ask us to correct information that is inaccurate.
- Right to delete. Ask us to delete information, subject to exceptions for information we must keep for legal, regulatory, fraud- prevention, or security reasons.
- Right to portability. Request a machine-readable copy of information you provided to us, where technically feasible.
- Right to opt out of targeted advertising, sale of personal data, and profiling that produces legal or similarly significant effects. We do not sell personal data and we do not use it for cross-context behavioral advertising.
- Right to limit the use of sensitive personal information (California).
- Right to appeal a denied privacy request in states where an appeals process is required.
These rights may be available to residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Montana, Oregon, Delaware, Iowa, Tennessee, Indiana, New Jersey, Minnesota, Maryland, Kentucky, Nebraska, New Hampshire, and Rhode Island, among others. State-specific details, including California’s CCPA Notice and the authorized- agent process, are on our State Privacy Notices page and our CCPA Notice.
To exercise these rights, submit a request through our Privacy Request form or email privacy@icg-funding.com. We will verify your identity before acting on any request. We will not discriminate against you for exercising a privacy right.
12. Communications, marketing, and TCPA
When you apply or otherwise provide your phone number or email, you consent to receive transactional messages about your application, account, servicing, fraud-prevention, and security.
Where you provide separate consent, you may also receive marketing communications. You can opt out of marketing at any time by clicking the unsubscribe link in a marketing email, following the instructions in any SMS message (if sent), telling the caller during a phone call, or emailing privacy@icg-funding.com. Opting out of marketing does not stop transactional messages related to an active application or account.
TCPA. Consent to receive calls or texts using an automatic telephone dialing system or an artificial or prerecorded voice is not a condition of obtaining a product. Standard message and data rates may apply. See our Terms of Service § 9.
Call recording. We may record or monitor phone calls for training, quality-assurance, compliance, and dispute-resolution purposes, where permitted by law.
14. International visitors
The Services are directed to U.S.-based small businesses and the persons authorized to act on their behalf, and the information we collect is stored and processed in the United States. If you access the Site from outside the United States, you are responsible for compliance with local law, and by using the Site you consent to the transfer of information to, and the storage and processing of information in, the United States.
15. Children
The Services are directed to businesses and their authorized representatives. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, contact us and we will delete it.
16. Changes to this policy
We may update this policy from time to time. The “last updated” date above reflects the most recent revision. Material changes will be communicated by email or a prominent notice on the Site before the changes take effect.
17. Contact us
Questions about this policy, our data practices, or to exercise a privacy right?
- Email: privacy@icg-funding.com
- Phone: (646) 813-4633
- Mail: Infinite Capital Group, Attn: Privacy, 1315 Ave J, Brooklyn, NY 11230
- Web form: icg-funding.com/privacy-request