Privacy Policy
Effective date: June 3, 2026
1. Introduction and scope
This Privacy Policy describes the ways Noxti Money LLC (“Noxti Money,” “we,” “us,” or “our”) gathers, uses, discloses, sells, and otherwise handles personal information through the Noxti Cash mobile application and related services available on noxtimoney.com (collectively, the “App”).
Noxti Cash is a loan-matching and lead-generation platform that connects users with third-party financial partners. We are not a lender and we do not make credit decisions.
This Policy is meant to explain in plain terms what we collect, why we collect it, how we use it, and how we sell personal information, including who receives it. Your use of the App constitutes acceptance of this Policy. The App is intended for U.S. residents age 18 or older.
2. Laws and regulatory framework
Our information practices are structured to align with applicable U.S. consumer-finance and privacy requirements, including:
- GLBA (Gramm-Leach-Bliley Act): SSN, bank account information, routing number, income, and related financial information may be nonpublic personal financial information.
- CCPA/CPRA: including California definitions of “sale” and “sharing,” and related consumer rights.
- FCRA (Fair Credit Reporting Act): where consumer report activity is involved.
- FTC Act and FTC guidance: including expectations for lead-generation and data broker practices.
- CAN-SPAM and TCPA: for email and SMS/phone marketing communications.
In certain circumstances, information governed by GLBA or FCRA may require separate disclosures or handling standards and may narrow the scope of some state privacy rights.
3. Information we collect
3a. Information you provide directly
We collect the following categories of information directly from you:
Personal identifiers
- Full legal name (first, middle, last)
- Date of birth
- Email address
- Phone number (mobile and/or home)
- Full residential address including street, city, state, and ZIP code
Government and identity documents
- Social Security Number (SSN)
- Driver's license number and issuing state
We collect SSN to verify identity, satisfy lender-partner KYC obligations, and help prevent fraud. SSN is transmitted with encryption in transit.
We collect driver's license information for identity checks, state-eligibility validation, and KYC compliance.
Financial and employment information
- Bank account number (full account number)
- Bank routing number
- Bank name and account type (checking / savings)
- Employer name
- Employer phone number
- Employment status and job title
- Monthly or annual gross income
- Source of income (employment, self-employment, benefits, other)
- Purpose of the loan or cash advance request
We use bank account and routing information for lender verification and, when relevant, possible ACH disbursement or repayment setup by lender partners. Lenders may use employer phone information to verify income.
3b. Information collected automatically
- Device identifiers, operating system, App version, and IP address
- Usage patterns, session data, and clickstream activity
- Approximate location derived from IP address or device signals
- Data from cookies, mobile SDKs, and pixels
3c. Information from third parties
- Identity and fraud verification vendors
- Credit bureaus and alternative data providers (in relevant FCRA contexts)
- Marketing or referral partners that direct users to the App
4. How we use your information
- To create and manage your account
- To verify identity (KYC) and evaluate matching eligibility
- To package your data into a lead and match you with lender partners
- To sell personal information to third-party lenders, financial institutions, and marketing partners (see Section 5)
- To process and carry out transactions, referrals, and partner routing
- To send transactional messages and, where permitted, marketing communications
- To improve App performance, analytical insights, and security controls
- To comply with law and enforce applicable terms and policies
5. Sale and sharing of personal information
5.1 We sell your personal information
Noxti Money LLC sells personal information as that concept is defined under the CCPA/CPRA and applicable state law. We sell data to third-party lenders, financial institutions, marketing partners, data aggregators, and lead buyers.
Data sold can include the following information:
- Full legal name (first, middle, last)
- Date of birth
- Email address
- Phone number (mobile and/or home)
- Full residential address including street, city, state, and ZIP code
- Social Security Number (SSN)
- Driver's license number and issuing state
- Bank account number (full account number)
- Bank routing number
- Bank name and account type (checking / savings)
- Employer name
- Employer phone number
- Employment status and job title
- Monthly or annual gross income
- Source of income (employment, self-employment, benefits, other)
- Purpose of the loan or cash advance request
We may receive monetary payments, referral compensation, per-lead fees, revenue sharing, or other valuable consideration for this data. That compensation may affect partner routing priority and the order in which offers are ranked or displayed.
5.2 Categories of third parties who buy or receive your data
- Licensed lenders and financial institutions (including personal loans, installment loans, cash advances, and lines of credit)
- Insurance companies and other financial product providers
- Debt relief and credit counseling companies
- Marketing partners that deliver financial and non-financial offers
- Data brokers and aggregators that may resell data further
Once information is sold, further handling is governed by the recipient’s own privacy policy. We do not control downstream use by third-party buyers after purchase.
5.3 Your right to opt out of sale
California residents, and residents of other states with applicable rights, may opt out of personal-information sales by emailing [email protected] with the subject line “Do Not Sell My Information,” or by using the in-app opt-out link in Settings.
We process opt-out requests within 15 business days. Opting out stops future sales only; it does not erase data that was previously sold. We may still disclose information when required by law or when necessary to complete core App functionality tied to a request you initiated.
6. Legal basis for processing
- Consent: obtained before collection and sale where required; consent can be withdrawn, which may limit service availability
- Contractual necessity: to provide requested matching and referral services
- Legal obligation: including KYC/AML obligations and required record retention
- Legitimate business interest: fraud prevention, security operations, and platform integrity
7. Data retention
Retention windows depend on data category, legal obligations, and operational need. Typical periods include:
- Full applicant profile (name, SSN, address, bank info, income): business relationship duration plus 5 to 7 years after last activity, or longer if legally required or under legal hold. Example: last activity in January 2025 may result in retention until at least January 2030-2032.
- Lead and sale records (recipient, timestamp, price/consideration): 5 to 7 years for compliance, audit purposes, and dispute resolution.
- Marketing and communication records (consent logs, opt-ins, campaign responses): 2 to 3 years after last interaction, or until opt-out plus 90 days.
- Device and usage logs (IP, session data, clickstream): 12 to 24 months.
- Opt-out records (Do Not Sell requests): at least 5 years. Example: a March 2025 opt-out is retained until at least March 2030.
- Support communications: 3 years after ticket resolution.
Where applicable law requires longer retention, we maintain records for the required legal period.
8. Data security
- Encryption in transit using TLS 1.2 or higher and encryption at rest (including AES-256 where applicable)
- Role-based access controls under a least-privilege model
- Ongoing monitoring and periodic security audits
- Vendor security due diligence and contractual security obligations for service providers and buyers
- User responsibility to protect credentials and report suspected unauthorized access to [email protected]
No security framework is 100% secure. If a breach impacts sensitive information, we will provide notices to affected users and regulators as required by applicable law.
9. Your privacy rights
Depending on state law and applicable exemptions, you may be entitled to the following rights:
- Right to know/access: categories and specific data we maintain, plus categories of third parties to whom data was sold
- Right to deletion: subject to legal, contractual, and compliance exceptions; deletion cannot reverse prior sales in third-party buyer systems
- Right to correction: of inaccurate personal information
- Right to portability: in a structured, machine-readable format
- Right to opt out of sale: as described in Section 5.3
- Right to non-discrimination: we do not unlawfully discriminate for exercising rights, although some features require data processing
Submit requests to [email protected] using subject line “Privacy Request.” We verify identity before processing requests. Authorized agents are accepted where state law allows. Response timelines are generally 45 days for California requests and 30 days for certain other states, where applicable.
10. Marketing opt-outs
- Email: use the unsubscribe link in each marketing email; requests are processed within 10 business days under CAN-SPAM. Transactional emails may still be sent.
- SMS: reply STOP to opt out and HELP for assistance (TCPA context). OTP and transactional messages may continue when permitted.
- Push notifications: managed through your device operating-system settings.
- Phone marketing calls: email [email protected] to opt out; prior express written consent is required for auto-dialed telemarketing calls where required by TCPA.
Marketing opt-out is separate from sale opt-out. To stop future sales, submit a “Do Not Sell My Information” request under Section 5.3.
11. California residents (CCPA/CPRA)
If you are a California resident, the following additional rights apply under the CCPA as amended by the CPRA.
Right to know: You may request categories and specific pieces of personal information collected, source categories, business purposes, and categories of third parties to whom information was sold or disclosed, including buyer categories.
Right to delete: You may request deletion, subject to CCPA exceptions.
Right to correct: You may request correction of inaccurate personal information.
Right to opt out of sale/sharing: We sell data under CCPA definitions. You may opt out via [email protected] or the in-app “Do Not Sell” link. We process requests within 15 business days.
Right to limit use of sensitive personal information: SSN, driver’s license data, and bank account data are sensitive personal information under CPRA; you may request limits beyond uses permitted by CPRA.
Right to non-discrimination: You will not be unlawfully discriminated against for exercising your rights.
Submit California requests to [email protected] with subject line “California Privacy Request.” We generally respond within 45 days. One free request per 12-month period may apply under California law. GLBA/FCRA preemption may apply to certain financial data.
12. Other state privacy rights
Residents of states with comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others, may have similar rights to access, delete, correct, and opt out of specific processing activities. Submit requests to [email protected].
13. Do Not Track and Global Privacy Control
We do not currently respond to browser “Do Not Track” signals because no universal technical standard exists. We honor Global Privacy Control (GPC) signals for California residents as an opt-out of sharing for cross-context behavioral advertising where required by CCPA/CPRA.
14. GLBA and FCRA notices
Under GLBA, SSN, bank account number, routing number, income, and employment data may be nonpublic personal financial information. A separate GLBA Initial Privacy Notice may apply to that information.
Under FCRA, if we share information with consumer reporting agencies or rely on consumer reports, FCRA rights apply. Hard credit inquiries occur only with express prior authorization.
GLBA and FCRA may limit or preempt certain state privacy rights for some categories of financial data.
15. Cookies and tracking technologies
We use cookies, mobile SDKs, pixels, and device-fingerprinting technologies for authentication, fraud detection, analytics, ad attribution, and session management. You can control these through browser settings (web) and operating-system settings (mobile). Disabling these technologies may reduce functionality or prevent certain services from operating.
16. Children's privacy
The App is intended for users age 18 and older and is not directed to minors. We do not knowingly collect personal information from individuals under 18. If we discover such collection, we will promptly delete that information and take appropriate remediation measures. Contact us at [email protected].
17. International users
The App is directed to U.S. users and data is processed in the United States. By using the App, you consent to U.S.-based processing and transfer of your information.
18. Policy updates
We may update this Privacy Policy periodically and will update the Effective Date when revisions are posted. For material changes, we may provide notice in-app or by email. Continued use of the App after an update constitutes acceptance of the revised Policy.
19. Contact us
Noxti Money LLC
100 Westwood Ave
Columbia, MO 65203-2874
Email: [email protected]
Website: noxtimoney.com