Privacy Policy

Effective Date: October 1, 2025 (Updated)

Introduction and Scope

Capital Foundation Partners (“CFP,” “we,” or “us”) is a U.S.-based business-to-business (B2B) receivables management and collections firm. We value your privacy and are committed to protecting personal information in accordance with applicable laws and ethical standards. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information obtained through our website and in the course of providing our services to business clients. It also explains your rights and choices regarding your personal information.

B2B Focus: Our services are primarily directed to businesses and commercial accounts, not individual consumer debts. Therefore, many consumer-specific privacy laws or debt collection laws may not directly apply to our activities. For example, the Fair Debt Collection Practices Act (FDCPA) – a U.S. law that governs debt collection practices for personal debts – generally does not apply to commercial (business-to-business) debts. Similarly, certain consumer privacy rights (like those under California or EU law) may have limited applicability to a pure B2B context. That said, CFP still handles any personal information with care, and we voluntarily uphold high standards of privacy and security even in contexts where specific consumer laws do not strictly apply. By using our website or services, you acknowledge that you have read and agree to this Privacy Policy.

Information We Collect

We only collect personal information that is relevant and necessary for our business purposes (e.g. managing accounts receivable, collecting payments, and communicating with clients or debtors). The types of information we may collect include:

  • Contact Identifiers: Name, business address, work email, telephone number, and similar contact details of client representatives, account debtors, or guarantors. This may include information on business contacts or officers associated with an account (which can be personal data if it identifies an individual).

  • Business Account Information: Company name, account numbers, invoices, contracts, and transaction details related to the receivables we are managing. If an individual (e.g. a sole proprietor or partner) is personally liable for a business debt, information about that debt (amount owed, payment history, etc.) may be linked to that individual.

  • Financial Information: If we receive or process a payment from you, we (or our payment processor) may collect payment details such as bank account numbers or payment card information. All payment information is handled using industry-standard security and PCI-DSS safeguards.

  • Communications: Records of communications we have with you. For example, if you call us, we may document or record the call (as permitted by law) to verify agreements or for quality assurance. Emails or correspondence you send us (including any information you choose to provide in web forms on our site) are retained to address your inquiries and for our records.

  • Internet/Device Data: When you visit our website, we automatically collect certain technical information such as your IP address, browser type, device identifiers, pages visited, and the date/time of access. Like most websites, we use cookies or similar technologies to improve user experience and site functionality (e.g. remembering your preferences). These cookies do not capture sensitive personal details but may log usage patterns (e.g. which pages you view). You can adjust your browser settings to refuse cookies or alert you when cookies are being used (see Cookies and Tracking below for more detail).

  • Third-Party Sources: In connection with our collections efforts, we may obtain additional information from third parties. For example, we might receive updated contact information or credit reports from skip-tracing services, credit bureaus, or public databases to help locate a debtor or evaluate an account. We only obtain such information as allowed by law and as needed to fulfill our contractual obligations to our clients.

We do not knowingly collect any sensitive personal information unrelated to our services (such as racial or ethnic origin, biometric data, or social security numbers) unless it is provided by the individual or required for a specific business purpose. We also do not seek to collect any information from individuals under 13 years of age, and our website and services are not directed to children. If we learn that we have inadvertently received personal information from a child under 13, we will promptly delete it.

How We Use Personal Information

We use the personal information collected for the following business purposes (and compatible purposes reasonably related to them):

  • Providing Services: To carry out receivables management and debt collection services on behalf of our clients. This includes using contact information to communicate with account debtors (e.g. sending notices or making calls regarding outstanding business invoices) and using account/transaction information to seek resolution of debts. Any information we obtain will be used solely for the purpose of collecting the debt or managing the account in question (consistent with FDCPA “mini-Miranda” disclosures).

  • Communications: To respond to inquiries and provide customer service to our clients, their customers, or other individuals who contact us. For instance, if you fill out a “request a quote” form or send us a question, we will use your provided information to respond. We may also use contact information to send administrative information, such as updates to our terms or this Privacy Policy.

  • Verification and Compliance: To verify identities and prevent fraud. For example, before disclosing account details to a caller, we may require verification of their identity. We also use personal data as needed to comply with legal obligations, such as maintaining records required by law or responding to lawful information requests.

  • Improving Our Services and Website: To analyze website usage and performance so we can improve functionality and content. Web analytics may help us understand aggregate visitor traffic patterns (e.g. which pages are most visited). This data is typically collected in aggregate form and does not identify you personally. If we do use cookies or similar tools, it is to enhance user experience (see Cookies and Tracking below).

  • Marketing and Business Development: We primarily market our services to other businesses, and any outreach to individual business contacts will comply with applicable laws (e.g. CAN-SPAM for email, or UK GDPR/PECR for any EU/UK contacts). If we send you marketing communications (such as a newsletter or an invitation to a webinar) using your work contact information, you have the right to opt out of further marketing (see Your Choices below). We will not send you marketing emails if you have asked us not to, and we do not use personal data for cross-context behavioral advertising without consent.

We will not use personal information for purposes incompatible with the ones listed above without providing you notice and, if required, obtaining your consent.

How We Share and Disclose Information

CFP understands the importance of your information and does not sell your personal information to third parties for profit. We only share personal data in the following circumstances, and always pursuant to appropriate confidentiality and security obligations:

  • Client Organizations: If we are collecting a receivable on behalf of a client (e.g. a creditor company that hired us), we may share necessary information with that client. For example, we report back to our client on the status of collection efforts and payments received. Our clients are typically the original creditors or suppliers to whom the debt is owed, and they already have a relationship with the debtor. We do not disclose more information than the client needs for their own records (often they provided the data to us in the first place).

  • Service Providers (“Processors”): We use trusted third-party service providers to support our operations. These include, for instance, mail vendors (who send out collection letters on our behalf), payment processors (to handle online or phone payments securely), skip-trace and data providers (to supply updated contact info), or IT/cloud service providers that host or back up our data. Such vendors are given only the information necessary to perform their functions for us and are contractually bound to use it only for our specified purposes and to protect it to standards equivalent to ours. For example, if we engage a letter-printing service, we would share the debtor’s name and address and letter content, but that service cannot use those details for any other purpose.

  • Business Partners/Affiliates: At this time, CFP does not have corporate affiliates or joint marketing partners with whom we share personal data. If that changes (for example, if we partner with another financial firm or have a parent/subsidiary company in the future), we will update this policy and ensure any affiliate has comparable privacy safeguards. Any such sharing would provide individuals the same choices and rights described in this Policy.

  • Legal and Safety Reasons: We may disclose personal information when required to do so by law or in response to valid legal process (such as a subpoena, court order, or regulatory demand). We may also share information if necessary to establish or exercise our legal rights, to defend against legal claims, or to investigate/prevent actual or suspected fraud, security issues, or other harmful or illegal activity. For instance, if regulators (like a state Attorney General or the Consumer Financial Protection Bureau) request information during an investigation, we may be obligated to provide relevant data.

  • Credit Bureaus: In general, CFP’s B2B collection activities do not involve reporting personal information to consumer credit reporting agencies, since we focus on business debts. However, if an individual’s obligation is subject to credit reporting (for example, a personal guarantor of a business debt or a sole proprietor’s account), we may report the status of that debt to credit bureaus as allowed by law. We will only do so in compliance with the Fair Credit Reporting Act (FCRA) and other applicable regulations.

  • Corporate Transactions: If CFP is involved in a merger, acquisition, financing due diligence, restructuring, receivership, or sale of all or a portion of our business/assets, personal information may be disclosed to the parties and advisors involved, in compliance with applicable confidentiality requirements. Should such a transaction occur, we would require the recipient of any personal data to handle it in a manner consistent with this Privacy Policy.

When we disclose personal information to any third party, we take care to do so only as permitted by law and to ensure the third party has an obligation to keep the information confidential. We never share more data than necessary for the purpose, and we do not allow any service provider or partner to sell, rent, or use the data for their own unrelated purposes.

Data Security and Retention

Security Measures: We maintain robust administrative, technical, and physical safeguards designed to protect personal information against unauthorized access or disclosure. These measures include access controls to limit which employees can view personal data (based on job function and “need to know”), authentication requirements for our systems, network security monitoring, and encryption of sensitive data in transit (for example, our website uses HTTPS encryption for any forms you submit). We follow the requirements of the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule in spirit and practice, even when a given dataset may not formally trigger GLBA. This means we have a written information security program and take steps such as employee training on data security, regular risk assessments, and vendor due diligence to ensure your information remains safe.

Physical records (if any) containing personal information are stored securely and disposed of via shredding or other secure means. Electronic data is protected by firewalls and intrusion detection systems. We also require our service providers to implement appropriate security measures. While no security method is 100% foolproof, we employ industry-standard practices and constantly strive to improve to meet evolving threats.

Retention: We retain personal information only for as long as necessary to fulfill the purposes for which it was collected (e.g. for the duration of the collections process or client contract), or as required by law or our legitimate business needs. For example, we may keep records of settled accounts for a certain period to comply with financial record-keeping laws or to defend against potential legal claims. If there is no legal need or business necessity to retain your data, we will securely delete or anonymize it. In general, once an account is closed and any applicable statutory retention period (such as seven years for certain financial records) has passed, we will remove personal information associated with that account from our active systems.

Your Rights and Choices

We respect the rights of individuals to know about and control their personal information. Depending on your relationship with us and applicable law, you may have some or all of the following rights regarding the personal data we hold about you:

  • Access and Correction: You have the right to request a copy of personal information we maintain about you, and to request that we correct any inaccuracies. We will honor such requests to the extent required by law (and even if not legally required, we will strive to correct factual errors in your personal data when you notify us). For security and identification purposes, we may ask you to submit the request in writing and provide certain information to verify your identity before granting access or making corrections. We will inform you if we cannot fulfill your request in certain exceptional cases – for example, if the data is subject to legal privilege or if disclosing it would violate someone else’s privacy rights – but we will provide as much information as we are able and a reason for any denial.

  • Deletion: California residents and some other individuals have a legal right to request deletion of their personal data. We will evaluate deletion requests on a case-by-case basis in line with applicable laws. Please note that the nature of our business (debt collection) often involves circumstances where we must retain certain personal information (for example, to comply with financial regulations, to evidence the handling of an account, or as otherwise exempt under law). In many cases, the information we hold may fall under an exception to deletion rights – for instance, data needed to “comply with a legal obligation” or to exercise or defend legal claims (which are recognized exceptions under laws like the CCPA/CPRA and GDPR). If you request deletion of information that we are not legally required or permitted to keep, we will delete it and confirm to you that we have done so. If we must retain it, we will inform you of the specific exemption we are invoking.

  • Opt-Out of Sale or Sharing: We do not sell personal information to third parties, as noted above. If you are a California resident, you have the right to direct a business that does sell or share your personal data to stop doing so. While this is not applicable to CFP because we do not sell data, we also honor opt-out requests from any individual regarding future marketing communications or any third-party data sharing that is not essential to our services. For example, if we ever consider sharing your contact information with a partner for a cross-promotional purpose, we would give you the opportunity to opt out in advance.

  • Text Messaging/WhatsApp Opt-in Opt-Out: We offer text message communication for project updates and customer support purposes. Participation is entirely voluntary. Users may initiate text conversations by sending a keyword such as “JOIN” to our toll-free number. By doing so, you consent to receive messages related to project tracking, confirmations, and status updates. No promotional or marketing messages are sent through this channel.

    You may opt out of receiving text messages at any time by replying STOP to any message. Once you do, you will receive a confirmation that you have been unsubscribed, and no further texts will be sent unless you initiate a new opt-in. Standard message and data rates may apply.

    For compliance purposes, we log the phone number, opt-in keyword, and timestamp of the initial opt-in. These records are used solely to document consent and maintain service reliability. We do not share or sell phone numbers or text message data to third parties for marketing purposes.

  • Marketing Communications: If we send you marketing emails (such as a newsletter or an offer for services) and you prefer not to receive them, you can unsubscribe at any time by clicking the “unsubscribe” link in the email or by contacting us directly. Note that transactional or account-related communications are not considered marketing – for example, a payment confirmation or an important notice about your account – and you will receive those as part of our services. However, we will not send you marketing messages if you have opted out.

  • California “Shine the Light”: Separate from CCPA, California’s “Shine the Light” law allows residents to request certain information about any personal information disclosed to third parties for their direct marketing purposes. CFP does not disclose personal information to third parties for their own direct marketing, so no such list exists.

  • Non-Discrimination: If you exercise any privacy rights under any law (for instance, requesting access or deletion), we will not discriminate against you or retaliate in any way. For California residents, this means we will not deny services, charge different prices, or provide a different level of quality because you exercised your rights. The only time we might not be able to fulfill a request is if an exemption applies, as described, but we will explain this to you.

Additional Privacy Notices for Specific Regions

California Residents: If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you additional rights. In general, CPRA now fully applies to personal information collected in a B2B context (the prior partial exemption for business-to-business data expired on January 1, 2023). This means that even if we collect your information in the course of communicating or transacting with your company, you are entitled to the same privacy rights as any other consumer under California law. These include the rights of access, deletion, correction, to know what categories of data we collect, and to opt out of sale/sharing, as summarized above and in Cal. Civ. Code §1798.100 et seq..

Categories and Purposes: For the 12-month period preceding the date of this Policy, CFP has collected the following categories of personal information about California residents, primarily for debt collection and account management purposes: Identifiers like name, contact information and account number; information related to employment or affiliation (e.g. your job title or employer if you are a point of contact); recordings of calls (if applicable); and internet or device information from visitors to our website. We obtain this information directly from the individual or from our client (the creditor) or from skip-tracing sources. We use it for the business purposes described in How We Use Personal Information above (which include collections, compliance, and service improvement). We share it only with the categories of recipients described in How We Share Information(such as our service providers, clients, or as legally required). We do not sell personal information and have not sold anyone’s personal data in the past 12 months.

California residents may submit requests under the CCPA/CPRA (e.g. to know or delete) through the contact methods listed in Contact Us below. We will verify your identity by matching information you provide with our records (which may involve a few data points such as your last known address, phone, or email). If needed or if you prefer, you can designate an authorized agent to make a request on your behalf; we will take steps to verify the agent’s authority and your identity as permitted by law For more detailed information about our privacy practices and your rights under California law, you may also refer to our California Privacy Notice (if provided separately on our website).

European Union/European Economic Area (EEA) Residents: CFP is based in the United States and does not actively offer services to or target individuals in the EU/EEA. Our website is intended for U.S. businesses. Therefore, in most cases the GDPR (General Data Protection Regulation) will not apply to our data processing, as we do not have an establishment in the EU and we are not purposefully offering services to or monitoring EU individuals (iapp.org). For example, if our services are provided only to U.S. companies and we address only U.S. residents or businesses, the GDPR would generally “not come into play.” (iapp.org)

However, if you are located in the EU/EEA and we happen to process your personal information (for instance, if you are an employee of one of our clients or a debtor of a client, and you are in the EU), then the GDPR may apply to that processing. In such cases, we want you to know that we will handle your data in accordance with GDPR requirements. We will determine a lawful basis for processing (typically, our legitimate interest in carrying out a contract with your employer or recovering a debt, or compliance with a legal obligation) and will honor the rights granted to you by the GDPR. These rights (in addition to those listed earlier) include:

  • The right to object to processing of your personal data, particularly for direct marketing purposes. If we were ever to send marketing communications to an EU individual, we would do so only in compliance with e-Privacy laws and you can opt out at any time.

  • The right to data portability, allowing you to request a copy of personal data you provided to us in a machine-readable format.

  • The right to withdraw consent at any time if we rely on consent as the basis for processing (though generally we do not rely on consent for the types of processing we do; we rely on other lawful bases).

  • The right to restrict processing in certain circumstances (for example, while a data accuracy dispute is being resolved).

  • The right to be informed of any automated decision-making or profiling that produces legal or similarly significant effects (CFP does not use automated decisions in its debt collection processes without human involvement – each account is handled by our staff).

To exercise EU/EEA data subject rights, please contact us as described below. We may not have a legal obligation to appoint an EU representative given our lack of intentional EU operations, but we will nevertheless respond to inquiries from EU individuals in good faith. Additionally, any personal data originating from the EU that we process will be stored in the U.S. We will ensure that appropriate safeguards are in place for any international data transfer, such as relying on the EU Standard Contractual Clauses or other valid transfer mechanisms, to protect your information’s privacy. And regardless of your location, if we process personal data for direct marketing, or any personal data at all, we are committed to complying with strict data protection principles – even the UK Information Commissioner’s Office emphasizes that personal data used in a business context still falls under data protection law (ico.org.uk). In short, we apply the same care and compliance mindset globally.

Cookies and Tracking Technologies

When you visit our website, we may place “cookies” (small text files) or use similar tracking technologies (like web beacons or pixel tags) on your device. These technologies serve several purposes:

  • Essential Cookies: Some cookies are necessary for the website to function properly (e.g. to keep you logged in to a client portal, or to remember your preferences).

  • Analytics Cookies: We use these to understand how visitors navigate our site, which pages are popular, and where there might be website errors or issues. This helps us improve the content and design. The data collected is typically aggregated and does not directly identify individuals. For example, we might track how many users visited the “Services” page in a week or how long visitors spend on a certain page.

  • No Third-Party Advertising Cookies: We do not use third-party advertising networks or tracking for targeted ads on our site. Thus, our site should not load any cookies for advertising purposes. If that ever changes, we will update this policy and request any necessary consent.

Your Choices for Cookies: On your first visit to our site (and periodically thereafter), you may see a banner or notice about cookies. By clicking accept or continuing to use the site, you consent to our use of cookies as described. If you prefer not to allow cookies, most web browsers let you adjust settings to refuse some or all cookies, or to prompt you before accepting a cookie. You can also delete cookies after visiting our site. Please note that if you disable cookies, some features of the site may not work correctly. For example, embedded videos or forms might not remember your inputs. For more information on managing cookies, you can visit [USA.gov’s guide on cookies] or your browser’s help documentation.

Our website currently does not respond to “Do Not Track” signals from browsers, in part because there is no common standard for such signals. However, as noted, we do not engage in cross-site tracking of users.

Compliance with Debt Collection Laws

Although this document is primarily a Privacy Policy, we want to be transparent about our compliance with laws that intersect with privacy in the context of debt collection:

  • FDCPA: As noted, the U.S. Fair Debt Collection Practices Act generally applies only to consumer debts, not B2B debts. Because CFP’s focus is on commercial accounts (debts incurred by businesses), the strict provisions of the FDCPA (e.g. mini-Miranda notices, validation notice requirements, call time restrictions, etc.) are typically not legally mandated for our work Nevertheless, we voluntarily adhere to the spirit of the FDCPA in our practices. We believe in treating all debtors with respect and fairness. For instance, if we ever need to communicate with an individual (such as the owner of a small business or a guarantor), our representatives will identify themselves as debt collectors and state that any information obtained will be used for that purpose, as required by the FDCPA’s mini-Miranda rule. We also avoid any harassing, abusive, or deceptive conduct, aligning our policies with FDCPA standards even when the letter of that law may not apply. Additionally, many states have their own debt collection laws, and while those too often exempt commercial collections, we monitor and comply with any state requirements that do apply to our activities.

  • GLBA: Under the Gramm-Leach-Bliley Act, CFP may be considered a “financial institution” because debt collection is deemed a financial activity (ftc.gov). GLBA and its implementing regulations (the Privacy Rule and Safeguards Rule) are primarily aimed at protecting consumer financial information. Since we do not provide services to individuals for personal, family, or household purposes, we generally do not have “customers” or “consumers” as defined in GLBA (our clients are businesses, and any debtors are usually businesses as well). Business or commercial client data is not subject to GLBA’s privacy notice requirements (ftc.gov). For example, GLBA does not require us to send an annual privacy notice to a corporation or to an individual acting in a business capacity (ftc.gov). However, to the extent we handle any nonpublic personal information about individuals (such as a sole proprietor’s account or a personal guarantor’s financial info), we treat it in compliance with GLBA. This means we do not disclose such information to non-affiliated third parties except as permitted for our collections purpose or as required by law, and we safeguard it per the Safeguards Rule. In short, even if GLBA’s formal notice rules might not apply due to the business context of our data, the confidentiality and security principles of GLBA are fully embedded in our privacy practices.

  • CCPA/CPRA: We have highlighted above the key rights under California’s consumer privacy law. We also note that not every B2B company is directly subject to CCPA/CPRA – the law applies only if certain thresholds are met (such as doing business in CA and either exceeding $25 million in gross revenue, processing data of 100k+ California residents/households, or deriving 50%+ revenue from selling/sharing personal data). If a company like ours does not meet those criteria, it may not be required to comply. However, CFP is committed to privacy best practices regardless of statutory obligation. We choose to honor core aspects of CCPA/CPRA for relevant data as a matter of transparency and fairness. Furthermore, if we act as a service provider to our clients (processing personal information on their behalf in the course of collection), we are contractually bound to handle that data in accordance with CCPA’s service provider provisions. In any event, with the January 2023 removal of the employee and B2B exemptions, any personal information about California residents that we collect (even in a business context) is treated as within the scope of CCPA. We have implemented processes to accommodate requests from individuals exercising their California rights and have updated our internal policies and training to ensure compliance where applicable.

  • GDPR and Other International Laws: As explained, the GDPR will apply to our processing of personal data of individuals in the EU if we engage in activities falling under its scope (offering services to or monitoring such individuals) (iapp.org). While that is not part of our core business model, we stay informed about global privacy developments. If and when we handle data subject to GDPR, we will adhere to its requirements (including lawful bases for processing, honoring data subject rights, and entering into any needed data protection agreements). We also aim to align with other relevant laws such as Canada’s PIPEDA or Australia’s Privacy Act if our operations were to extend to those regions. In summary, no matter the jurisdiction, CFP strives to handle personal information lawfully, fairly, and transparently (ico.org.uk).

Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make material changes, we will post the updated Policy on our website with a new effective date and, if required, provide a prominent notice (e.g. on our homepage or via email notification to clients). We encourage you to review this Policy periodically for the latest information on our privacy practices. Your continued use of our website or services after any update constitutes your acknowledgment of the revised Policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights as described above, please contact us using the information below. We will respond to inquiries or requests as soon as reasonably possible, and certainly within any timeframe required by law.

Privacy & Compliance
Capital Foundation Partners
Email: privacy@capitalfoundationpartners.co
Phone: (984) 848-7227

You may also use the above contact information to request this Privacy Policy in an alternative format if needed (for example, a printed copy or a copy accessible to individuals with disabilities).

By ensuring compliance with applicable laws and by committing to ethical standards, CFP seeks to protect privacy while effectively serving our clients. Thank you for reading our Privacy Policy.