Privacy Policy — GC Does Loans

Effective Date: May 11, 2026

This Privacy Policy describes how GC Does Loans LLC (“GC Does Loans,” “we,” “us,” or “our”) collects, uses, discloses, and sells personal information when you use the mobile application Cash Advance: GC Payday Loans (the “App”), our website at gcdoesloans.com, and related services (collectively, the “Services”).

1. Introduction & scope

GC Does Loans LLC is a Colorado-based loan-matching and lead-generation platform. We connect consumers who submit loan or cash-advance requests with third-party lenders, financial institutions, and marketing partners. We are not a lender, bank, or credit broker and do not make credit decisions, issue loans, or set interest rates.

When you use the App, you provide detailed personal and financial information. We use that information to verify identity, package leads, and sell or share your information with third parties who may contact you with offers. This Policy explains those practices in plain language.

By downloading, installing, accessing, or using the App, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree, do not use the Services. The App is intended for U.S. residents who are at least eighteen (18) years of age (or older where state law requires).

2. Laws & regulatory framework

Our handling of personal information is subject to multiple U.S. federal and state frameworks, including:

Gramm-Leach-Bliley Act (GLBA) — Social Security numbers, bank account numbers, routing numbers, income, and employment data may constitute “nonpublic personal information” under GLBA. GLBA may require separate privacy notices and may limit certain state privacy rights for financial data.
California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — including definitions of “sale” and “sharing” of personal information.
Fair Credit Reporting Act (FCRA) — where we or our partners obtain or use consumer reports.
Federal Trade Commission (FTC) guidance on lead generation, data brokers, and truthful advertising.
CAN-SPAM Act and Telephone Consumer Protection Act (TCPA) — for email, SMS, and telemarketing.

Depending on the data involved, GLBA and FCRA may preempt or limit some state privacy rights. Where a separate GLBA Initial Privacy Notice is provided, it may govern certain financial information in addition to this Policy.

3. Information we collect

3a. Information you provide directly

When you complete forms in the App or on our website, you may provide the following categories of information:

Personal identifiers

Full legal name (first, middle, last)
Date of birth
Email address
Phone number (mobile and/or home)
Full residential address including street, city, state, and ZIP code

Government & identity documents

Social Security Number (SSN)
Driver's license number and issuing state

We collect your SSN to verify your identity, satisfy know-your-customer (KYC) requirements imposed on our lender and lead-buyer partners, and detect fraud. SSN is transmitted using encryption in transit (TLS).

We collect your driver's license number to confirm identity, validate state eligibility, and meet partner KYC obligations.

Financial & employment information

Bank account number (full account number)
Bank routing number
Bank name and account type (checking / savings)
Employer name
Employer phone number
Employment status and job title
Monthly or annual gross income
Source of income (employment, self-employment, benefits, other)
Purpose of the loan or cash advance request

We collect your full bank account number and routing number so lender partners can verify deposit capacity, set up potential ACH disbursement or repayment, and evaluate application risk. We collect employer phone numbers because lenders and verification vendors may use them to confirm income and employment.

3b. Information collected automatically

When you use the App or website, we and our analytics or advertising partners may automatically collect:

Device identifiers, operating system, App version, and IP address
Usage patterns, session duration, clickstream, and in-App actions
Approximate location derived from IP address or device signals
Data from cookies, mobile software development kits (SDKs), pixels, and similar technologies

3c. Information from third parties

We may receive information about you from:

Identity and fraud-prevention vendors
Consumer reporting agencies and alternative credit data providers (subject to FCRA where applicable)
Marketing or referral partners who direct you to the App

4. How we use your information

We use personal information for purposes including:

Creating and managing your account and application profile
Verifying your identity (KYC) and assessing basic eligibility for matching
Packaging your data into a “lead” and matching you with lender or buyer partners
Selling your personal information to third-party lenders, financial institutions, and marketing partners (see Section 5)
Processing referrals, redirects, and transactions you initiate with partners
Sending transactional messages and, where you have consented, marketing communications
Improving App performance, debugging, and conducting analytics
Detecting fraud, enforcing our Terms of Use, and complying with legal obligations

5. Sale and sharing of personal information

Important: GC Does Loans LLC sells personal information as defined by the CCPA/CPRA and applicable state privacy laws. Please read this section carefully.

5.1 We sell your personal information

GC Does Loans LLC sells personal information to third parties. In exchange for your data, we may receive monetary compensation, per-lead fees, referral fees, revenue share, or other valuable consideration. Compensation arrangements may influence which partners receive your data first, how offers are ranked, or how quickly your lead is distributed.

Categories of personal information we sell include, without limitation:

Full legal name, date of birth, email address, and phone number
Full residential address with ZIP code
Social Security Number
Driver's license number and issuing state
Bank account number, routing number, bank name, and account type
Employer name, employer phone number, employment status, job title, and income details
Source of income and stated loan or cash-advance purpose
Device, usage, and referral data associated with your submission

5.2 Categories of third parties who buy or receive your data

We sell or disclose personal information to categories of recipients including:

Licensed lenders and financial institutions offering personal loans, installment loans, cash advances, or lines of credit
Insurance companies and other financial product providers
Debt relief, credit counseling, and related service providers
Marketing partners that may contact you about financial and non-financial products
Data brokers and aggregators who may resell or further license the information

Once your information is sold, the buyer's own privacy policy and practices govern further use. We do not control how purchasers use, retain, or resell your data after the sale.

5.3 Your right to opt out of sale

California residents and individuals in other states with applicable opt-out rights may direct us to stop selling their personal information.

Email legal@gcdoesloans.com with the subject line “Do Not Sell My Information”, or
Use the in-App opt-out link in Settings (when available).

We will process verified opt-out requests within fifteen (15) business days. Opting out stops future sales but does not delete information already sold to third parties. Even after you opt out, we may still share information as required by law or as necessary to complete a transaction you specifically initiated (for example, forwarding your application to a lender you chose).

6. Legal basis for processing

Where state or international frameworks require a legal basis, we rely on:

Consent — obtained before collection and sale; you may withdraw consent, though withdrawal may prevent us from providing matching services
Contractual necessity — to perform the lead-matching services you request
Legal obligation — including KYC/AML, recordkeeping, and responses to lawful process
Legitimate business interests — fraud prevention, security, analytics, and service improvement, balanced against your rights

7. Data retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required by law. Example retention periods include:

Data type	Typical retention period
Full applicant profile (name, SSN, address, bank info, income)	Duration of the business relationship plus 5–7 years after last activity, or longer if required by law or legal hold. Example: last App use January 2025 → retained until at least January 2030–2032.
Lead and sale records (buyer identity, date, compensation)	5–7 years for FTC recordkeeping and dispute resolution
Marketing records (consent logs, email/SMS responses)	2–3 years after last interaction, or until opt-out plus 90 days
Device and usage logs (IP, session, clickstream)	12–24 months
Opt-out / Do Not Sell request logs	Minimum 5 years (e.g., March 2025 request kept until at least March 2030)
Support communications	3 years after ticket resolution

Specific periods may vary by data category, jurisdiction, or regulatory guidance. Where law mandates longer retention, the legal minimum controls.

8. Data security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

Encryption in transit (TLS 1.2 or higher) and encryption at rest (AES-256 where applicable)
Role-based access controls and least-privilege access for personnel
Monitoring, logging, and periodic security reviews
Contractual security and confidentiality obligations for vendors and lead buyers

No method of transmission or storage is completely secure. If you believe your account or data has been compromised, notify us immediately at questions@gcdoesloans.com. If a breach affecting sensitive personal information occurs, we will notify affected individuals and regulators as required by applicable law.

9. Your privacy rights

Depending on where you live, you may have rights to:

Know / Access — learn what personal information we collect, use, disclose, or sell, including categories of third-party buyers where feasible
Delete — request deletion of information we hold, subject to legal and contractual exceptions; data already sold cannot be retrieved from buyers' systems
Correct — request correction of inaccurate personal information
Portability — receive certain data in a structured, machine-readable format
Opt out of sale — as described in Section 5.3
Non-discrimination — we will not deny services solely because you exercised privacy rights, though some features require data processing

Submit requests to legal@gcdoesloans.com with the subject line “Privacy Request.” We may verify your identity before responding. Authorized agents may submit requests where state law permits. We generally respond within 45 days for California residents and within 30 days where other state laws apply.

10. Marketing opt-outs

Email: use the unsubscribe link in marketing emails; we process opt-outs within ten (10) business days under CAN-SPAM. Transactional emails may continue.
SMS: reply STOP to opt out; reply HELP for assistance under TCPA. One-time passwords and transactional texts are unaffected.
Push notifications: adjust permissions in your device operating system settings.
Telemarketing calls: email questions@gcdoesloans.com to opt out of marketing calls. Prior express written consent is required for certain auto-dialed calls under TCPA.

Opting out of marketing does not opt you out of the sale of personal information. Submit a separate Do Not Sell request under Section 5.3 to stop sales.

11. California residents (CCPA / CPRA)

If you are a California resident, the following additional rights apply under the CCPA as amended by the CPRA.

Right to Know. You may request the categories and specific pieces of personal information we collected; categories of sources; business purposes; and categories of third parties to whom we sold or disclosed information — including the fact that we sell data and the categories of buyers.

Right to Delete. Subject to statutory exceptions, you may request deletion of personal information we maintain.

Right to Correct. You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing. We sell personal information under the CCPA definition. Opt out via legal@gcdoesloans.com or the in-App “Do Not Sell” link. We process requests within fifteen (15) business days.

Right to Limit Use of Sensitive Personal Information. SSN, driver's license numbers, and full bank account numbers are “sensitive personal information” under CPRA. You may request that we limit use beyond CPRA-permitted purposes.

Right to Non-Discrimination. We will not unlawfully discriminate against you for exercising CPRA rights.

Contact legal@gcdoesloans.com with the subject “California Privacy Request.” We respond within forty-five (45) days. You are entitled to two free access requests per twelve-month period. GLBA and FCRA may limit certain rights for financial information.

12. Other state privacy rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon, and other states with comprehensive privacy laws may have rights similar to those in Section 9, including access, deletion, correction, opt-out of targeted advertising, and appeal rights. Email legal@gcdoesloans.com to submit a request or appeal a decision.

13. Do Not Track & Global Privacy Control

We do not respond to “Do Not Track” (DNT) browser signals because there is no uniform industry standard. We honor Global Privacy Control (GPC) signals from California residents as a request to opt out of sharing for cross-context behavioral advertising under CCPA/CPRA, to the extent technically feasible.

14. GLBA and FCRA notices

GLBA. SSN, bank account numbers, routing numbers, income, and employment information may be “nonpublic personal information” under GLBA. We may provide a separate GLBA Initial Privacy Notice that governs certain financial data.

FCRA. If we or a partner obtains a “consumer report” from a consumer reporting agency, FCRA governs that activity. Hard credit inquiries require your express prior authorization. You may have rights to dispute inaccurate report information with the agency that furnished the report.

GLBA and FCRA may preempt or limit certain state privacy rights with respect to financial information.

15. Cookies and tracking technologies

We use cookies, mobile SDKs, pixels, and similar tools for authentication, fraud detection, analytics, advertising attribution, and session management. You can limit cookies through browser settings (web) or device settings (mobile). Disabling certain technologies may impair functionality or prevent access to the Services.

16. Children's privacy

The App is not directed to anyone under eighteen (18). We do not knowingly collect personal information from minors. If we learn that we collected data from a person under 18, we will delete it promptly. Report concerns to questions@gcdoesloans.com.

17. International users

The Services are directed to users in the United States. Personal information is processed and stored in the U.S. By using the App, you consent to transfer and processing in the United States, which may have different data-protection laws than your country of residence.

18. Policy updates

We may revise this Policy from time to time. The “Effective Date” at the top reflects the latest version. Material changes will be communicated through in-App notice, email, or a prominent website posting. Continued use after the effective date constitutes acceptance of the updated Policy.

19. Contact us

GC Does Loans LLC
3125 24th St
Boulder, CO 80304-2805
United States
General support: questions@gcdoesloans.com
Privacy requests: legal@gcdoesloans.com
Website: gcdoesloans.com