« Back to Index

Your privacy and the protection of your sensitive personal information are of utmost importance to us. Because we collect and/or store certain types of information from and about you, it is necessary to explain our policy and the terms and conditions surrounding the capture and use of that information.

This policy discloses which information we collect and how we use it, as well as the choices you can make about the way your information is collected and used. We also explain how any personal and/or personally identifiable information that we may request will be used; these explanations can usually be found on the same pages where the information is requested. We also detail below our security policy which describes how your personal information is protected both electronically and physically.

In general, and as described in detail below, we collect several types of information from you:

• Personal data required to verify your identity
• Personal, academic and financial data necessary to assess your eligibility
• Optional personal information you may wish to share in the furtherance of your goals in using our site
• Information about your visits to and use of this web site to help us maintain the appropriate features, functionality and user experience

We collect personal and financial information from you while you use the site, and most of this collection occurs during registration. Additional information may be gathered during your subsequent use of the site, whenever you choose to provide it.

Certain personal information must be supplied during the registration processes, as indicated below, in order to (a) enable users to login to the site, (b) determine eligibility for loans using our proprietary credit scoring process, (c) verify borrowers' and cosigners' identities, (d) establish borrowers' ability to request loans by verifying that they are at least 18 years of age, and (e) guard against potential fraud. This basic personal information includes:

• Your name
• Your email address
• Your date of birth
• Your home address and telephone number
• Your Social Security number

When you register as a borrower or cosigner, we will use this information to pull a credit report from a credit bureau to determine your creditworthiness. We will also use your required and optional information to facilitate other activities and transactions that need to occur, such as:

• Assigning you a borrower credit grade based on your academic characteristics and financial information
• Enabling our financial services partners to implement automatic payments and fund transfers
• Contacting you if there is a problem completing a transaction you requested or to discuss a problem with your account
• Implementing collection activities as needed
• Maintaining regular communications with you concerning transactions you initiate, such as requesting information or assistance, submitting a loan request, making payments, transferring funds, etc.

In addition, we gather names and email addresses of people who contact us through our web site with questions about our company. We collect this information for the sole purpose of responding to such inquiries and do not store the contact information unless requested by these people, such as in the case of job applicants who submit resumes, etc.

Finally, we collect information about your computer and your visits to our web site, such as your IP address, geographical location, browser type, referral source, length of visit, and page views through the use of log files. We use this aggregated information in the administration of our web site to improve its usability and to evaluate the success of particular marketing/advertising campaigns, search engine optimization strategies and other marketing activities. We use non-identifying and aggregated information to help optimize our web site based on the needs of our users. Except as specifically described below in the section entitled "How and When Your Information Is Shared With Other Parties," no personal or personally identifiable information about any individual user will ever be distributed to third party organizations for any purpose, including marketing.

When you register on our site you will receive emails that confirm specific actions you requested. You will receive notifications confirming your registration, the successful verification of email addresses and financial accounts, and confirmation of successful submissions of loan requests. You will also receive progress updates on the status of loan requests. These are transactional notifications that you cannot opt out of receiving, as they are in place to protect the security of your account and your personal information. We will also send you responses to any emails you send us. From time to time, we will also send user surveys and requests for user feedback regarding user experience and site operations. The completion of these surveys or requests for feedback is strictly voluntary. If you do not wish to receive these surveys or user feedback emails, you may opt out by writing to customer.care@custudentloans.org.

We may share your information with law enforcement or other government agencies as required by law or for the purposes of limiting fraud. We reserve the right to disclose your personally identifiable information when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site.

Fynanz works with a number of trusted partners that perform vital functions as part of our operations, including credit bureaus, collection agencies, electronic payment service providers, and customer support call centers. Information is shared with these third parties only to the extent necessary for us to process the transactions you initiate or perform other specific services, like collections. Our partners are legally required to keep your information private and secure.

You will receive email notifications from time to time, and these are required elements of your transactions on our web site, such as confirmations of particular actions you have taken. These required notices are sent typically to notify you of a change in status such as when you are confirmed as a borrower or cosigner, or for legal or security purposes. For example, certain notifications are sent for your own protection to ensure that no one can make a change to your account without your knowledge, such as confirming the addition of a new email address or linked external financial account. These notifications are sent to you so that you can be assured that no one is making changes to your account without your knowledge. In other cases, these notifications involve changes to various legal agreements or site policies. Generally you may not opt out of these service related emails.

You can access all of your personal and personally identifiable information that we collect online and maintain by visiting your profile in the My Account section of our site. This section of the site is password-protected to better safeguard your information. As a registered user, you can update your password, email address, physical address, phone number, and financial account information at any time on the website, and if you need to change any other information in your profile you can contact us at customer.care@custudentloans.org. This information, along with all of your other personal data, is maintained in your member profile.

We use cookies on our web site, including session ID cookies and persistent cookies. A cookie is a text file sent by a web server to a web browser, and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser and load the pages according to a user's preferences for that particular site, including the personalization of content. Cookies are not tied to personally identifiable information.

More importantly, using cookies also helps us protect the security of your account. Session ID cookies follow your activities on our site so that we can ensure that no one is making changes to your profile, applying for loans or making loans on your behalf. This information is encrypted.

We may send a cookie that can be stored by your browser on your computer's hard drive. We may use the information we obtain from the cookie in the administration of our web site, to improve its usability and for evaluating our marketing effectiveness as described above. We may also use that information to recognize your computer when you visit our web site (if you select the "remember me on this computer" option, and to personalize our web site for you. Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking "Tools", "Internet Options", "Privacy", and selecting "Block all cookies" using the sliding selector). Blocking cookies, however, can also have a negative impact on the usability of many web sites.

Cookies may have long-term expiration dates and thus can stay in your hard drive for months at a time. While you can remove them as instructed by the help content in your chosen browser, disabling cookies will prevent you from using our site. As with many transactional web sites, cookies must be enabled in order to use our site.

We use a third-party tracking service that uses cookies to track non-personally identifiable information about visitors to our site in the aggregate (such as page views and referral page information to track the success of our marketing efforts to bring people to our site as well as overall site performance). We use a web beacon on one page of the basic member registration form to track the number of new users who join our site in response to certain advertising efforts. No personal or sensitive information is transmitted to advertising partners (but one such partner uses incoming IP addresses to avoid double-counting the number of new members who joined as a result of the advertising campaign).

This privacy policy may not constitute your entire set of privacy rights, as these may also vary from state to state. To be certain of your privacy rights, you may wish to contact the appropriate agency in your state that is charged with overseeing privacy rights of consumers. Certain regulations issued by state and/or federal government agencies may require us to maintain and report demographic information on the collective activities of our membership. We may also be required to maintain your personal information for at least seven years in order to be in compliance with applicable federal and state laws regarding recordkeeping, reporting and audits.

We may offer links to partners' sites. We make the decision to provide links to these sites based on the quality of information provided at the time the links are enabled, and we make every effort to monitor the continuing quality of content provided on these sites. However, these external sites are not subject to this privacy policy. Further, Fynanz has no control over the content of these sites. Please consult the privacy policies on these sites before you provide them with any of your personal information.

Fynanz has instituted industry-leading procedures to safeguard your personal and personally identifiable information through vigorous physical, electronic and operational policies and practices. All data is considered highly confidential. Data can only be read or written through defined service access points, the use of which is password-protected. The physical security of the data is achieved through a combination of network firewalls (there is no direct communication allowed between the database server and the Internet) and servers with hardened operating systems, all housed in a secure facility. Access to the system, both physical and electronic, is controlled and sanctioned by a high-ranking manager.

Further, we also equip our servers with Secure Socket Layer (SSL) certificate technology to ensure that you when you connect to our web site you are actually on our site. SSL also ensures that all data entered into the web site is encrypted. To verify that SSL is being used, look for the key or padlock icon on your browser. For further encryption protection, we use a 128-bit secure browser for logins and transactions. Our site also makes use of "CAPTCHA" technology, which is a test that we use to ensure certain sensitive transactions are being initiated by a human and not by another computer. The test involves viewing a distorted image of a word that a computer would not be able to interpret and then entering in the text shown in the image. Finally, we subject our systems to periodic security audits to ensure that your information is thoroughly protected and secure.

We store all sensitive financial data such as Social Security numbers and financial accounts in a highly secure environment hosted by our partner, Engine Yard, a SAS 70 Type 1 compliant provider. We also maintain physical, electronic, and procedural safeguards that meet or exceed industry standards for financial institutions.

We also employ session time-outs to protect your account. You will be logged out of the site automatically after a specified period of inactivity. This time-out feature reduces the risk of others being able to access your account if you leave your computer unattended.

When we contact you about your account to confirm a funds transfer, we only reference the last four digits of your bank account number; this is done for your protection so that you will recognize the source or destination account as one which you own. Further, we employ strict access standards ensuring that only the senior-most employees or partner representatives have access to your account numbers and other sensitive information. This access is only granted in order to complete transactions which you request or to provide regular ongoing service to your account.

At a minimum, we require the use of both numbers and letters in your password. We have also instituted secure steps by which you can regain access to your account should you forget your password, including the use of a security question. Your password is not known to any employee or third party with whom we may partner, and we will never ask for your password as a means of identifying yourself. You should never share your password with anyone, and if you ever receive an email purporting to come from Fynanz that asks for your password, you should immediately report this development.

Fynanz utilizes state of the art authentication technology to verify identities. However, if a lender suspects that one of their loans belongs to a person who has committed ID theft, please contact us at security@custudentloans.org. Fynanz will work with law enforcement authorities to track down and prosecute anyone who has committed identity theft. Fynanz will reimburse the lender for the unpaid principal balance of loans where the borrower has committed identity theft.

In addition to our own substantial efforts, you can take several precautions to protect the security of your computer and personal information. For instance, you can start by using a well-chosen password. You should avoid using any information that others can easily learn about you, such as a family member's name or birthday, and you can also use special characters in place of letters. We also recommend that you change your password frequently. You can also install and regularly update antivirus and firewall software to protect your computer from external attacks by malicious users. When you are finished with a session on our site, be sure that you log out and close the browser window.

To protect your account, we send automatic notifications confirming certain actions taken on your account, such as changes to a password or external linked account. We do this for your own protection so that you can be sure no one else is making changes to your account without your knowledge. However, the security offered through these notifications can be undermined if other people have access to your email account. Therefore, you might consider restricting access to the email account you registered with on this site and/or changing your password on that email account frequently.

If you use a computer that is accessed by other people, such as in a public library or Internet cafe, we recommend that you take special precautions to protect the security of your account and personal data. When you are finished using our site, you should log out completely, then close the browser window and clear the browser's cache files.

You should also be aware of fraudulent attempts to gain access to your account information known as "phishing." Phishing is a tactic used by scammers in which unsuspecting people are brought to a web site by a genuine-looking email purporting to be from a legitimate company. The phony or "spoof" email takes the person to a web site that looks legitimate but in fact is not. Either in the email itself or on this fake site, scammers will ask for login information to gain access to people's accounts and withdraw their money. Fynanz will never ask you for your login information in the context of any email. In general, you can protect yourself against phishing by never providing personal or login information via an email—instead, go the web site directly. You might also make it a habit to check the URL of a web site to be sure that it begins with the correct domain.

As technologies, laws and user needs change, our site and its features will also change. This policy may be updated from time to time as such needs dictate, and we will always communicate these changes to you by posting them on this web site and/or by notifying you via email in the event of any substantive or material changes.

You may contact us at:
Fynanz, Inc.
Attn: Compliance Department
224 West 30th Street, Suite 604
New York, NY  10001

« Back to Index