Privacy Policy

How Summit Data Solutions LLC collects, uses, and protects your personal and financial information.

Effective Date: March 16, 2026
1

Introduction

Summit Data Solutions LLC ("Summit Data Solutions," "we," "our," or "us") operates the websites summitdatasolutions.com and summitdata.us. We are a credit reseller serving mortgage lenders and brokers by providing tri-merge credit reports and FICO scores.

This Privacy Policy describes the types of information we collect, how we use and protect that information, and the choices you have regarding your data. By accessing our websites or using our services, you agree to the practices described in this policy.

2

Information We Collect

We collect information in several ways depending on how you interact with our services.

Information You Provide Directly

  • Business contact details (name, email address, phone number, company name, job title)
  • Account registration information (username, password)
  • Borrower personal information submitted through credit report requests (full legal name, Social Security Number, date of birth, current and previous addresses)
  • Financial information related to credit report orders (loan type, property address)
  • Communications you send to us (emails, support inquiries, form submissions)

Information Collected Automatically

  • Device information (browser type, operating system, screen resolution)
  • Usage data (pages viewed, time spent on pages, click patterns)
  • IP address and approximate geographic location
  • Cookies and similar tracking technologies (see Section 7)

Information from Third Parties

  • Credit bureau data (Equifax, Experian, TransUnion) obtained to fulfill credit report requests
  • FICO scores associated with credit report orders
  • Data from Loan Origination Systems (LOS) used to process credit requests
3

How We Use Your Information

We use the information we collect for the following purposes:

  • Fulfilling credit report requests and delivering tri-merge reports and FICO scores to authorized mortgage professionals
  • Managing your account and providing customer support
  • Processing transactions and sending related notices (order confirmations, invoices)
  • Communicating with you about our services, updates, and promotional offers (with your consent where required)
  • Improving our website, services, and user experience
  • Ensuring compliance with the Fair Credit Reporting Act (FCRA) and other applicable laws
  • Detecting, investigating, and preventing fraudulent or unauthorized activity
  • Meeting our legal and regulatory obligations
4

Data Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

Service Providers and Partners

  • Credit bureaus (Equifax, Experian, TransUnion) to process credit report requests on behalf of our clients
  • Technology and infrastructure partners who help us operate our platform (hosting, security, analytics)
  • Payment processors to handle billing and transactions

Authorized Recipients

  • Mortgage lenders and brokers who are authorized to receive credit reports under the FCRA
  • Loan Origination System (LOS) platforms through which credit reports are ordered and delivered

Legal Requirements

  • When required by law, regulation, subpoena, court order, or governmental request
  • To protect the rights, safety, or property of Summit Data Solutions, our clients, or the public
  • In connection with a merger, acquisition, or sale of assets (with appropriate notice)
5

FCRA Compliance

As a credit reseller, Summit Data Solutions is subject to the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681 et seq. We take our obligations under the FCRA seriously and maintain strict compliance with all applicable provisions.

Our FCRA compliance practices include:

  • Permissible Purpose Verification: We verify that every credit report request has a permissible purpose under the FCRA before processing the order
  • End-User Certification: All clients must certify their permissible purpose and agree to our end-user terms before accessing credit data
  • Data Accuracy: We deliver credit data exactly as received from the credit bureaus without modification or alteration
  • Dispute Handling: We support the consumer dispute process as required by the FCRA and work with credit bureaus to address inaccuracies
  • Record Retention: We maintain records of all credit report requests, including the identity of the requestor and the permissible purpose cited, in accordance with FCRA requirements
  • Access Controls: Credit data is accessible only to credentialed, authorized users with verified permissible purpose
6

Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your information. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Multi-factor authentication for account access
  • Role-based access controls limiting data access to authorized personnel
  • Regular security assessments and vulnerability testing
  • Secure data centers with physical access controls
  • Employee security training and background checks
  • Incident response procedures for potential data breaches

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly notifying affected parties and regulators in the event of a data breach as required by applicable law.

7

Cookies and Tracking Technologies

Our websites use cookies and similar technologies to improve your experience and understand how our services are used.

Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly, including session management and security features
  • Analytics Cookies: Help us understand how visitors interact with our website so we can improve performance and content
  • Functional Cookies: Remember your preferences and settings to provide a more personalized experience

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of our website. We do not use advertising or behavioral tracking cookies.

8

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Credit Report Records: Retained for a minimum of five (5) years as required by the FCRA and related regulations
  • Account Information: Retained for the duration of your active account and for a reasonable period after account closure
  • Website Usage Data: Generally retained for up to twenty-four (24) months

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

9

Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information, subject to legal retention requirements
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Opt-Out: Opt out of receiving marketing communications at any time
  • Restriction: Request that we restrict the processing of your information under certain circumstances

To exercise any of these rights, please contact us using the information in Section 12. We will respond to your request within the timeframe required by applicable law.

Note: Certain rights may be limited where we are required to retain information for legal or regulatory compliance, including FCRA obligations.

10

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

Your California Rights

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we have shared it
  • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising purposes
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To submit a request under the CCPA/CPRA, please contact us at info@summitdatasolutions.com. We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.

Please note: Credit report data processed on behalf of our mortgage lender and broker clients may be exempt from certain CCPA/CPRA provisions under the Gramm-Leach-Bliley Act (GLBA) and FCRA exemptions.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12

Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:

Summit Data Solutions LLC

Email: info@summitdatasolutions.com

Website: summitdatasolutions.com

We aim to respond to all privacy-related inquiries within thirty (30) business days.