This Privacy Policy describes how Jaris, Inc. and its affiliates that provide or support the Services ("Jaris," "we," "us," or "our") collect, use, disclose, and protect information in connection with the Jaris platform, websites, APIs, and related services (collectively, the "Services").

This Privacy Policy applies to:

• merchants and business applicants ("Merchants"),
• individuals acting on behalf of a Merchant, such as beneficial owners, control persons, and authorized representatives ("Associated Individuals"), and
• partner platforms, referral partners, independent sales organizations, and other third parties that facilitate access to or interact with Merchant information through the Services under a separate agreement with Jaris (each, a "Partner"), solely to the extent permitted under the applicable agreement and service schedules.

The Services are offered exclusively for commercial and business purposes. Jaris does not provide consumer personal-use products. Any information relating to individuals is processed solely in connection with a business customer or business application.

Certain financial products and accounts made available through the Services are provided by Jaris's bank partners ("Bank Partners") and are subject to additional notices described below.

For purposes of this Privacy Policy, "Personal Information" means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual, as that individual is associated with a business customer or business application.

Jaris's Role and Regulatory Position

Jaris is a technology platform and program-management provider. Jaris is not a bank, lender, broker, custodian, or money transmitter.

All loans, settlement accounts, and other bank-regulated financial products accessible through the Services are offered, originated, funded, held, and serviced by Bank Partners. Bank Partners retain sole authority over credit decisions, eligibility, pricing, approval or denial, funding, settlement, repayment mechanics, servicing decisions, and regulatory compliance for bank products.

Jaris acts only as:

• a technology provider,
• a program manager,
• a service provider or data processor on behalf of Bank Partners, and
• where authorized, a servicing or servicing-adjacent provider under Bank Partner instructions and applicable law.

Jaris does not make credit decisions, determine eligibility, set loan terms, approve or deny applications, or control merchant funds. Except as expressly authorized in writing by an applicable Bank Partner and permitted by applicable law, Jaris does not act as agent, fiduciary, trustee, custodian, or representative of the Merchant.

Information We Collect

We collect information necessary to operate the Services, support Merchant onboarding and servicing, and facilitate Bank Partner products in accordance with Bank Partner requirements and applicable law. The specific information collected depends on the Services used.

Business and Merchant Information

We collect information about Merchants, including:

• legal business name and trade names,
• business address and contact information,
• business structure, formation details, and industry or business type,
• tax identification numbers (such as EINs, or SSNs for sole proprietors),
• business documentation and licenses,
• settlement and payout configuration information, and
• transaction, settlement, and operational data generated through use of the Services.

Associated Individual Information

We collect information about Associated Individuals as required for business onboarding, compliance, and Bank Partner products, including:

• names, titles, and contact details,
• dates of birth,
• government-issued identifiers,
• ownership and control information,
• identity verification results, and
• fraud and risk indicators.

Application and Onboarding Information

In connection with applications for Bank Partner products or other Services, we may collect:

• application data and declarations,
• consent records and authorizations,
• identity, business, and bank account verification outputs,
• underwriting-related inputs collected on behalf of and at the direction of Bank Partners, and
• supporting documentation submitted through Jaris-managed interfaces.

Partners are not authorized to collect or submit Bank Partner applications, underwriting materials, or bank-required disclosures outside Jaris-managed interfaces or APIs.

Bank Account and Financial Connectivity Information

Where a Merchant elects to link a bank account or provide financial data, we may collect bank account identifiers, balances, and transaction data as required to provide the Services or support Bank Partner products.

Jaris uses bank connectivity and data aggregation providers, including Plaid, Inc., to access financial institution data at the Merchant's direction. Information accessed through Plaid is used solely for purposes permitted by the Merchant, required by the Bank Partner, or necessary to provide the Services. Plaid's handling of information is governed by its own privacy policy, available at https://plaid.com/legal/#end-user-privacy-policy.

Automatically Collected and Operational Information

We automatically collect information related to use of the Services, including:

• device and browser information,
• IP addresses and log data,
• authentication and access records,
• platform usage metrics, and
• security and audit logs.

This information is used to operate, secure, and maintain the Services.

Sensitive Information

We collect non-public personal information only as necessary for business onboarding, identity verification, fraud prevention, compliance with law, or to meet Bank Partner requirements. Highly sensitive data elements such as government identifiers and bank account numbers are tokenized or otherwise protected using industry-standard security controls.

How We Use Information

We use Personal Information to:

• provide, operate, and maintain the Services,
• onboard and service Merchants,
• facilitate applications for Bank Partner products,
• perform servicing, reporting, and compliance functions authorized by Bank Partners,
• detect and prevent fraud, misuse, and security incidents,
• comply with legal, regulatory, and Bank Partner requirements,
• support audits, dispute resolution, and risk management,
• analyze website traffic and marketing effectiveness on our marketing website (jaris.io) using analytics and advertising tools,
• send marketing and promotional communications regarding Jaris-supported programs, products, and services, to the extent permitted by applicable law, and
• communicate with Merchants regarding operational, administrative, or compliance matters.

We may use business contact information such as email address, as well as business attributes such as business type, industry, and processing characteristics, to tailor marketing and promotional communications about Jaris-supported programs and services. You may opt out of marketing communications at any time by following the unsubscribe instructions included in any marketing email or by contacting us at the address provided below. Opting out of marketing communications does not affect operational, transactional, or compliance-related communications.

We do not sell Personal Information as that term is defined under applicable privacy laws. We do not use Personal Information for cross-context behavioral advertising.

Automated Decision-Making and Artificial Intelligence

The Services may use automated tools, including artificial intelligence, in connection with fraud detection, identity verification, risk assessment, application processing, and other operational functions.

Disclosure of Information

We may disclose information to the following categories of recipients, subject to contractual and legal restrictions:

Bank Partners

We disclose information to Bank Partners and their authorized service providers to originate, underwrite, fund, administer, service, and support bank-regulated financial products. Where information is subject to banking privacy laws, Bank Partner privacy notices govern its use and disclosure.

Legal and Regulatory Disclosures

We may disclose information to regulators, auditors, law enforcement, or other authorities where required or permitted by law.

Service Providers

We disclose information to vendors and service providers performing services on our behalf, such as identity verification, KYB, fraud prevention, bank connectivity, hosting, security, communications, and customer support. Service providers are contractually restricted to using information solely to provide services to Jaris.

Partners

We may provide Partners with limited, summary-level outputs, such as application status indicators or product enrollment confirmations, solely to support business onboarding, merchant support, or referral tracking. Partners do not receive consumer reports, regulated credit data, or detailed underwriting information and are prohibited from using information for independent underwriting, marketing, or credit decisioning.

GLBA Privacy Notice

Certain information collected in connection with applications for or use of Bank Partner financial products is subject to the Gramm-Leach-Bliley Act (GLBA). Jaris processes nonpublic personal information solely pursuant to written agreements with applicable Bank Partners and in accordance with their privacy notices and regulatory obligations.

Where GLBA applies:

• Jaris processes information on behalf of the applicable Bank Partner,
• the Bank Partner's privacy notice governs the use and sharing of nonpublic personal information, and
• state privacy rights may be limited as permitted by law.

Merchants applying for or using Bank Partner products will receive a separate Bank Partner privacy notice at the time of application or account opening, as required by law. Bank Partner records, underwriting criteria, credit models, and monitoring outputs are governed exclusively by Bank Partner requirements and are not made available to Partners other than limited status or summary outputs expressly permitted under applicable agreements.

Fair Credit Reporting Act (FCRA)

Jaris may obtain or process consumer reports or other regulated credit data solely on behalf of Bank Partners and only for permissible purposes under the Fair Credit Reporting Act. Partners do not receive consumer reports and do not have a permissible purpose under the FCRA through the Services. Jaris does not independently establish a permissible purpose under the FCRA; any consumer report access occurs solely at the direction of and under the permissible purpose of the applicable Bank Partner.

Data Retention

We retain Personal Information as long as necessary to:

• provide the Services,
• comply with legal, regulatory, and Bank Partner requirements, and
• support audits, dispute resolution, and risk management.

Retention periods vary based on the nature of the information and applicable obligations. Certain information may be retained for extended periods where required by Bank Partner policies or law. Personal Information may also be retained in backups, archives, audit logs, or records where retention is required to satisfy Bank Partner requirements, legal obligations, or regulatory directives.

Data Security

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, or disclosure. No system is completely secure, and we cannot guarantee absolute security.

Rights and Requests

Depending on jurisdiction, individuals associated with a Merchant may have rights to access, correct, or request deletion of certain information. These rights are subject to:

• verification of identity and authority to act on behalf of a business,
• legal and regulatory retention requirements, and
• GLBA and FCRA limitations.

We will respond to verified requests within the timeframes required by applicable law. We may require additional information to verify your identity and authority to make requests on behalf of a business before processing your request.

Cookies and Platform Technologies

We use cookies and similar technologies to operate, secure, and improve the Services. On our marketing website (jaris.io), we also use analytics and advertising technologies, including Google Analytics, Google Ads, LinkedIn, and HubSpot, to measure website performance, understand how visitors find and interact with our site, and support our business marketing efforts. These technologies may collect device, browser, and interaction data. We do not use cookies or similar technologies on the Jaris platform to serve targeted advertising to Merchants. Cookie preferences may be managed through browser settings.

Analytics and advertising technologies described above are used solely on the public-facing marketing website (jaris.io) and are not deployed within the authenticated merchant platform, dashboards, or Jaris-managed servicing interfaces. Jaris does not use underwriting data, settlement data, repayment history, credit information, or other financial product data for cross-context behavioral advertising or targeted advertising on third-party platforms.

Children's Information

The Services are not directed to individuals under 18, and we do not knowingly collect information from children.

State-Specific Rights

Much of the information processed through the Services relates to individuals acting in a business capacity on behalf of a Merchant and constitutes business-to-business data. To the extent information is collected, processed, or maintained in connection with financial products offered by Bank Partners, such information may be subject to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), or other federal financial privacy laws. Information governed by those laws may be exempt from certain state privacy rights, including rights to deletion, correction, or limitation of processing, to the extent permitted by applicable law.

Certain state privacy laws may provide additional rights to individuals, subject to applicable exemptions and limitations, including those relating to business-to-business data and information governed by federal financial privacy laws. Requests may be submitted as described above and will be handled in accordance with applicable law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date. Continued use of the Services constitutes acceptance of the updated Privacy Policy.

Contact Us

Jaris, Inc.
PO Box 117567
Burlingame, CA 94011
Email: privacy@jaris.io