Effective: June 8, 2026
Steward Holdings (US), Inc. and its affiliated companies (“Steward,” “us,” “our” or “we”) respect your privacy and we understand that we must collect personal information by lawful and fair means. This Privacy Policy explains what information Steward collects when you use our website, technology, and our related services, how we will use your information, and how you control it, including how to collect, rectify, erase and export your information to another location not associated with Steward. We treat your information in accordance with this Privacy Policy unless you have otherwise given us your express authorization to do otherwise. That authorization may be withdrawn at any time by notifying us at support@gosteward.com. However, Steward may use or disclose your information when we believe it is necessary for us to comply with a court order or other legal process.
To do business with Steward, you must consent to our collection and use of information as explained in this Privacy Policy, and you must agree to be bound by our Terms of Use for our website and technology systems. For Personal Data that we process based on your consent, you have the right to withdraw that consent. You may withdraw your consent by emailing support@gosteward.com with “CONSENT WITHDRAWN” in the subject line. If we post an updated version of this Privacy Policy and you continue to do business with us thereafter, we will conclude that you consent to our updated Privacy Policy. Please note that if you choose to do business with us, you will be required to accept the terms of certain agreements, including, but not limited to, a loan agreement, a promissory note, and a collateral security agreement.
Personal data, sometimes called “personally identifiable information” (“Personal Data”) is information that can be used to identify you as an individual, such as a name, an identification number, location data, or an online identifier. Steward collects Personal Data from you when you use our website and technology platform, including signing up for an account, completing forms or applications, sending us an email through our website, or engaging in a transaction with us. Steward may also collect information which may be contained on server logs, such as your internet protocol (“IP”) address. The Personal Data that we collect may include, but are not limited to, your: (1) name; (2) email address; (3) physical address; (4) date of birth; (5) Social Security Number; (6) information from an identity document such as a passport or driver’s license; (7) business name; (8) business address; (9) articles of incorporation; (10) bank account information; and (11) any other Personal Data you may voluntarily provide. Your bank account information is shared directly and securely with a third-party bank verification platform, Plaid Technologies, Inc. ("Plaid"), and a third-party payment facilitator, Dwolla, Inc. ("Dwolla"). Steward contractually requires that all third-party vendors privy to Personal Data adhere to and implement a data protection program that is consistent with applicable regulations. Additional data that we collect and store may include frequency of visits to our website, time spent viewing pages on our website, date(s) and time(s) of visits to our website, clickstream data, cookies existing on your computer, operating system, browser type, device type used to visit our website (desktop or mobile), and websites viewed before arriving at our website. We collect this information through automated tracking technologies, some of which are discussed below, and we may combine this automatically collected information with other information we collect about you. We do this to improve services we offer you and to improve our website. We also obtain Personal Data from third party sources. Types and uses of such third party sources may include: (1) services used to verify identity and backgrounds; (2) services used for anti-money laundering compliance or screening; or (3) payment facilitation services.
We collect Personal Data about you when you voluntarily provide it through our website and technology platform. For example, we collect information you provide to us when you complete forms on our website, such as when you create your user account, submit a loan application, or complete a transaction. We also collect other information or content from you when you upload it voluntarily to our website. We and our service providers may also collect information about you using various automated technologies on our website such as those described below:
We use these technologies to analyze trends, administer our website, track users’ movements around our website, and gather demographic information about our user base. We may receive reports based on the use of these technologies by third-party companies on an individual as well as aggregated basis. This Privacy Policy does not cover the collection of Personal Data by cookies or other methods by third parties. Third Party websites and Steward’s website may also contain links to other websites and services not maintained by us. In addition, other websites and services may also reference or link to our website. Any information submitted by you to a third party will be controlled by that third party’s privacy policy. We do not control how third parties collect information or how they may use their own cookies to collect information about you. We encourage you to review the privacy policy of third parties before submitting your Personal Data. We do not endorse, screen, or approve, and are not responsible for the privacy practices or the content of other websites or services.
Steward may use the Personal Data we collect about you consistent with this Privacy Policy. When we process and share Personal Data for our own use, or make it available to the recipients described below, we do so either with your consent or in furtherance of our legitimate interests, which include providing the website features that you use, operating our business, meeting our contractual and legal obligations, and protecting the security of our systems and of those who use them. Except as may result from a transaction described in the “Transfer of Your Information” section below, we do not rent or sell your Personal Data to anyone. We will use information you provide to us, including Personal Data, to better serve you and enhance your experience with our website and our products, and for the other purposes described in this Privacy Policy, all of which we regard as being in our legitimate business interests. This may include having to modify or copy Personal Data or other information such as images or textual content you provide in order to provide you with a seamless and enjoyable experience in using our technology. Please refer to the section above entitled “How We May Collect Personal Data About You" for the respective uses we make of web beacons, log file data, and analytics. Steward will use Personal Data and other Information to: (1) market our website, products, and services; (2) analyze data to send more targeted messages to users of our technology platform; (3) conduct research and analyze data to improve our products, services, and technology; (4) enable our vendors and contractors to provide and assist us in the marketing, operation, troubleshooting, and analysis of our website and our products and services; (5) fulfill product and service requests; (6) deliver email messages, like special offers, updates, newsletters, customer service, and service announcements; (7) comply with and meet any regulatory requirements for the offer or sale of loan participations and our related products as required by law; (8) protect our website, technology platform generally, and its users; (9) engage in any other lawful activities we believe are consistent with the foregoing; and (10) investigate fraud, or respond to a government request when required by law (for example, to comply with a subpoena or similar legal process) or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others. We may provide or obtain any of the above services through third parties, which may necessitate sharing Personal Data with them. With regard to our use of your information for marketing, we do not share information beyond Steward’ affiliates.
In addition to other uses described in this Privacy Policy, Personal Data must be provided by those entities seeking financing from Steward (sometimes referred to as “Borrowers”) as well as individuals or entities providing such financing through our technology platform (“Lenders”) to facilitate activities such as: (1) maintaining communications; (2) carrying out regulatory checks; (3) verifying identity, including working with third-party service providers; (4) facilitating payments and other transactions (shared with third-party provider Dwolla and Plaid); (5) guarding against potential fraud; and (6) if necessary, working with our affiliates and third parties to enforce our legal agreements. Steward may post a Lender profile on our website, which may include Personal Data such as name, relationship to the Borrower, if applicable, and photo (if provided). Our website may have a feature that enables you to opt-in to display your whole name along with a short bio, your location, website history, and social media handles. Borrowers seeking financing through Steward must provide more extensive Personal Data, such as the names of their officers and directors and their biographies and backgrounds, that will be viewable by users of our website. Steward may share your Personal Data with our affiliated companies for the lawful purposes set forth in this Privacy Policy and as necessary to provide our products and services to you. Steward employs or contracts with third-parties to perform certain functions or services on our behalf. Examples of these services may include ID verification, financial and credit verification, electronic document signing, payment storing and facilitation, e-mail delivery, disbursement of funds, analyzing data, providing marketing assistance, and providing customer service. Steward may share with these third parties, and these third parties may have access to your information, including Personal Data needed to perform their functions or services for users of our website. However, these third parties may not use your information or Personal Data for other purposes. To the extent that your non-personal data or Personal Data is provided to such third parties, the information will be collected and used by the third parties only to perform their prescribed functions or services.
We may have to transfer your information and Personal Data to a buyer or other successor to our business in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Steward’ assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Data Information held by us about our website users is among the assets transferred.
Personal Data you provide to us is encrypted and stored securely on private cloud servers through third-party service providers that we use in the United States. These server entities are contractually obligated to have redundancies in place to protect the data should an outage or other issue arise. Our objective is to ensure that your Personal Data is processed according to the provisions of this Privacy Policy and the laws of the applicable jurisdiction. The European Commission is authorized under the General Data Protection Regulation (“GDPR”) to determine whether a particular country affords Personal Data an adequate level of protection based on such factors as the data-protection laws in effect in that country, the existence of an independent body with enforcement powers, and the international commitments that the country has made regarding the protection of Personal Data. The Commission has determined that the US offers adequate protection if service providers certify compliance with the EU-U.S. Data Privacy Framework (“DPF”), which was adopted in July 2023. We are committed to ensuring that your data enjoys the rights and protections described in this Privacy Policy whenever it is transferred from the European Economic Area and Switzerland to the United States. Steward believes that it complies with the DPF regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If you have a question or concern related to Steward’s compliance with the DPF, please contact us at support@gosteward.com.
We may send you e-mail communications with general marketing information, even though none of your Personal Data is shared for marketing purposes beyond Steward’s affiliates. If you prefer not to receive such marketing or promotional e-mails, you may unsubscribe via your account dashboard, by emailing us at: support@gosteward.com, or you may choose to stop receiving our newsletter or marketing emails by following the “unsubscribe” instructions included in these emails. However, you cannot opt out of receiving certain types of email communications, such as emails regarding specific transactions you have participated in on our website, legal notices we may be required to provide, or emails responding to specific inquiries from you. Please note that we may need to send you e-mail communications that are transactional in nature and which you will not be able to opt-out of, such as service or termination announcements or payment confirmations.
You have certain rights concerning the Personal Data we collect about you. This includes, among others, the right to access your Personal Data, to object to the processing of your personal data, and to rectify, erase, and export your Personal Data. For Personal Data that we process based on your consent, you have the right to withdraw that consent. You may withdraw your consent by emailing support@gosteward.com with “CONSENT WITHDRAWN” in the subject line. You will be able to view all of your own information that you submit. Certain highly sensitive information (such as your Social Security Number or bank account numbers) may be blocked for security reasons with only the last four digits displayed. You will, subject to our website’s Terms of Use, be able to access, update and modify the information concerning your account by visiting your profile page and editing information you wish to change. For example, you will be able to change your e-mail address, your notification preferences, password, contact information, or other login information by visiting your account’s settings page. Please note that Social Security Numbers are collected solely for the purpose of conducting Know Your Customer and Anti-Money Laundering checks, and, if applicable, to prepare relevant tax documents. In addition, information such as dates of birth and physical addresses are collected for the purpose of verifying Borrower or Lender identities. You can choose to delete your account and any Personal Data associated with your account. However, we will have the right to retain and use your Personal Data as necessary to comply with our legal obligations, provide our services, resolve disputes, and enforce our legal agreements. For example, we may need to retain archival copies of your information for legal or compliance purposes even after you have requested its deletion. We are not responsible for removing your Personal Data from the lists of any third-party websites or other third parties who have previously been provided your information in accordance with this Privacy Policy. We generally retain your Personal Data only for as long as is necessary to accomplish the purposes for which we processed it, including delivering to you the services for which you accessed our website. For certain types of Personal Data, you have provided consent for a retention period of a longer duration than the period we would need to preserve it in order to complete the purposes you intended. If an item of Personal Data is of a particularly sensitive type, we will shorten the retention time period that we would otherwise normally use. In some cases, you have provided Personal Data with the intention that it be retained until you yourself initiate its removal. Nevertheless, in this and other cases, we may be forced to delete the data sooner than you wish if, for example, you exceed the limit on the quantity of data that we can store in your account. Our website may provide automated controls which give you the freedom to delete Personal Data any time you wish. In the absence of such controls, we are likely to prescribe a shortened data retention period. If we adopt a data retention program or schedule prescribing various retention periods for different types of Personal Data, we will post it on our website. There are certain exceptions to our policy of retaining your Personal Data for only as long as is necessary to accomplish the purposes for which you wanted to have the data processed in the first place. We will retain your Personal Data for as long as is necessary to comply with our legal obligations, including contractual obligations, to serve our legitimate interests, and to pursue our rights and remedies and defend ourselves in litigation and other proceedings. We may be required by law to preserve information, including Personal Data, that is relevant to such proceedings for a prescribed period of time. When applicable, we will take appropriate technical and institutional measures to safeguard your rights and freedoms as required by the GDPR. The periods for which we are required to retain data can vary depending upon the data type, the country or other jurisdiction in question, the nature of our interactions with you, or your use of various features of our website and the services we provide through our website. We may be subject to data retention laws or mandatory data removal laws based on content, government orders to preserve data in connection with an investigation, or data required to be retained in adversarial proceedings pursuant to a court order, administrative order, or applicable rules of court or arbitration procedure.
Our website may include certain social media features, such as the Facebook “Follow Us” button and widgets, the “Share This” button, or interactive mini-programs that run on our website. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the third-party website providing such features.
We use reasonable efforts to secure Personal Data in our possession but we are not liable for any failure to safeguard such information, whether inadvertent or otherwise. Information you provide to us is encrypted and stored securely on private cloud servers through our third-party service providers. We take commercially reasonable efforts to store as little sensitive information as possible. We are required to notify you without undue delay in the event of a data breach causing high risk to data subjects. The notification must include at least: the name and contact details of the relevant point of contact; the likely consequences of the data breach; and any measures taken by us to remedy or mitigate the breach. However, we may be exempt from this requirement if the risk of harm is remote because the affected data are protected (e.g., through strong encryption); we have taken measures to protect against the harm (e.g., suspending affected accounts); or the notification requires disproportionate effort (in which case we must issue a public notice of the breach). We and our service providers (who have informed us that they also use reasonable efforts to secure Personal Data) take commercially reasonable efforts to keep secure any Personal Data; however, there is no guarantee that any communication over the public Internet is completely secure at all times. Therefore, neither we nor our service providers shall be held liable for the failure to safeguard Personal Data, whether inadvertent or otherwise, except where you, as a data subject, prove that you have suffered material or non-material damage as a result of our infringement of the GDPR, in which event you shall have the right to receive compensation from us, in our capacity as data controller or processor, for the damage suffered. It is also important for you to protect against unauthorized access to your password and to your computer. Be sure to log off any computer or device you use to access your account on our website after you have finished.
Our technology platform is not intended for use by children. No one under eighteen (18) years of age may use our website, provide any Personal Data, or receive our email distributions. We do not knowingly solicit or collect Personal Data from children under the age of thirteen (13) or anyone under eighteen (18) years of age. If you believe that anyone under these ages has disclosed Personal Data to us, please report this to us immediately by emailing us at support@gosteward.com.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Any changes or updates will be effective immediately upon posting to our website. If we make any material changes to our website, we will take commercially reasonable efforts to notify you by email (sent to the e-mail address specified in your account) or by means of a notice posted on our website. Notwithstanding that, you should review this Privacy Policy regularly for changes, and you can determine if changes have been made by checking the effective date at the beginning of the Privacy Policy. Your continued use of our website following the posting of any modified versions of this Privacy Policy means you accept those changes and agree to be bound by the updated Privacy Policy.
The Steward website and our technology platform generally are maintained in the United States. By accessing our website and platform, you consent to and authorize the export of your Personal Data to the United States and its storage and use as specified in this Privacy Policy. For users in the EU, you have the right to bring a complaint with the independent public authority responsible for data protection in the EU member country of your residence, place of work, or place where you think our processing of your Personal Data infringed the GDPR. Before you do so, we ask that you give us the opportunity to resolve your complaint to your satisfaction within thirty (30) days of your contacting us about it at support@gosteward.com. Please check back regularly for updates to this Privacy Policy. If you have any questions regarding this Privacy Policy, please email us at support@gosteward.com.
You can also access the Consumer Financial Protection Bureau’s standardized Gramm-Leach-Bliley Act (GLBA) privacy policy summary here for your reference.