Privacy Policy & GLBA Notice

Who we are & the scope of this policy

Get A Cash Advance Today, LLC is a Missouri consumer-finance company organized as a limited-liability company under the laws of the State of Missouri, with offices at 5587 Thousand Oaks Dr, Kansas City, MO 64152-5509, owned and operated by Ivo Baltic. We are licensed to extend unsecured personal installment loans of $500 to $15,000 to qualified residents of the United States, with annual percentage rates between 5.99% and 35.99% and terms between 3 and 60 months.

This Privacy Policy applies to all personal information we collect through our website at getacashadvancetoday.com, our forthcoming iPhone application, our customer-service telephone line, and our paper or PDF correspondence. It also functions as our Initial Privacy Notice under the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.) and Regulation P (12 C.F.R. Part 1016), as administered by the Consumer Financial Protection Bureau.

By submitting an application, accessing your account, or otherwise interacting with us, you acknowledge that you have read this policy and understand how we treat the information you provide.

The information we collect, by category

We collect the following nine categories of information — nothing more, nothing less. Each category is bound to a specific lending or operational purpose listed in section 3.

• Identifiers. Legal first and last name, date of birth, U.S. Social Security number (collected only at the underwriting confirmation step), driver's license or state-ID number where required by federal Customer Identification Program rules.
• Contact information. Email address, mobile or landline phone number, residential street address, ZIP code.
• Financial-account information. Bank-account routing number and account number for the ACH funding instruction; we do not store full card numbers.
• Income & employment. Gross annual pre-tax income, employment type, and where required, employer name and tenure.
• Loan parameters. Requested principal, term, stated purpose, amortization preferences.
• Consumer-report data. The contents of the credit-bureau report obtained under FCRA § 1681b at underwriting, including credit score, trade lines, public records, inquiries.
• Communication records. Email correspondence, support submissions, recorded telephone calls (with prior verbal disclosure).
• Device & site-usage information. IP address, user-agent string, referring URL, pages viewed, click-stream within the application, time-on-page, calculator slider values.
• Geolocation. Coarse, IP-derived city- or state-level location only. We do not collect device-precise GPS coordinates.

How we use your information

We use the categories above for a closed list of seven business purposes:

• Credit underwriting. Evaluating your application in line with ECOA Reg B and our published rate-tier matrix.
• Identity verification. Customer Identification Program (USA PATRIOT Act § 326), OFAC sanctions screening, fraud-prevention review.
• Account servicing. Disbursing funds, scheduling payments, processing payoffs, issuing 1098 / 1099 / 1042-S tax forms.
• Regulatory compliance. FCRA furnishing, GLBA safeguards, BSA / AML reporting, state lender-license filings.
• Customer support. Resolving payment, dispute, or hardship requests; recording calls for quality and training.
• Site & product improvement. Aggregated, de-identified analytics on calculator use and application-funnel completion.
• Adverse-action mailing. Sending the written denial notice within 30 days, as required by Regulation B.

We do not use your information for unsolicited cross-sell of insurance, retail, or affiliate-marketing offers, and we do not sell or rent it to any third party for those purposes.

Gramm-Leach-Bliley Act financial-privacy

Under the Gramm-Leach-Bliley Act and Regulation P, we are required to inform you, on an annual basis and at the inception of every customer relationship, of the categories of nonpublic personal information ("NPI") we collect about you and the categories of affiliated and non-affiliated third parties with whom we share that NPI.

This notice is our Initial Privacy Notice. We will deliver a substantively identical Annual Privacy Notice not later than each anniversary of your loan-funding date, by email, postal mail, or in-product disclosure.

The categories of NPI we collect are those listed in section 2. We do not share NPI with non-affiliated third parties for joint-marketing arrangements; consequently the GLBA opt-out right does not apply. We do share NPI with the parties permitted by 12 C.F.R. Part 1016 — our loan-servicing platform, our ACH originator, the consumer-reporting agencies, our state regulators on demand, and our outside legal counsel and accountants under written confidentiality covenants.

Sharing & third-party disclosures

The exhaustive list of third-party processor categories is the following six. Each is bound by a written data-processing agreement that limits use to the disclosed purpose and prohibits onward transfer.

• Consumer-reporting agencies. Equifax, Experian, TransUnion — for the FCRA § 1681b underwriting pull and the subsequent monthly furnishing of payment status.
• Identity-verification provider. A vendor under SOC 2 Type II audit performing CIP checks against government and OFAC databases.
• ACH origination & banking partner. An FDIC-insured U.S. bank executing the inbound funding ACH and the recurring outbound debit.
• Loan-management software. A SOC 2-audited servicing platform that hosts the loan ledger and runs the amortization scheduler.
• Email & document-delivery vendor. A transactional email provider that delivers Truth-in-Lending disclosures, statements, and adverse-action notices.
• Government and regulators. The Missouri Division of Finance, the CFPB, the IRS for tax-form filings, and any other authority with a valid subpoena, summons, or examination order.

Consumer-report inquiries (Fair Credit Reporting Act)

By submitting a complete application and ticking the FCRA authorization box, you authorize us to obtain a hard-pull consumer report from one or more of the nationwide consumer-reporting agencies for the permissible purpose of credit underwriting under 15 U.S.C. § 1681b(a)(3)(A). The hard-pull will appear on your credit report and may temporarily depress your FICO score by a small number of points.

If your application is declined, FCRA § 615(a) and Regulation B § 1002.9 jointly require us to send you, within thirty days, a written adverse-action notice stating the principal reason(s) for the denial and identifying the consumer-reporting agency that furnished the report.

If your application is approved and the loan is funded, we will furnish your monthly payment status to the consumer-reporting agencies for the duration of the loan and for seven years after closure, as permitted by the FCRA.

Cookies & site analytics

We use a minimal set of strictly necessary first-party cookies to keep your application progress alive across page reloads and to maintain the rate-calculator slider state. We do not deploy advertising cookies, retargeting pixels, or third-party analytics scripts that profile you across the open web.

For aggregated traffic measurement we run a self-hosted, IP-anonymized server-side counter. Our servers retain seven days of access logs for security-monitoring purposes.

You may set your browser's Do Not Track or Global Privacy Control header; we will respect it as a request to opt out of any future profiling.

Data retention & minimization

We retain personal information only for as long as is necessary to fulfil the purposes listed in section 3 or to comply with a longer statutory retention period.

• Application records (declined). Twenty-five months from the adverse-action notice, per Reg B § 1002.12.
• Application records (approved & funded). The longer of seven years from loan closure or the period mandated by the IRS for tax records.
• Consumer-report copies. No longer than the underwriting decision date.
• Communication records. Three years from the date of the communication.
• Site-usage logs. Seven days for raw access logs; aggregated counters indefinitely.

Data security & the GLBA Safeguards Rule

Our information-security program is designed to satisfy the GLBA Safeguards Rule (16 C.F.R. Part 314) and to meet, where applicable, the requirements of NIST SP 800-53 moderate-baseline controls.

All personal information is encrypted in transit using TLS 1.3; at rest, application-database fields containing identifiers, financial-account numbers and consumer-report data are encrypted with AES-256 envelope encryption with key custody rotated quarterly. Access to production systems is gated by hardware-backed multi-factor authentication and recorded in immutable audit logs reviewed weekly. We perform an annual third-party penetration test and a tabletop incident-response exercise.

Your CCPA & state-level privacy rights

If you are a California resident, the California Consumer Privacy Act entitles you to: (i) request a copy of the personal information we have collected in the preceding twelve months; (ii) request deletion of personal information not subject to a legal retention duty; (iii) request correction of inaccurate personal information; (iv) opt out of any sale or sharing of your personal information; and (v) be free from retaliation for exercising any of the above. Submit a verifiable request by emailing ibaltic@getacashadvancetoday.com with "CCPA Request" in the subject line.

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) and other states with comprehensive privacy statutes hold substantively similar rights, exercisable through the same email channel.

We do not sell, share, or otherwise monetize personal information for advertising or third-party-marketing purposes.

Children's privacy (COPPA)

Our services are intended exclusively for individuals aged 18 or older. We do not knowingly collect personal information from any individual under the age of 13, and the application form rejects any submission with a stated date of birth fewer than eighteen years prior to the submission date.

If we discover that we have inadvertently collected personal information from a minor, we will delete it within seven business days and notify the minor's parent or legal guardian.

International transfers

Get A Cash Advance Today is a Missouri company serving United States residents only. All processing of personal information takes place on servers located in the continental United States, and all third-party processors enumerated in section 5 are likewise U.S.-resident or maintain U.S.-only data residency for our account.

We do not knowingly accept loan applications from non-U.S. residents and will void any application that reveals a foreign permanent address.

Updates to this policy

We may revise this Privacy Policy from time to time to reflect changes in law, in our service offering, or in the categories of third-party processors we engage. We will post any revised version on this page with an updated effective date at the top, and where the change is material we will additionally email a notice to all customers with an active loan or open application not less than thirty days before the change takes effect.

Contact & complaints

For questions about this Privacy Policy, to exercise any consumer-privacy right described above, or to submit a complaint:

Get A Cash Advance Today, LLC
Attn: Privacy Officer (Ivo Baltic, Owner)
5587 Thousand Oaks Dr
Kansas City, MO 64152-5509
Email ibaltic@getacashadvancetoday.com
Phone +1 (601) 871-0865

Unresolved complaints may be directed to the Missouri Division of Finance, 301 W. High Street, Room 630, Jefferson City, MO 65101, or to the Consumer Financial Protection Bureau at consumerfinance.gov/complaint.