Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how MCA Simplified(“MCA Simplified,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with our merchant cash advance (MCA) operating platform, our marketing website, and related services (collectively, the “Services”). It applies to the brokers, ISOs, and funding shops who subscribe to the platform, the visitors to our website, and the individuals whose data is entered into the platform.

Two roles at a glance

For the personal information of our own customers (the broker accounts who sign up), prospects, and website visitors, we act as a data controller. For the merchant, owner, and financial information our broker customers enter into the platform about their own clients, we act as a data processor — we process that data only on the documented instructions of the broker, who is the controller of it.

Your data is never sold or shared

We do not sell, rent, or share your merchant lists, funder relationships, deal terms, or any other broker workspace data with other brokers, advertisers, data brokers, or any third party for their own marketing or monetization purposes. Your workspace is fully isolated from every other broker on the platform, and the only people who can access it are the users you invite. The data security and confidentiality commitments on this page apply across all of MCA Simplified at mcasimplified.com — see also our Terms of Service for our binding contractual obligations to you.

1. Information we collect

The information we collect depends on how you interact with the Services.

Account & profile data. When a broker, ISO, or funding shop creates an account, we collect names, business names, email addresses, phone numbers, job titles, and login credentials for the users on that account.

Billing data. To process subscriptions we collect billing contact details and the last four digits and expiry of a payment card. Full card numbers are handled directly by our PCI-compliant payment processor and are never stored on our servers.

Merchant & deal data (processed on behalf of our customers). Our broker customers use the platform to manage their own clients. In doing so they enter information such as merchant business details, owner and contact PII, uploaded documents (for example bank statements, tax IDs, and applications), submission packages, funder offers (amount, term, factor rate, daily or weekly remittance, expiry), and funded-deal records (amount funded, remittance schedule, remaining balance, total paid, maturity date, and renewals). We process this merchant and financial information only as a processor on behalf of the broker customer, under their control and instructions.

Usage & device data. When you use the Services we automatically collect log data such as IP address, browser type, device identifiers, pages viewed, features used, and timestamps.

Communications. When you request a demo, contact support, or email us, we collect the contents of those communications and your contact details.

2. How we use it

We use the information we control to:

  • Provide, operate, secure, and maintain the Services;
  • Create and administer accounts, authenticate users, and enforce role-based access;
  • Process subscriptions, invoices, and payments;
  • Respond to demo requests, support tickets, and other inquiries;
  • Monitor performance, debug issues, and prevent fraud, abuse, and security incidents;
  • Improve and develop new features and analyze aggregate usage trends;
  • Send service and transactional messages, and — where permitted — product updates you can opt out of.

We process merchant and financial data entered by our broker customers solely to deliver the platform to them. We do not use that merchant data for our own purposes, do not sell it, and do not use it to train machine-learning models.

Where the GDPR or UK GDPR applies, we rely on the following legal bases to process personal information we control:

  • Contract — to provide the Services to our customers and administer their accounts;
  • Legitimate interests — to secure the platform, prevent fraud, understand usage, and market to businesses, where those interests are not overridden by your rights;
  • Consent — for non-essential cookies and certain marketing communications, which you may withdraw at any time;
  • Legal obligation — to meet tax, accounting, and other regulatory requirements.

When we act as a processor for merchant and financial data, the broker customer (as controller) is responsible for establishing the legal basis for that processing.

4. Sharing & subprocessors

We do not sell personal information. We share it only in the following circumstances:

  • Subprocessors. We engage vetted vendors to host and operate the Services — including cloud infrastructure and storage, payment processing, email delivery, error monitoring, and product analytics. Each is bound by a written data processing agreement and may only use the data to provide services to us.
  • At a customer’s direction.A broker customer may direct that data be shared with funders or other third parties as part of their own workflow; that sharing is governed by the broker’s instructions and agreements.
  • Legal & safety. We may disclose information to comply with law, valid legal process, or to protect the rights, safety, and security of users, the public, or MCA Simplified.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred subject to this Policy.

A current list of subprocessors is available on request at sales@mcasimplified.com.

5. Data security

We treat the data on our platform the way a financial institution would. We apply administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption of data in transit (TLS) and at rest;
  • Role-based access controls so owners, reps, and processors only see what they need;
  • Audit logging of changes to records;
  • Network isolation, least-privilege access for our staff, and regular security reviews.

No method of transmission or storage is completely secure, but we work continuously to protect your information and to notify affected parties of any incident as required by law.

6. Data retention

We retain personal information we control for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. For merchant and financial data we process on behalf of broker customers, retention is controlled by the customer; we delete or return that data when the customer instructs us to, or within a reasonable period after their subscription ends, except where law requires us to retain it.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing or withdraw consent. To exercise these rights for information we control, contact us at sales@mcasimplified.com. If a request concerns merchant or financial data held in a broker’s account, we will refer you to the relevant broker (the controller) and assist them in responding. We will not discriminate against you for exercising your rights, and you may have the right to lodge a complaint with your local data protection authority.

8. Cookies & analytics

Our website and platform use cookies and similar technologies for essential functions (such as keeping you signed in), to remember preferences, and to understand how the Services are used. We use a privacy-conscious analytics provider to measure aggregate traffic and feature usage. You can control non-essential cookies through your browser settings or any cookie banner we present; disabling some cookies may affect how the Services function.

9. International transfers

MCA Simplifiedoperates in the United States, and our subprocessors may process data in the United States and other countries. Where we transfer personal information across borders, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms — to ensure your information remains protected.

10. Children

The Services are built for businesses and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice through the Services or by email. Your continued use of the Services after an update takes effect means you accept the revised Policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, or wish to exercise your rights, contact us at sales@mcasimplified.com. If you reached this page through a broker’s branded portal and your question concerns your own merchant or deal data, please also contact that broker, who controls that information.