Privacy Policy

This Privacy Policy (the “Policy”) describes how Omnia Capital Partners USA LLC, a Wyoming limited liability company, d/b/a Grad Capital (“Grad Capital,” “we,” “us,” or “our”), collects, uses, discloses, retains, and safeguards personal information that we obtain through our websites, including gradcapital.one and any successor or related domains, our online intake and application flows, our mobile experiences, our capital-advisory and concierge services, our email and SMS communications, and any other interactions you have with us (collectively, the “Services”).

This Policy applies to information about prospective applicants, applicants, guarantors, principals, partners, referral sources, vendors, and visitors to the Services. It does not apply to information we receive about you solely in your capacity as an employee, officer, director, or contractor of a business customer for the limited purpose of evaluating that business’s application; that information is handled under our Gramm-Leach-Bliley Act (“GLBA”) notice to the extent applicable.

1. Information We Collect

1.1 Information You Provide

• Identifiers and contact data: full name, business name, postal address, email address, mobile telephone number, date of birth, government-issued identification information, and Social Security Number or Individual Taxpayer Identification Number (collected only when reasonably necessary, including for identity verification, anti-money-laundering screening, or to obtain a consumer report).
• Business and financial information: entity structure, time in business, industry, NAICS code, ownership percentages, revenue, deposits, outstanding debt and merchant-cash-advance balances, bank statements, tax returns, K-1s, profit-and-loss statements, balance sheets, accounts-receivable agings, and use-of-funds.
• Self-reported credit information: credit-band selection, prior stacking activity, and related responses you provide in our intake or concierge interactions.
• Consent and authorization records: records of your TCPA, electronic-signature, e-consent, credit-pull authorization, bank-data-sharing authorization, and any other consents you provide.
• Communications: emails, SMS messages, voice-mail, and call recordings (where permitted by law and where notice is provided), as well as documents and attachments you upload.

1.2 Information Collected Automatically

• Device and log data: IP address, device identifiers, browser type, operating system, referring/exit URLs, pages viewed, session timestamps, and approximate geolocation derived from IP.
• Cookies and similar technologies: first- and third-party cookies, pixel tags, local storage, and session-replay technologies used for authentication, security, analytics, attribution, and (where consented) marketing. See Section 8 (Cookies and Tracking).
• Telemetry: in-product events such as scan progress, form completion, score state, and error reports.

1.3 Information from Third Parties

• Consumer reporting agencies (“CRAs”): business and (with your authorization) consumer credit reports, scores, public records, and identity-verification data, in accordance with the federal Fair Credit Reporting Act (“FCRA”) and applicable state analogs.
• Bank-data aggregators (e.g., Plaid): account ownership, balances, transactions, counterparties, and historical deposit data, used only as authorized by you and for the purposes described to you at the point of connection.
• Funding partners and brokers: indicative offers, term sheets, decline reasons, and performance data on submitted files.
• Public sources and licensed databases: Secretary of State filings, business registries, UCC filings, lien and judgment data, OFAC/sanctions lists, and adverse-media databases.
• Marketing and analytics providers: aggregated audience data, conversion data, and attribution data subject to applicable law and your cookie preferences.

2. How We Use Information

We process personal information for the following business purposes:

• To evaluate, underwrite, broker, and arrange business-purpose financing transactions;
• To verify identity, ownership, and authority, and to satisfy “Know Your Customer,” anti-money-laundering, sanctions-screening, and beneficial-ownership obligations;
• To compute and display the Capital Readiness Score, indicative ranges, matched product tiers, and similar tools, which are not credit decisions and not guarantees of approval;
• To communicate with you about the Services, your application, your file status, servicing matters, and (subject to your consent and our internal preferences) marketing communications;
• To maintain, secure, monitor, debug, and improve the Services, including session-replay, fraud-detection, and abuse-prevention;
• To comply with applicable laws, regulations, court orders, subpoenas, and lawful requests by public authorities, including state commercial-financing-disclosure regimes;
• To establish, exercise, or defend legal claims, including in connection with arbitration, mediation, or litigation;
• To enforce our Terms of Use, partner agreements, and other contractual rights; and
• For other purposes disclosed at the time of collection or with your consent.

3. Legal Bases (where applicable)

Where the General Data Protection Regulation, UK GDPR, Canadian PIPEDA, or a similar regime applies, we rely on the following legal bases: (a) performance of a contract or pre-contractual steps; (b) compliance with a legal obligation; (c) our legitimate interests in operating, securing, and improving the Services, provided those interests are not overridden by your rights; and (d) your consent, which you may withdraw at any time without affecting prior processing.

4. How We Share Information

We disclose personal information to the following categories of recipients:

• Funding sources, capital markets, and broker counterparties for the purpose of obtaining indicative offers and consummating a transaction;
• Service providers and processors bound by written contracts limiting their use of data, including hosting, infrastructure, identity-verification, bank-data aggregation, e-signature, email/SMS delivery, telephony, CRM, analytics, error-monitoring, customer-support, and AI/LLM providers;
• Professional advisors including outside counsel, accountants, auditors, and insurers, subject to professional confidentiality obligations;
• Government, regulatory, and law-enforcement authorities as required by applicable law or as we believe in good faith is necessary to comply with legal process, protect rights, or prevent harm;
• Affiliates and successors in connection with a corporate transaction such as a merger, financing, reorganization, acquisition, or sale of assets, in which personal information is typically a transferred asset; and
• With your direction or consent to other parties you identify.

5. GLBA Notice (Financial Privacy)

To the extent we collect nonpublic personal information from individuals in connection with a business loan application that is, in whole or in part, used for personal, family, or household purposes (which is not our intended use case — see our Disclosures), we provide a GLBA initial privacy notice as required by 12 C.F.R. Part 1016. We do not sell or share GLBA-protected nonpublic personal information with non-affiliated third parties except as permitted by 15 U.S.C. § 6802(e) (e.g., to service or process a financial product or service requested or authorized by the consumer, to comply with law, or with the consumer’s consent or direction).

6. State Privacy Rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, MCDPA, and others)

Residents of certain U.S. states have specific rights regarding their personal information, subject to verification and applicable exceptions (including the GLBA-financial-information exemption and the FCRA exemption, which exempts large categories of our processing from full coverage of these statutes). Subject to those exceptions, you may have the right to:

• Confirm whether we process personal information about you and access that information;
• Receive a portable copy of certain personal information;
• Request correction of inaccurate personal information;
• Request deletion of personal information we have collected from you;
• Opt out of (i) the sale of personal information, (ii) the sharing of personal information for cross-context behavioral advertising, and (iii) certain profiling that produces legal or similarly significant effects;
• Limit the use or disclosure of sensitive personal information to permitted purposes; and
• Appeal a denial of a privacy request (where the applicable state law requires an appeal mechanism).

We do not sell personal information for money and we do not knowingly use or disclose sensitive personal information for purposes that would require an opt-out under the CPRA. To exercise a right, email info@omniacap.ai with the subject line “Privacy Rights Request” and the state in which you reside. We will respond within the time period required by applicable law (generally 45 days, extendable once by 45 days as permitted).

6.1 Categories of Personal Information We Collected and Disclosed in the Preceding 12 Months

Identifiers; commercial information; internet/network activity; geolocation derived from IP; professional and employment-related information; financial-account information; identification numbers (including SSN or ITIN where authorized); inferences drawn from the foregoing; and sensitive personal information limited to log-in credentials, government identifiers, and financial-account information. We disclosed each category to the categories of recipients listed in Section 4.

7. Telephone and SMS Communications (TCPA)

By providing a telephone number and consenting on the intake or callback form, you expressly consent to receive autodialed, prerecorded, artificial-voice, and SMS calls and messages from Grad Capital and its capital advisors at the number provided, including calls regarding the status of your application or inquiry. Message frequency varies. Message and data rates may apply. Reply HELP for help. Reply STOP to opt out. Consent is not a condition of any financing transaction. You may revoke consent at any time using any reasonable method, including by replying STOP or emailing info@omniacap.ai.

8. Cookies and Tracking

We use cookies, pixels, web beacons, local storage, and similar technologies for security, authentication, analytics, performance measurement, and (where consented or otherwise permitted) marketing and attribution. You may control cookies through your browser settings, through industry opt-out tools such as the Digital Advertising Alliance and Network Advertising Initiative, and by sending Global Privacy Control (“GPC”) signals where your browser supports them. We honor GPC signals as a request to opt out of sale/share where applicable law treats GPC as a valid opt-out.

9. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal, tax, accounting, and regulatory obligations (including books-and-records requirements that can extend for several years), to resolve disputes, to enforce agreements, and to establish, exercise, or defend legal claims. When retention is no longer required, we delete, deidentify, or anonymize the information using commercially reasonable methods.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest where appropriate, access controls, logging, vulnerability management, employee training, vendor diligence, and incident-response procedures. No system is perfectly secure, and we do not warrant absolute security. You are responsible for keeping your credentials confidential and for promptly notifying us of any suspected compromise.

11. Children

The Services are not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at info@omniacap.ai and we will take reasonable steps to delete it.

12. International Users

The Services are operated from the United States. If you access the Services from outside the United States, you understand and consent to the transfer of your information to, and processing in, the United States, which may have data-protection laws different from those of your jurisdiction.

13. Third-Party Sites and Links

The Services may contain links to third-party websites, including bank-data aggregators and funding-source portals. We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies.

14. Automated Decisioning

The Capital Readiness Score and matched-tier display are decision-support tools generated from your self-reported inputs and are not credit decisions, not adverse-action determinations under the FCRA or ECOA, and not guarantees of approval or amount. A human capital advisor reviews files before any submission to a funding source, and any final offer of financing is issued by the funding source subject to its own underwriting.

15. Changes to This Policy

We may update this Policy from time to time. The “Effective” date above indicates when this Policy was last revised. Material changes will be communicated by reasonable means, which may include in-product notice, email, or a notice on the Services. Your continued use of the Services after the effective date of a revised Policy constitutes your acceptance of the changes, where permitted by law.

16. Contact Us

Omnia Capital Partners USA LLC
Attn: Privacy Officer
30 N Gould St, Ste R, Sheridan, WY 82801
info@omniacap.ai · (760) 410-9801