Privacy Policy

1. Introduction

Golden Capital LLC (“Golden Capital,” “we,” “us,” or “our”) operates the Golden Capital Partners Portal (the “Portal”), a secure web application that authorized equipment dealers and their personnel use to view the status of financing deals, access funded-deal Tear Sheet documents, and receive related notifications. This Privacy Policy describes how we collect, use, disclose, and safeguard information in the Portal.

The Portal is not a public application service. It is invite-only and accessible only to dealers and dealer personnel who have been granted credentials by Golden Capital. If you are submitting a financing application as a customer, please refer instead to our main website privacy policy at https://www.golden-cap.com/privacy.

2. Information We Collect

The Portal is scoped narrowly and intentionally. We collect only the information required to provide secure access, deal-status visibility, and related communication:

• Account and profile information: name, business email address, mobile phone number (only if the user chooses to enable SMS features), optional profile photo, and the dealer account to which the user is assigned.
• Authentication and security metadata: password hashes (never the password itself), multi-factor-authentication enrollment state (TOTP or verified phone), session tokens, IP address at sign-in, device and browser metadata, and audit-log entries for significant actions (sign-in, sign-out, failed sign-in, profile update, document download, administrative action).
• Deal-related data (read-only): deal identifier, equipment description, customer name as recorded on the deal, deal status, funding date, and other deal fields mirrored from Golden Capital’s Salesforce system of record into the Portal for display.
• Document data: Tear Sheet PDFs for funded deals, stored in secure cloud storage and accessible only via short-lived signed URLs to authorized users.
• Notification preferences: per-user preferences for which categories of notifications the user has elected to receive, and through which channels (in-portal, email, SMS).

Information we do not collect in the Portal

To protect our dealer partners and their customers, the Portal intentionally excludes sensitive personal and financial data that is handled elsewhere in Golden Capital’s underwriting systems. The Portal does not collect, store, or expose through the Portal interface:

• Social Security Numbers (SSN)
• Tax Identification Numbers (EIN) of deal applicants
• Bank account information
• Credit reports or credit-bureau data
• Experian or other consumer-reporting-agency outputs
• Original financing application documents

These data elements may exist elsewhere in Golden Capital’s internal systems but are not surfaced through the Portal.

3. How We Use Your Information

We use Portal information to:

• Authenticate you and protect your account (including MFA and audit logging)
• Display deal status and related read-only information from Salesforce
• Provide secure, time-limited access to Tear Sheet PDFs for funded deals
• Send transactional notifications you have opted into (in-portal, email, SMS)
• Detect and investigate unauthorized access or abuse
• Comply with legal, regulatory, and contractual obligations
• Improve the security, reliability, and usability of the Portal

We do not use Portal information for marketing, profiling, or any purpose outside operating the Portal.

4. SMS Communications

The Portal offers optional SMS (text-message) communications in two independent programs:

• Two-factor authentication (2FA) via SMS. If you choose SMS as a second factor, we send one-time passcodes to your verified mobile number during sign-in and sensitive actions.
• Transactional deal-status notifications via SMS. If you explicitly enable SMS under your Notification Preferences, we send short text messages for events you have selected (deal submitted, approved, funded, or stipulation-required).

Consent. Consent is collected in-app, post-authentication. To receive any SMS from the Portal, you must first enter your mobile number under your profile, receive a one-time verification code by SMS, and confirm ownership. You then individually toggle each SMS category you want. Providing your mobile number is optional; Portal access does not require it.

Frequency. Message frequency varies based on activity; typical volume is fewer than ten messages per user per week.

Fees. Standard message-and-data rates may apply, depending on your mobile carrier plan.

Opt-out. You may stop SMS at any time by replying STOP to any message, by removing your phone number from your profile, or by toggling off the corresponding SMS preferences. You may reply HELP to any message for support information, or contact info@golden-cap.com.

Data handling. Your mobile number and SMS preferences are stored only within the Portal and the SMS providers we use to deliver messages. We do not sell, rent, or share mobile numbers or SMS opt-in data with third parties for marketing.

5. Information Sharing and Sub-Processors

We share Portal information only in the following ways:

• Internal Golden Capital personnel with a legitimate business need to administer the Portal or support dealers.
• Service providers (sub-processors) under written agreements that restrict their use of data to providing services to Golden Capital. Current Portal sub-processors include:
  • Supabase — authentication, database, and real-time infrastructure
  • Amazon Web Services (AWS) — document storage for Tear Sheet PDFs
  • Vercel — application hosting
  • Resend — transactional email delivery
  • Twilio — SMS delivery (2FA and opt-in notifications)
  • Salesforce — upstream system of record for deal data (inbound to Portal only)
  • Box — document-repository integration for authorized workflows
• Legal and regulatory authorities when required by law or to protect our rights.

We do not sell your personal information.

6. Data Security

We implement administrative, technical, and physical safeguards appropriate to the nature of Portal data:

• TLS encryption of all data in transit
• Encryption at rest for database and document storage
• Mandatory multi-factor authentication on every sign-in
• Role-based access controls and row-level security at the database layer, enforcing dealer-account isolation
• Append-only audit logging of security-significant actions
• Short-lived signed URLs for document access — no raw public URLs
• Routine patching and dependency monitoring
• Principle of least privilege for internal administrative access

While we follow industry standards, no system is 100% secure. By using the Portal, you acknowledge this inherent risk and agree that Golden Capital shall not be liable for unauthorized access beyond our reasonable control.

7. Data Retention

We retain Portal information for as long as reasonably necessary to:

• Provide access and deliver Portal services
• Satisfy legal, regulatory, audit, and contractual obligations
• Defend against potential claims

Audit-log entries are retained on an append-only basis for a minimum period appropriate to compliance requirements. Tear Sheet PDFs are retained for the life of the dealer relationship plus any applicable retention period required by law or contract. When a dealer account is deleted, associated user profiles, notifications, preferences, and account-scoped documents are removed through database cascade deletion; corresponding audit entries remain for integrity.

You may request deletion of your individual user record by contacting info@golden-cap.com. Certain audit records may be retained even after deletion where required by law.

8. Your Choices and Rights

You may, subject to applicable law:

• Request access to, correction of, or deletion of your personal information
• Update your profile, notification preferences, and MFA settings directly in the Portal
• Withdraw SMS consent at any time (see Section 4)
• Withdraw from the Portal entirely by contacting your Golden Capital representative or emailing info@golden-cap.com

Requests can be submitted to info@golden-cap.com.

9. Use of Artificial Intelligence (AI)

Golden Capital may use AI or automated systems in upstream underwriting and application review as described in our main website privacy policy. The Partners Portal itself does not apply AI or automated decision-making to Portal data about you. The Portal is a read-only view of deal status plus communication and document-access features.

10. Cookies and Tracking

The Portal uses cookies and local-storage values strictly for authentication, session management, and user-preference persistence (e.g., theme). The Portal does not use third-party advertising cookies, cross-site trackers, or behavioral analytics.

11. Children’s Privacy

The Portal is intended for business users and is not directed at individuals under 18. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted at this URL with an updated “Last Updated” date. Material changes will be communicated through the Portal and/or email. Continued use of the Portal after changes constitutes acceptance of the revised policy.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Kansas, without regard to conflict-of-law principles. Any disputes are subject to the exclusive jurisdiction of the courts located in Johnson County, Kansas.

14. Contact Us

If you have questions about this Privacy Policy or how your data is handled within the Portal: