1. Data Protection Principles
At xswiftfund, operated by CAPITALE FINANCE ("we", "us", "our"), we prioritize the confidentiality of your financial request. We collect, process, and retain only the minimal personal and corporate information required to evaluate your eligibility for capital.
Your information is processed server-side under strict security guidelines and is never shared, rented, or sold to third-party marketing networks.
2. Information We Collect
We collect personal and company details solely through our secure online intake form at `/apply`:
- **Personal Details:** Full name, active email address, verified phone number, country, and city.
- **Financing Details:** Requested funding amount, currency preference, funding purpose, and expected timeline.
- **Corporate Details (Business Applicants only):** Company name, sector, annual revenue, employee counts, and years active.
Subsequent supporting records (e.g., proof of identity, business licensing, financial statements) are collected and processed **manually via secure email exchanges** and stored in isolated corporate storage systems.
3. GDPR Data Rights
If you are an applicant from the European Economic Area (EEA), you possess specific legal rights under the General Data Protection Regulation (GDPR) regarding your personal information:
- **Right of Access:** You can request a digital copy of all personal records we hold for your active review.
- **Right to Rectification:** You can request updates or corrections to any inaccurate form inputs.
- **Right to Erasure ("Right to be Forgotten"):** You can request that we permanently delete your intake submission and email exchanges from our database and secure storage directories.
- **Right to Object / Restrict:** You can request that we pause or discontinue underwriting evaluations at any point.
To exercise any of these rights, please contact our Compliance Officer directly at **privacy@xswiftfund.com** or by post at **CAPITALE FINANCE, 10 Rue de Saint-Sénoch, 75017 Paris, France**.
4. Data Security & Encryption
We employ robust technical controls to secure your data in transit and at rest:
- Form submissions are transmitted exclusively over Transport Layer Security (TLS 1.3) protocols.
- Information stored in our lead registry database is encrypted with industry-standard Advanced Encryption Standard (AES-256).
- Underwriting officer communication is secured via end-to-end encrypted email channels with Multi-Factor Authentication (MFA) enabled.
5. Data Retention Limits
We retain personal data only for as long as necessary to fulfill the evaluation purposes described in this Privacy Policy:
- **Unsubmitted / Incomplete applications:** No information is captured or retained in our databases.
- **Declined / Cancelled Applications:** Disclosed details and email communications are securely purged within 90 days, unless a legal exception applies.
- **Approved & Disbursed Funding:** Financial agreement details are retained for the duration of the active repayment timeline and stored securely in line with regulatory accounting requirements.
