Legal

Privacy Policy

Effective: March 2026

Your data is yours. We collect only what is necessary to advocate on your behalf and protect it with the same rigor we bring to enforcing federal law.

Brightpath Ascend Group® (“BAG,” “we,” “us,” or “our”) is a New York-based federal consumer protection advocacy firm operating at 1185 Avenue of the Americas, New York, NY 10036. BAG operates three divisions: Personal Solutions (FCRA dispute representation), Business Solutions (business entity structuring and business credit development), and Capital Funding (consumer and business funding optimization).

This Privacy Policy describes how BAG collects, uses, stores, and protects the personal and financial information you provide when you engage our services or visit our websites. It also describes your rights with respect to your information and how to exercise those rights.

2.1 — Information You Provide Directly

  • Identity information: full legal name, date of birth, current and prior addresses, Social Security Number (last four digits only — BAG does not collect or store your full SSN), phone number, and email address
  • Financial information: credit score ranges, debt balances, employment status, and income range — as provided by you for service qualification purposes
  • Account information: usernames, passwords (encrypted), and service preferences for your BAG client portal account
  • Communications: any information you provide in correspondence with BAG by email, phone, or written mail

2.2 — Information Obtained from Consumer Reporting Agencies

With your prior written authorization (BAG-AUTH-001), BAG obtains consumer credit report data from Experian, TransUnion, and/or Equifax. This data includes consumer credit file (tradelines, payment history, inquiry records, and public records), credit scores and reason codes, and any other data elements included in your consumer credit report.

BAG accesses this information solely pursuant to the Fair Credit Reporting Act, 15 U.S.C. § 1681b, and only for the specific purposes authorized by you in writing. You may withdraw this authorization at any time. See Section 6 for your rights.

2.3 — Automatically Collected Website Information

  • Website usage data: pages visited, time spent, browser type, operating system, and referring URL — collected via standard web server logs and analytics tools
  • IP address: collected automatically and used for security and fraud prevention purposes only
  • Cookies: see Section 8 for our cookie policy

BAG does not collect, store, or process the following:

  • Your full Social Security Number — only the last four digits are used for identity verification
  • Payment card numbers, bank account numbers, or routing numbers — BAG does not process or store payment card data
  • Biometric data of any kind
  • Health or medical information

BAG does not use your personal information for marketing to unaffiliated third parties, sell your information to any third party, or use your information for any purpose not described in this policy.

5.1 — We Share Information Only As Follows

  • Consumer reporting agencies (Experian, TransUnion, Equifax) — solely to submit dispute correspondence and monitor dispute resolution on your behalf, pursuant to your written authorization
  • Engine by MoneyLion or other licensed lending marketplace partners — solely to execute pre-qualification requests on your behalf, pursuant to your written authorization, when you have requested funding matching services
  • SendCertifiedMail.com — solely to print and mail FCRA dispute letters on your behalf; this service provider is bound by a data processing agreement with security requirements no less stringent than this Policy
  • Compliance counsel and legal advisors — solely for legal advice and representation
  • As required by law — in response to a valid legal process, court order, or regulatory demand, or as required to comply with applicable law

5.2 — We Do Not Share

  • Your information with any marketing company, data broker, or advertising network
  • Your full credit report with any party other than the CRAs identified above and the specific parties authorized by you in writing
  • Your information with affiliated BAG divisions for purposes you did not authorize

6.1 — Right to Access

You may request a copy of the personal information BAG holds about you at any time by submitting a written request to corporate@brightpathascendgroup.com. BAG will respond within 30 days.

6.2 — Right to Correct

If any information BAG holds about you is inaccurate, you may request correction by written notice to the address above.

6.3 — Right to Revoke Authorization — Credit Report Access

You may revoke your authorization for BAG to access your consumer credit report at any time by written notice to corporate@brightpathascendgroup.com or by certified mail to BAG’s principal office. Revocation takes effect within 24 hours of receipt and terminates all ongoing monitoring pulls.

6.4 — Right to Opt Out — Information Sharing

Under the Gramm-Leach-Bliley Act, you have the right to opt out of certain sharing of your nonpublic personal information with nonaffiliated third parties. To opt out, contact BAG at corporate@brightpathascendgroup.com or (917) 909-4051. BAG does not share your information with nonaffiliated third parties for marketing purposes.

6.5 — California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA). Contact BAG at the address above for a California-specific privacy rights request.

6.6 — New York Residents

New York residents are protected by the NY SHIELD Act and NY General Business Law § 380 et seq. BAG complies with all applicable New York consumer privacy requirements.

BAG implements the following technical and organizational security measures to protect your personal and financial information:

  • Encryption at rest using AES-256-GCM for all stored consumer data
  • Encryption in transit using TLS 1.3 for all data transmissions
  • Role-based access controls with mandatory multi-factor authentication for all personnel
  • Private VPC network architecture — consumer data is never accessible from the public internet
  • Continuous threat monitoring via AWS GuardDuty
  • Seven-year audit log retention via AWS CloudTrail
  • Annual security audits and employee training programs

In the event of a security incident involving your personal information, BAG will notify you as required by applicable law — within 30 days for New York residents under the NY SHIELD Act.

BAG’s websites use strictly necessary cookies for session management and security purposes. BAG does not use advertising, tracking, or third-party behavioral cookies. You may disable cookies in your browser settings; doing so will not affect your ability to access BAG’s services.

BAG retains personal and financial information for 7 years from the date of last service engagement, consistent with FCRA compliance requirements. After the retention period, data is disposed of using cryptographic erasure (database records) and secure deletion (file system data) pursuant to NIST SP 800-88 standards.

BAG may update this Privacy Policy from time to time. Material changes will be posted on BAG’s website at least 30 days before they take effect, and enrolled clients will be notified by email. The effective date at the top of this document reflects the date of the most recent revision.

10. Contact and Complaints

For any questions about this Privacy Policy or to exercise your rights, contact BAG at:

Brightpath Ascend Group — Privacy Officer

1185 Avenue of the Americas, New York, NY 10036

corporate@brightpathascendgroup.com

(917) 909-4051

Monday – Friday, 9:00 AM – 6:00 PM EST

If you believe BAG has not complied with this Privacy Policy or applicable law, you may file a complaint with the Consumer Financial Protection Bureau (CFPB) at cfpb.gov or by calling 855-411-2372, or with the New York Department of Financial Services at dfs.ny.gov.

BAG-GLBA-PP-001 v1.0