Legal

Privacy Policy

Effective: March 2026

Your data is yours. We collect only what is necessary to structure your business credit and protect it with the same rigor we bring to building your fundability.

Brightpath Ascend Group® (“BAG,” “we,” “us,” or “our”) is a New York-based federal consumer protection advocacy firm operating at 1185 Avenue of the Americas, New York, NY 10036. BAG operates three divisions: Personal Solutions (FCRA dispute representation), Business Solutions (business entity structuring and business credit development), and Capital Funding (consumer and business funding optimization).

This Privacy Policy describes how BAG collects, uses, stores, and protects the personal and financial information you provide when you engage our services or visit our websites. It also describes your rights with respect to your information and how to exercise those rights.

2.1 — Information You Provide Directly

  • Identity information: full legal name, date of birth, current and prior addresses, Social Security Number (last four digits only — BAG does not collect or store your full SSN), phone number, and email address
  • Business information: entity name, EIN, state of incorporation, business address, industry classification, and annual revenue range
  • Account information: usernames, passwords (encrypted), and service preferences for your BAG client portal account
  • Communications: any information you provide in correspondence with BAG by email, phone, or written mail

2.2 — Information Obtained from Third-Party Verification Services

With your prior written authorization, BAG may obtain business credit data from Dun & Bradstreet, Experian Business, and/or Equifax Business. This data includes business credit scores, payment history, trade references, and public filings associated with your business entity.

BAG accesses this information only for the specific purposes authorized by you in writing. You may withdraw this authorization at any time. See Section 6 for your rights.

2.3 — Automatically Collected Website Information

  • Website usage data: pages visited, time spent, browser type, operating system, and referring URL — collected via standard web server logs and analytics tools
  • IP address: collected automatically and used for security and fraud prevention purposes only
  • Cookies: see Section 8 for our cookie policy

BAG does not collect, store, or process the following:

  • Your full Social Security Number — only the last four digits are used for identity verification
  • Payment card numbers, bank account numbers, or routing numbers — BAG does not process or store payment card data
  • Biometric data of any kind
  • Health or medical information

BAG does not use your personal information for marketing to unaffiliated third parties, sell your information to any third party, or use your information for any purpose not described in this policy.

5.1 — We Share Information Only As Follows

  • Business credit bureaus (Dun & Bradstreet, Experian Business, Equifax Business) — solely to establish, monitor, and verify your business credit file on your behalf, pursuant to your written authorization
  • Trade vendors and net-30 account providers — solely to submit trade account applications on your behalf, pursuant to your written authorization
  • Compliance counsel and legal advisors — solely for legal advice and representation
  • As required by law — in response to a valid legal process, court order, or regulatory demand, or as required to comply with applicable law

5.2 — We Do Not Share

  • Your information with any marketing company, data broker, or advertising network
  • Your business credit data with any party other than the bureaus identified above and the specific parties authorized by you in writing
  • Your information with affiliated BAG divisions for purposes you did not authorize

6.1 — Right to Access

You may request a copy of the personal information BAG holds about you at any time by submitting a written request to corporate@brightpathascendgroup.com. BAG will respond within 30 days.

6.2 — Right to Correct

If any information BAG holds about you is inaccurate, you may request correction by written notice to the address above.

6.3 — Right to Revoke Authorization

You may revoke your authorization for BAG to access your business credit data at any time by written notice to corporate@brightpathascendgroup.com or by certified mail to BAG’s principal office. Revocation takes effect within 24 hours of receipt.

6.4 — Right to Opt Out — Information Sharing

Under the Gramm-Leach-Bliley Act, you have the right to opt out of certain sharing of your nonpublic personal information with nonaffiliated third parties. To opt out, contact BAG at corporate@brightpathascendgroup.com or (917) 909-4051. BAG does not share your information with nonaffiliated third parties for marketing purposes.

6.5 — California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA). Contact BAG at the address above for a California-specific privacy rights request.

6.6 — New York Residents

New York residents are protected by the NY SHIELD Act and NY General Business Law § 380 et seq. BAG complies with all applicable New York consumer privacy requirements.

BAG implements the following technical and organizational security measures to protect your personal and financial information:

  • Encryption at rest using AES-256-GCM for all stored consumer data
  • Encryption in transit using TLS 1.3 for all data transmissions
  • Role-based access controls with mandatory multi-factor authentication for all personnel
  • Private VPC network architecture — consumer data is never accessible from the public internet
  • Continuous threat monitoring via AWS GuardDuty
  • Seven-year audit log retention via AWS CloudTrail
  • Annual security audits and employee training programs

In the event of a security incident involving your personal information, BAG will notify you as required by applicable law — within 30 days for New York residents under the NY SHIELD Act.

BAG’s websites use strictly necessary cookies for session management and security purposes. BAG does not use advertising, tracking, or third-party behavioral cookies. You may disable cookies in your browser settings; doing so will not affect your ability to access BAG’s services.

BAG retains personal and financial information for 7 years from the date of last service engagement, consistent with applicable financial services record-keeping requirements. After the retention period, data is disposed of using cryptographic erasure (database records) and secure deletion (file system data) pursuant to NIST SP 800-88 standards.

BAG may update this Privacy Policy from time to time. Material changes will be posted on BAG’s website at least 30 days before they take effect, and enrolled clients will be notified by email. The effective date at the top of this document reflects the date of the most recent revision.

10. Contact and Complaints

For any questions about this Privacy Policy or to exercise your rights, contact BAG at:

Brightpath Ascend Group — Privacy Officer

1185 Avenue of the Americas, New York, NY 10036

corporate@brightpathascendgroup.com

(917) 909-4051

Monday – Friday, 9:00 AM – 6:00 PM EST

If you believe BAG has not complied with this Privacy Policy or applicable law, you may file a complaint with the Consumer Financial Protection Bureau (CFPB) at cfpb.gov or by calling 855-411-2372, or with the New York Department of Financial Services at dfs.ny.gov.

BAG-GLBA-PP-002 v1.0