Privacy Policy

Corpus Funding (the customer-facing brand, “we,” “us,” or “our”) is operated by SurgeFi AI LLC, a Florida limited liability company. Throughout this Privacy Policy, references to “Corpus Funding” mean SurgeFi AI LLC doing business as Corpus Funding.

We are a small-business funding broker. We help US-based small businesses obtain financing offers from a network of funding partners. We are not a lender. We do not fund deals ourselves. Our role is to collect application information, evaluate fit, and match qualified merchants to funders that are likely to fund their deal.

This Privacy Policy covers personal and business information we collect from:

1. Visitors to corpusfunding.com and any subdomain we operate.
2. Merchants who submit an application at corpusfunding.com/apply or through a tokenized link we send (corpusfunding.com/apply/t/[token]).
3. Merchants who communicate with us by email, SMS, or voice.
4. Business owners and contacts who otherwise interact with our services.

By using our website or submitting an application, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the site or submit an application.

We collect information you give us directly, information generated by your interactions with our site, and a limited set of information from third parties involved in the funding process.

Information you provide on the application form. When you complete the application at corpusfunding.com/apply, we collect the information you submit, including:

1. Business legal name and any DBA, business address, time in business, monthly revenue, and requested funding amount.
2. Primary contact first name, last name, email address, and phone number.
3. Industry, state of operation, and other intake details required to evaluate fit.
4. Affirmative consent selections on the two consent checkboxes presented on the form.

Documents you upload. As part of underwriting, we ask for business bank statements (typically the most recent three months), a government-issued ID for the authorized signer, and a voided check or equivalent banking verification. We may request additional documents from time to time based on what the funder requires.

Information from communications. When you communicate with us by email, SMS, or voice, we retain a record of the message, the channel, the timestamp, the message body, and the delivery status. Voice calls placed to or received from numbers we operate may be recorded; we describe the recording disclosure in Section 7.

Information generated by your use of the site. We collect technical information that is generated automatically when you visit corpusfunding.com, including IP address, user-agent string, viewport size, referrer host, and the timestamp of each visit. When you submit the consent form, we capture the IP address, user-agent, and the exact text of the consent language displayed to you at the moment of submission. This forensic record is part of how we honor the TCPA’s prior-express-consent standard.

Cookies and similar technologies. At launch, corpusfunding.com does not set marketing or analytics cookies. We use a short-lived session identifier in memory (not stored in sessionStorage or cookies) to correlate a single visit’s interactions; this identifier is not retained after you close the browser tab. If we later add cross-visit analytics or advertising attribution, we will update this Privacy Policy, post a cookie disclosure, and provide a meaningful choice before any non-essential cookie is set.

Information from third parties. As part of evaluating an application, we may look up publicly available business records, including UCC filings, Secretary of State registrations, and (where applicable) FMCSA registrations. We may also receive information about you from funders we work with, including approval and decline notices, funded-deal details, and renewal-eligibility status.

Information we do not collect. We do not collect Social Security numbers, personal credit-card numbers, or full bank-account credentials through the application form. If a funder you are matched with requires this information later in their underwriting process, that collection happens through the funder’s own systems and is governed by the funder’s privacy policy, not ours.

We use the information we collect for the following purposes:

1. To evaluate your application. We review the business and financial information you submit, including the bank statements you upload, to determine whether your business meets the eligibility criteria of one or more funders in our network.
2. To match you to funders. We share relevant portions of your application with funders we believe are likely to fund your deal, so that you can receive offers.
3. To communicate with you. We send transactional communications about your application: receipt confirmations, document requests, scheduling, status updates, offers from matched funders, and follow-up on incomplete applications. Where you have opted in to marketing communications, we may also send messages about products, renewal opportunities, and services.
4. To improve our service. We analyze aggregate application data to refine our matching, underwriting tooling, and operator workflows. This work happens internally and does not involve sharing identifiable information for any purpose described in Section 8.
5. To comply with legal and regulatory obligations. We maintain records as required by applicable financial regulations and respond to lawful requests from regulators, courts, and law enforcement.
6. To protect Corpus Funding and our users. We use information to detect fraud, prevent abuse, and enforce our Terms of Service.

We do not sell your personal information. We do not rent your contact information. We do not share your phone number with third parties for their marketing purposes. The specific data-sharing arrangements that support our funder-matching service are described in Section 8.

What our AI systems do. Our internal systems use AI to:

1. Read application narratives and parse them into structured fit scores against each funder’s empirical approval patterns.
2. Extract data from uploaded bank statements and other documents.
3. Draft communications to merchants, including emails, SMS messages (when our SMS channel is active), and voice scripts.
4. Score, prioritize, and route applications within our internal pipeline.
5. Answer operator questions about deals, merchants, and funders.

Human review on funder submissions. A human reviews every application before it is submitted to a funder. Automated scoring is a decision-support tool, not a decision-making tool, for the funder-submission step. You are not subject to a fully automated decision when we submit your application to a funder for an offer.

Communications generated by AI. Some emails, SMS messages, and voice calls you receive from Corpus Funding are generated and sent by an automated AI system on our behalf. The communications are sent under our supervision and are subject to the same regulatory standards (TCPA, CAN-SPAM, A2P 10DLC, CTIA) as communications drafted by a human. Where a regulatory rule requires the recipient to be told that an AI system is involved, the relevant communication says so.

Training and model use. We use information about applications and outcomes to calibrate our internal matching and underwriting models. This calibration uses information we already collected from you for the purposes described in Section 3; it does not involve a separate data collection. We do not sell or license your information to any third party for the purpose of training their AI models.

Your questions about the AI. If you would like to know how a specific decision involving your application was made, or to request a human re-review of any output that materially affected your application, please contact us at the address in Section 11. We will respond and, where appropriate, provide a human re-review.

The SMS section that follows is the load-bearing disclosure for our A2P 10DLC and toll-free messaging programs. Twilio and the wireless carriers expect this language to appear here verbatim.

Categories of SMS messages you may receive. Once you have opted in, the messages we send fall into these categories: application-receipt confirmations, document requests, status updates, funding offers from matched funders, scheduling and reminder messages, and (where you have additionally opted in to marketing) renewal opportunities and follow-up offers.

How to opt out. Reply STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any SMS message we send. Our system processes the opt-out immediately and sends a final confirmation message (“You have been unsubscribed. Reply START to re-subscribe.”). No further SMS messages will be sent to that number until you opt back in.

How to get help. Reply HELP to any SMS message for support information, or contact us using the details in Section 11.

Carrier disclaimer. Wireless carriers are not liable for delayed or undelivered messages. Standard message and data rates may apply, set by your carrier.

Number of programs. The consent described above is for the single SMS program operated by Corpus Funding. We do not enroll you in any other SMS program based on this consent.

We comply with the federal CAN-SPAM Act and the FTC’s implementing rules for all commercial email sent by Corpus Funding.

Sender identification. Every commercial email we send identifies SurgeFi AI LLC d/b/a Corpus Funding as the sender, uses a from-name and from-address that accurately identify us, and does not use deceptive subject lines or routing information.

Physical postal address. Every commercial email we send includes our physical postal address: 3290 N 37th St, Hollywood, FL 33021.

Unsubscribe. Every commercial email we send includes a clear and conspicuous unsubscribe link. Clicking the link opens a one-step opt-out confirmation page; no additional information beyond your email address is required. You may also opt out by replying to any email with the word UNSUBSCRIBE in the subject line or body, or by emailing us at the contact address in Section 11.

Time to honor. We process unsubscribe requests promptly. Per CAN-SPAM, we honor every opt-out request within ten (10) business days, although our automated systems typically process them within minutes.

Transactional emails. Some emails are transactional rather than commercial: receipt of application, document request, status update on a specific application, offer notification from a funder, or response to a question you sent us. Transactional emails are sent regardless of marketing-consent status because they are necessary to deliver the service you requested. Transactional emails do not carry an unsubscribe link, because unsubscribing would prevent us from delivering your application.

Categories. If you opt out of marketing emails, we will continue to send transactional emails related to your application. If you wish to stop all communication, including transactional, please contact us at the address in Section 11. Note that stopping transactional communication may prevent us from progressing your application.

Where we contact you by voice, we comply with the federal Telephone Consumer Protection Act (TCPA), state telemarketing laws, and applicable do-not-call requirements.

Prior express consent. We place automated, prerecorded, or AI-generated voice calls only to phone numbers for which we have prior express consent. For the marketing and outreach categories where applicable law requires it, we obtain prior express written consent through the consent checkbox on the application form. The consent text presented on the form is captured verbatim and timestamped, together with the IP address and user-agent of the device that submitted it.

Consent is not a condition of service. Granting consent to receive automated or AI-generated voice calls is not a condition of applying for funding or receiving funding. You may submit an application and proceed without opting in to voice marketing. You will still receive transactional communications necessary to your application by email.

AI-generated calls. Some voice calls placed by Corpus Funding are generated and conducted by an AI agent operating on our behalf. The AI agent identifies itself as an automated system within the opening seconds of the call. You may end the call at any time and may request a human follow-up; we will arrange one.

Call recording. We may record voice calls for quality, training, compliance, and audit purposes. Where we record, the recording disclosure is delivered at the start of the call. Voice recordings are retained for thirty (30) days for review and then deleted unless retention is required for a specific compliance, dispute, or legal-hold reason.

How to opt out. You may opt out of further voice communications by telling the agent during a call, by emailing us at the contact address in Section 11, or by replying STOP to a related SMS. Opting out of voice communications does not affect your ability to receive transactional emails about your application.

Do-not-call registry. We honor the National Do Not Call Registry. If your number is on the registry and you receive a call from us, it is either because (a) you have given us prior express consent through the application form, (b) you have an existing business relationship with us, or (c) the call is a transactional follow-up tied to an application you submitted. If you believe we have contacted you in error, please notify us using Section 11 and we will investigate.

We share information only as needed to deliver our service, comply with applicable law, and protect our users. The categories of recipients are:

Funders. We share relevant portions of your application with funders in our network so that you can receive offers. The information shared typically includes business legal name, owner contact information, time in business, monthly revenue, requested amount, industry, state, and the bank statements you uploaded. Each funder operates under its own privacy policy; once your application is shared with a funder and you accept an offer, your direct relationship with that funder is governed by the funder’s terms and privacy policy, not ours.

Service providers. We use third-party service providers to operate our infrastructure (cloud hosting, database, file storage), send communications (email service provider, SMS gateway, voice provider), and run our analytics. These providers process information on our behalf and only for the purposes we direct. They are contractually bound to use the information only to provide their service to us and to protect it with appropriate security measures.

Regulators and legal process. We disclose information to regulators, courts, and law enforcement when required by law, subpoena, court order, or other valid legal process, or when disclosure is necessary to protect our rights, property, or safety, or that of our users.

Successors. If Corpus Funding is acquired by or merged with another company, or sells substantially all of its assets, your information may be transferred to the successor. We will give you reasonable notice (by email and a notice on our website) before any such transfer becomes effective, so you have an opportunity to object or close your account before the transfer.

Anonymized and aggregated data. We may share anonymized and aggregated information (information that does not identify you or any specific business) for industry analysis, benchmarking, and product improvement.

What we do not do. We do not sell your personal information for advertising or other commercial purposes. We do not share your phone number with third parties for their marketing. We do not license your business information to data brokers.

Retention. We retain application information, communication history, and documents for the period required by applicable financial regulations and our underwriting and audit obligations, and as needed to support an ongoing business relationship with you. Specific retention periods include:

1. Application records, consent records, and underwriting decisions: retained for the period required by applicable financial regulations and for at least seven (7) years after the last activity on your account, whichever is longer.
2. Bank statements and other underwriting documents: retained as part of the application record for the same period as above.
3. Communications (email, SMS, voice transcripts): retained for the same period as application records.
4. Voice recordings: retained for thirty (30) days unless a specific compliance, dispute, or legal-hold reason requires longer.
5. Site analytics and technical logs: retained for ninety (90) days unless required for a security or fraud investigation.

After the applicable retention period expires, we delete or anonymize the information unless a legal hold, ongoing investigation, or other regulatory obligation requires longer retention.

Security. We protect information using commercially reasonable administrative, technical, and physical safeguards. These include encryption in transit (TLS 1.2 or higher) for all communication with our site, encryption at rest for the document store and the application database, role-based access control for our internal systems, least-privilege provisioning for service-account credentials, audit logging of administrative actions, and regular security review of our infrastructure.

No security program is perfect. If we become aware of a breach that compromises your information, we will notify you and any required regulator as required by applicable law.

Depending on the state you live in, you may have one or more of the following rights regarding the information we hold about you. Even where the law does not require it, we will make a reasonable effort to honor these requests on a discretionary basis:

1. Access. You may request a copy of the personal information we hold about you.
2. Correction. You may request that we correct inaccurate information.
3. Deletion. You may request that we delete information we hold about you, subject to our regulatory retention obligations. Where we are required by law to retain information (for example, records of a funded transaction), we will explain why we cannot delete it and will continue to protect it.
4. Portability. You may request a portable copy of the information you provided to us, in a structured format, where technically practicable.
5. Opt-out of communications. You may opt out of marketing communications at any time. See Sections 5, 6, and 7 for the channel-specific opt-out paths.
6. Opt-out of sale. We do not sell your personal information. If we ever change this practice, we will update this Privacy Policy first and provide a clear opt-out before any sale.

To exercise any of these rights, please contact us at the address in Section 11. We may need to verify your identity before responding, to protect you from unauthorized requests. We will respond within forty-five (45) days, or sooner where applicable law requires.

California residents. California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the rights described above. If you are a California resident, you may also designate an authorized agent to make a request on your behalf.

Children. Our services are intended for use by US-based small businesses and their authorized signers, who must be at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided information to us, please contact us and we will delete it.

If you have questions about this Privacy Policy, want to exercise a privacy right, or wish to file a complaint, please contact us:

We respond to privacy questions promptly and to formal rights requests within the time required by applicable law.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where the change is material, provide notice through the site or by email to merchants with an active application. Continued use of corpusfunding.com after a revised version is posted constitutes acceptance of the revised Privacy Policy.