Change Lending, LLC Privacy Policy

Last Updated: October 2, 2025

This online Privacy Policy (the “Policy”) describes how Change Lending, LLC d/b/a Change Home Mortgage and its affiliates and subsidiaries (collectively “Change Lending,” “we,” “us,” or “our”) collect, use, disclose, and secure the personal information we gather about you through our website, changemtg.com (the “Site”), when you use our apps, and when you otherwise interact with us (collectively, the “Services”).

For purposes of this Policy, personal information means data that classifies as personal information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations. It does not include data excluded or exempted from those laws and regulations, such as aggregated, anonymized, or deidentified data. Nothing in this Policy will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to Change Lending generally or in any specific context.

In providing our Services, Change Lending may collect personal information on behalf and as a service provider for third parties. This Policy does not govern any information we collect on behalf of third parties, and you should consult their privacy policies to become familiar with their data collection and usage practices.

Notice at Collection: At or before the time of collection, California residents have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt-out of such uses, and how long such information is retained. You can find those details in this statement by clicking on the foregoing links.

1. You Consent to This Policy

By accessing, browsing, downloading, or otherwise using the Services, you confirm that you have read, understood, and agreed with this Policy. Beyond this Policy, your use of the Services is subject to our Terms of Use. If you do not agree to this Policy or our Terms of Use, you may not use the Services.

This Policy and the Terms of Use apply regardless of how the Services are accessed and will cover any technologies or devices by which we make the Services available to you.

If you have any questions or concerns about our personal information policies or practices, you can contact us in the methods described in the “Contact Us” section below.

2. Types of Personal Information We Collect

We collect information you voluntarily provide directly to us, information that we collect automatically when you interact with the Services, and information collected from third parties. The categories of personal information that we collect and the purposes for which we collect that information are described below.

A. Personal Information You Provide to Us

The following list describes the categories of personal information we may collect directly from you:

Account Information includes first name, last name, email address, and password. This may also include identification information such as driver’s license number, passport number, social security number, or similar information. We collect this information when you provide it directly to us such as when you sign up for the Services, creating an account through the Site, or fill out a form. We collect this information for providing the Services, administrative purposes, and marketing and advertising our products and services.
Contact Information includes first name, last name, mailing address, phone number, and email address. We collect this information when you provide it directly to us, such as when you sign up for newsletters, request information about our Services, create an account, or fill out a form. We collect this information for providing the Services, administrative purposes, and marketing and advertising our products and services.
Payment and Commercial Information includes first name, last name, billing address, phone number, credit information, loan number, payment history, banking information, income, account balances, third party payment service provider-related information, debit or credit card information[SM3] , purchase and participation history, or other payment processing information. We collect this information for providing the Services and for administrative purposes.
Responses to Surveys and Questionnaires includes information you provide to us when you respond to marketing materials, promotions, contests, requests for feedback, or other surveys. We collect this information for administrative purposes and marketing and advertising our products and services
Social Media Information includes information that you post by sharing on a blog or another social media platform. We collect this information for administrative purposes and marketing and advertising our products and services. Please note that your comments will be visible to the public, so you should never share personal information that you would like to keep private.
Text Message Opt-In Information includes your opt-in consent to receive marketing messages from us through short codes or similar means. We collect this information for providing the Services, marketing and advertising our products and services, and for administrative purposes.
User-Generated Content includes information about you included in content you upload, comment, or otherwise submit on the Services, such as your name and email address and products you may have purchased. Be aware that as a default, any information you post on the Services, including without limitation reviews, comments, and text, may be available to and searchable by all users of the Services. We collect this information for providing the Services and administrative purposes.

The purposes for which we use your personal information are described in further detail in the “How We Use Personal Information We Collect” section below.

B. Personal Information Collected Automatically Through “Cookies” or Other Tracking Technologies

Cookies are small files created by websites, including our Services, that reside on your computer’s hard drive and that store information about your use of particular websites. When you access our Services, we use cookies and other tracking technologies to:

Estimate our audience size and usage patterns;
Store information about your preferences, allowing us to customize our Services according to your individual needs;
Contact you to provide you with information or services that you request from us;
Advertise new content, events, and services that relate to your interests;
Provide you with more personalized content that is most relevant to your interest areas; and
Recognize when you return to our Services.

We may send one or more cookies to your computer or other device. We set some cookies ourselves, and others are set by third parties. We may also use other similar technologies such as tracking pixels, tags, or similar tools when you visit our Services. These technologies can collect data regarding your operating system, browser type, device type, screen resolution, IP address, and other technical information, as well as navigation events and session information as you interact with our Services. This information allows us to understand how you use the Services.

Some cookies operate from the time you visit the Services until the end of that particular browsing session. These cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser.

Some cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These cookies are called “persistent cookies” and the length of time they will remain on your device will vary from cookie to cookie. Persistent cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Services, how your use of the Services may change over time, and the effectiveness of advertising efforts.

The following chart lists the different types of cookies that we and our service providers use on the Services, examples of who serves those cookies and links to the privacy notices and opt-out information of those cookie servers. Please note that this chart is not exhaustive and these cookies are examples of cookies on the Services. If the Services introduce a cookie or similar tracker that materially differs in kind from those listed here, we will update this Policy.

Types of Cookies	Purpose	Who Serves (for example)
Essential	These cookies are required for the operation of the Services and enable you to move around the Services and use its features. Disabling these cookies can negatively impact the performance of Services.	Change Lending Amazon Cloudflare Google
Functionality	These cookies are used to recognize you when you return to the Services. This enables us to personalize content for you and remember your preferences. These cookies also enable your interactions with the Services such as emailing us and customer support chat.	Google OneTrust
Analytics, Performance, and Research	These cookies, beacons, and pixels allow us to analyze activities on the Services. They can be used to improve the functioning of the Services. For example, these cookies recognize and count the number of visitors and see how they move around the Services. Analytics cookies also help us measure the performance of our advertising campaigns to help us improve them and to optimize the content on the Services for those who engage with our advertising.	Google accessiBe
Social Networking	These cookies are used to enable you to share pages and content that you find interesting on our Services through third-party social networking and other websites. These cookies may also be used for advertising purposes.	Google Meta LinkedIn
Advertising	These cookies and pixels are used to deliver relevant ads, track ad campaign performance, or track email marketing.	Google

You can manage your cookies preference as described in the “Your Privacy Options and Configurations” section below.

C. Personal Information We Receive From Third Parties

We may receive additional information about you from third parties, such as parents, affiliates, subsidiaries, or marketing partners, and combine it with other information we have about you. We will always use that information only as described in this Policy.

3. How We Use Personal Information We Collect

We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A. Providing Our Services

We use your information to fulfill our contract with you and provide you with our Services, such as:

Managing your information and accounts;
Providing access to certain areas, functionalities, and features of our Services;
Answering requests for customer or technical support;
Communicating with you about your account, activities on our Services, and policy changes;
Processing your financial information and other payment methods for products or Services purchased or used;
Processing applications if you apply for a job we post on our Services; and
Allowing you to register for events.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
Measuring interest and engagement in our Services;
Improving, upgrading, or enhancing our Services;
Developing new products and services;
Ensuring internal quality control and safety;
Authenticating and verifying individual identities, including requests to exercise your rights under this Policy;
Debugging to identify and repair errors with our Services;
Auditing relating to interactions, transactions, and other compliance activities;
Sharing personal information with third parties as needed to provide the Services;
Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.

C. Marketing and Advertising our Products and Services

We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law. Some of the ways we market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.

If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in “Contact Us” section below.

D. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

4. How We Disclose Personal Information We Collect

We may collect, use, or disclose personal information for a variety of business purposes, including the following:

To Business Partners and Affiliates. We may disclose personal information to our business partners and affiliates; advisors such as legal advisors and financial advisors; related entities, parent companies, investors, subsidiaries, joint ventures, or other companies under common control; and other third parties.
As Part of Business Transactions or Mergers. We reserve the right to disclose your personal information to third parties as part of any potential business or asset sale, merger, acquisition, investment, round of funding, or similar type of transaction. Additionally, if we are entering into a corporate transaction with a third party, we may receive personal information in connection with the diligence. If we close a transaction, the third party may transfer personal information, which we would use as described in this Policy.
As Part of Bankruptcy or Insolvency. In the event of bankruptcy, insolvency, or dissolution proceedings, we may disclose your personal information with third parties as part of the sale or reorganization process.
To Service Providers. We use service providers to perform various functions on our behalf. We may also receive personal information from service providers.
As Required by Law, for Legal Purposes, and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with regulatory, administrative, or law enforcement requests and legal process, such as a court order or subpoena, or the requests of governmental or regulatory agencies (whether domestic or foreign); (b) respond to your requests, the requests of others, or to lessen the burden of anticipated or formal legal requests; or (c) protect your, our, or others’ rights, property or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the Services.

5. Your Privacy Rights

Under certain international and U.S. state privacy laws, you may be entitled to various privacy rights. Change Lending values your privacy, and we therefore afford privacy rights to residents in Connecticut, California, Minnesota, Montana, and Oregon. The chart below explains these rights, although some exceptions may apply:

Consumer Right	Explanation
Right to Know/Access	You may have the right to confirm whether we are processing your personal information, the right to know specific pieces of personal information we have collected about you, to know the categories of personal information we are processing or have processed, and the right to access that data. You also have the right to know the third parties to whom we have disclosed your personal information.
Right of Correction	You may have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
Right of Deletion	You may have the right to delete your personal information provided by you or obtained about you.
Right to Restrict or Object	You may have the right to object to the processing of your personal information that is based on legitimate interests or your consent.
Right of Portability	You may have the right to obtain your personal information in a portable and—to the extent technically feasible—readily usable format that allows you to transmit the data to another entity without hindrance.
Right to Withdraw Your Consent	You may have the right to withdraw your consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.
Right to Opt-Out	You may have the right to opt-out of the processing of your personal information for the purposes of: (1) Targeted advertising or sharing; (2) The sale of personal information; and/or (3) Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. At this time, we do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you.
Right to Non-Discrimination	You may have the right not to receive discriminatory treatment for exercising the privacy rights conferred by law. We will not discriminate against you because you exercised any of your privacy rights, including, but not limited to, by: denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level of quality of goods or services to you; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to Appeal Your Decision	You may have the right to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

Sensitive Data. We will process sensitive data (as the term or its equivalent is defined by applicable privacy laws) in accordance with any applicable privacy laws. In some instances, that means we will not collect sensitive data without first obtaining your consent or providing you with the right to opt out.

Exercising Your Rights. To exercise your rights, to know/access, correction, deletion, restrict, or portability, as applicable, please email us at privacy@changemtg.com or at 1-833-CHM-0123. To exercise your right to opt-out of sales or sharing of your personal information for targeted advertising please visit our “Your Privacy Choices” page.

Verification. To ensure the protection of your personal information, we may need to verify that the individual submitting a request is the consumer to whom the request relates prior to processing the request, or an authorized agent. To verify a consumer’s identity, we may request up to three pieces of personal information about you to compare against our records when you make a request.

Making a verifiable consumer request does not require you to create an account with us. However, we may require that you access a previously existing account where necessary to submit the request.

We will only use personal information provided in your request to verify your identity and will delete any information you provide after processing the request. We reserve the right to take additional steps as necessary to verify the identity of consumers where we have reason to believe a request is fraudulent.

You may choose a person or business that you authorize to act on your behalf to submit your requests (“Authorized Agent”). If you choose to use an Authorized Agent, we require that you provide the Authorized Agent with written permission to allow them to submit your request and that you verify your identity directly with us. Failure to do so may result in us denying your request.

6. Your Privacy Options and Configurations

Depending on the device(s) you use to access the Services, you may be able to select certain privacy choices or configuration, which are further described below:

Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms of Use or this Policy).
Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.
Text Messages. If you have previously opted-in to receive text messages from us, you may unsubscribe from these messages at any time by following the instructions in the text message, or by replying to the message with the word “STOP”.
Do Not Track (“DNT”). DNT is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals. At this time, our Site responds to the Global Privacy Control.

Cookies and Personalized Advertising. You may stop or restrict the placement of cookies and tracking technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt out of personalized advertisements on some mobile applications by following the instructions provided by Android or iOS. You can find out more about cookies and how to manage them by visiting https://ico.org.uk/for-the-public/online/cookies/.

7. Supplemental Provisions for California Residents

This section supplements our Policy and only applies to our processing of personal information that is subject to California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. as amended by the California Privacy Rights Act and implementing regulations (collectively “CCPA”).

A. Collection of Personal Information

In the preceding 12 months, we have collected personal information from the following categories identified in Section 2, which are described using the terms identified under the CCPA: identifiers, personal information, characteristics of protected classifications, commercial information, biometric information, internet or other similar network activity, geolocation data, audio, electronic, visual, thermal, or similar information, education information, professional or employment related information, and inferences.

B. Disclosure of Personal Information

In the preceding 12 months, we have disclosed personal information in the following categories: identifiers, personal information, commercial information, internet or other similar network activity, and inferences with service providers. We disclose content posted on our social media platforms (e.g., if a consumer “comments” on a story) with other consumers. Such posts may include information in the category of personal information and identifiers, but the content depends on the individual posts.

C. Sharing of Personal Information

In the preceding 12 months, we have shared for cross-contextual behavioral advertising personal information in the following categories: personal information, identifiers, commercial information, and internet or similar networking activity.

D. Sales of Personal Information

In the preceding 12 months, we have not sold the personal information of any consumer for monetary consideration. However, our use for cookies and other tracking technologies may be considered a sale of personal information under the CCPA. Categories of personal information that we have sold under the CCPA include the following: identifiers, personal information, commercial information, internet or similar network activities, and inferences. Categories of third parties to whom personal information is sold under the CCPA include data analytics providers and advertising and marketing providers.

E. Collection of Personal Information from Children under 16

In the preceding 12 months, we have not knowingly collected or processed personal information pertaining to children under the age of 16.

F. Sensitive Data

If we process sensitive data as defined by California law, we will only do so for the purposes specifically authorized by California law and in a manner that is necessary and proportionate for those purposes.

8. Cross-Border Transfers of Personal Information

We process personal information on our servers in the United States, which does not have an adequacy decision, and may do so in other countries. If you use our Services or otherwise provide us with information from outside of the United States, you expressly consent to the transfer of your data to the United States, the processing of your data in the United States, and the storage of your data in the United States.

Personal information about you provide while in another country, including an EEA member state, the UK, or Switzerland may be transferred to the United States. Applicable data protection laws may permit such transfers when necessary for the performance of a contract between you and us, if we obtain your explicit consent to such transfer, or if it is in our legitimate interest to transfer the personal information. The laws in the United States may not be as protective as the applicable data protection laws in the EEA, UK, and Switzerland or the laws of other jurisdictions where you may be located. If we transfer personal information from the EEA, UK, or Switzerland, or another country with cross-border transfer obligations, we will provide an appropriate safeguard, such as using standard contractual clauses.

For more information, please contact us using the information provided in the “Contact Us” section below.

9. How Long Your Personal Information is Kept

We determine how long to retain your personal information by taking into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on our Services we provide to you if we delete some information from or about you, and our obligations under applicable law.

We will retain your personal information until the personal information is no longer necessary to accomplish the purpose for which it was provided. We may retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, an unauthorized access, as necessary to protect our legal rights, or for certain business requirements.

We will delete your personal information when it is no longer necessary for the purpose for which it was collected, or upon your request, subject to exceptions as discussed in this Policy or under applicable law, contract, or regulation.

10. Our Commitment to Data Security

The security of your personal information is important to us. We take various reasonable organizational, administrative, and technical measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. If required by law to do so, we will notify you and/or the relevant supervisory authority in the event of a data breach.

However, we cannot and do not guarantee complete security, as it does not exist on the internet.

11. Third Party Links

Our Services may contain links to third-party websites. When we provide links, we do so only as a convenience and we are not responsible for any content of any third-party website or any links contained within. It is important to note that this Policy only applies to our Services. We are not responsible and assume no responsibility for any personal information collected, stored, or used by any third party as a result of you visiting third-party websites. We also advise that you carefully read the privacy notice of any third-party websites you choose to visit.

12. Children’s Privacy

Our Services are not directed at children (as defined under applicable law). We do not knowingly collect or otherwise process personal information from children. If you believe a child has provided us with information, you can alert us by contacting us as set forth in the “Contact Us” section below.

13. Policy Changes

This Policy may change from time to time. If we need to change this Policy at some point in the future, we will post any changes on this page. If we make a significant or material change to this Policy we will notify you as required by applicable law. You should check these terms when you use the Services. Your continued use of the Services constitutes acceptance of the most current version of this Policy.

14. Contact Us

If you have any questions about this Policy, please contact us by email at privacy@changemtg.com, via phone at 1-833-CHM-0123, or at 175 N Riverview Drive, Suite C, Anaheim, CA 92808.