Legal

    Privacy Policy

    Last updated: April 28, 2026

    1. Who we are

    Ark Beacon ("Ark Beacon," "we," "us") operates a mortgage lead generation network. We collect information from prospective borrowers who voluntarily request to be matched with a lending partner, and we deliver that information to a single, exclusive partner under our 1:1 distribution model.

    2. Information we collect

    When you submit our application form we collect:

    • Identifiers: name, email address, phone number, IP address.
    • Financial information: loan purpose, loan amount, property value & ZIP, down payment, employment status, annual income, employer, years employed, monthly debts, bankruptcy history, credit range, co-borrower details.
    • Internet activity: pages visited, referrer, user agent, Global Privacy Control signal.
    • Consent records: timestamped record of the disclosure shown and your acceptance.

    Some of this is "Sensitive Personal Information" under CPRA (e.g., financial account information). We use it only for the purposes disclosed below.

    3. How we use information

    • To qualify and verify your inquiry across our 7-step intake.
    • To match you with one lending partner whose product, license, and credit box fit your profile.
    • To deliver your inquiry to that partner and respond to your follow-up questions.
    • To detect fraud, secure our systems, and meet legal obligations.

    4. Sharing & "sale/share" disclosure

    We share your information with the single matched lending partner for the purpose of evaluating your loan inquiry. Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), this transfer may be considered a "sale" or "sharing" of personal information. We do not exchange your data with data brokers, advertisers, or any other third parties for their own marketing.

    You have the right to opt out at any time using our Do Not Sell or Share My Personal Information page.

    5. Service providers

    We rely on vetted service providers (cloud hosting, database, authentication, email delivery) bound by written contracts that limit their use of personal information to the services they perform for us.

    6. Retention

    We retain lead information for up to 24 months from submission to support partner follow-up, then delete or de-identify it. Privacy request records are retained for 24 months to demonstrate compliance.

    7. Security

    Personal information is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database access is gated by row-level security; partner access is scoped per-tenant with rotated API keys. We follow SOC 2-aligned operational controls.

    8. Your California rights

    If you are a California resident, you have the right to:

    • Know what personal information we have collected about you and how we use it.
    • Request deletion of your personal information, subject to legal exceptions.
    • Correct inaccurate personal information.
    • Opt out of the sale or sharing of your personal information.
    • Limit the use and disclosure of your sensitive personal information.
    • Be free from discrimination for exercising your rights.

    You can exercise these rights via our privacy request form or by emailing privacy@arkbeacon.com. We honor Global Privacy Control browser signals as opt-out requests.

    9. Children

    Our services are not directed to children under 16, and we do not knowingly collect their data.

    10. Changes & contact

    We will post material changes to this policy here with an updated date. Questions? Email privacy@arkbeacon.com.