Monday – Friday · 9:00am – 6:00pm EST1-888-491-0491
Privacy Policy

How we handle your information.

Irving Fund is a financing partner — not a bank. To match your business with the right lender, we collect a limited amount of information about you and your company. This page explains what we collect, why we collect it, who we share it with, how we protect it, and how to control it.

Last updated: June 13, 2026

Our commitments to you

  • We never sell your data. Not to data brokers, not to advertisers, not to list resellers — full stop.
  • We never share for cross-context advertising. Your information goes only to lender partners you apply to and to the service providers we use to operate.
  • We collect only what we need. If a field isn’t required by a lender or the law, we don’t ask for it.
  • We never run a hard credit pull at application. Only the funding bank may pull hard at offer acceptance — and you’ll know before it happens.
  • You can withdraw or delete your file any time. Subject only to recordkeeping rules our lender partners and federal regulators require us to follow.

1. Who we are

Redwood Lending LLC d/b/a Irving Fund (“Irving Fund,” “we,” “us”) is a New York based financing intermediary, established 2016, headquartered at 880 3rd Avenue, 11th Floor, New York, NY 10022. We help established small businesses access SBA 7(a) loans, conventional term financing, and working capital products through a network of bank and non-bank lenders. We are not a bank or an authorized SBA vendor; we facilitate financing — we do not extend it.

2. What we collect

To prepare and place your application, we collect:

  • Contact information — your name, business name, email, mobile and business phone numbers, and mailing addresses (business and personal).
  • Business information — entity type, EIN, date the business started, NAICS or industry description, annual revenue range, and use of the requested funds.
  • Owner information — date of birth, Social Security number, ownership percentage, and home address for each owner of 20%+ of the business. Required by federal Know-Your-Customer rules for any business credit application.
  • Financial documents — bank statements, tax returns, profit-and-loss statements, balance sheets, debt schedules, and any other documents you choose to share.
  • Technical information — device, browser, and IP address when you use our applications portal, plus the URLs you visited and the marketing source that brought you to us (UTM tags). Standard request-log data, no third-party tracking pixels.

We do not ask for credit card information. We do not charge applicants. We do not run a hard credit pull at any stage of our process; a hard pull may be required by some of our bank partners at the time of funding, and you will be notified in advance if that is the case for your file.

3. How we use it

  • To prepare your application, match it to the lenders most likely to approve it, and submit it on your behalf.
  • To contact you about your application — by email, phone, or text — and to send you required disclosures, offers, and closing documents.
  • To maintain the security of our systems, detect fraud, and meet legal obligations including anti-money-laundering and OFAC screening.
  • To improve our service — for example, by understanding which industries and loan amounts our lender partners are placing successfully.

4. Who we share it with

Your information is shared with the lender partners we submit your application to, and with the third-party service providers we use to operate the platform. We do not sell your data to data brokers, advertisers, or list resellers — full stop.

  • Lender partners — when you choose to apply, we submit your application to one or more lenders. The list of lenders shown to you is based on the program you select (SBA 7(a), Conventional, IDRAW, etc.) and the criteria each lender requires. Each lender will handle your information under its own privacy policy from the point of submission forward.
  • Infrastructure providers — Supabase (database and document storage, hosted on AWS, US-region), Vercel (web hosting), Resend (transactional email), and Twilio (SMS where applicable). These providers process data on our behalf under written data-processing agreements and do not use your information for their own purposes.
  • CRM — Zoho CRM stores contact and pipeline records to help our specialists follow up with you and other applicants.
  • Compliance and legal — when required to comply with a subpoena, court order, lawful government request, or to defend our legal rights.

5. How we protect it

We treat your application data the way we’d want our own treated.

  • Encryption in transit.All traffic to and from this site is encrypted with 256-bit TLS over HTTPS. We enforce strict transport security so older insecure connections aren’t accepted.
  • Encryption at rest. Files you upload (bank statements, tax returns, etc.) are stored encrypted at rest in our document store. Backups are encrypted as well.
  • Access controls. Access to applicant data inside our team is gated to authorized specialists, logged on every read, and audited via activity events on every record. Engineers do not browse borrower files; production data is touched only when an active issue requires it.
  • Sensitive-field handling. Social Security numbers and full bank account numbers are stored only in our primary database. They are never logged, never sent in email or SMS, never displayed in analytics dashboards, and never copied into third-party tools.
  • Vendor security. The infrastructure providers listed in Section 4 are SOC 2 Type II certified and bound by written data-processing agreements. We periodically review the list to make sure it stays the smallest set we need.
  • Breach notification. If we ever discover unauthorized access to your data, we will notify you within the timeframe required by state law (and no later than 72 hours from confirmation) along with what happened and what we did about it.

6. Cookies and tracking

We use a small number of cookies and similar technologies to keep the site working and to measure how it’s used. We do not use cookies to follow you across other websites and we don’t sell cookie-derived data.

  • Strictly necessary.Session cookies that keep you logged in and remember your portal token. The site doesn’t work without these.
  • Analytics. Google Analytics 4 helps us understand which pages are useful, how fast they load, and where the funnel drops off. IPs are truncated and Advertising Features are turned off — we use the basic measurement product, not the ad-targeting one.
  • Conversion measurement. Meta Pixel and LinkedIn Insight Tag fire when you complete the prequalification form so we can measure the cost of acquiring borrowers from each ad channel. They run with privacy restrictions appropriate for financial services.

You can dismiss the cookie banner without accepting anything beyond what’s strictly necessary. You can also block non-essential cookies in your browser’s settings without losing access to the application portal.

7. How long we keep it

We retain your application data for as long as your file is active and for a period after closing as required by lender, federal, and state recordkeeping rules — typically seven years. You can ask us at any time to delete data that we are not required by law to keep.

8. Your rights and choices

You have meaningful control over the information we hold. We honor these rights regardless of which state you live in:

  • Access.Request a copy of the information we have about you. We’ll respond within 30 days.
  • Correction.Ask us to fix anything that’s wrong. No hoops.
  • Deletion.Ask us to delete your file. We will do so unless we’re required by law to retain it (see Section 7), in which case we’ll tell you specifically what we must keep and for how long.
  • Portability. Request the information you provided in a portable, machine- readable format you can take to another lender or broker.
  • Withdraw consent.If you applied and changed your mind before submission, you can ask us to stop and to delete everything we’ve collected so far.
  • Opt out of marketing.Every marketing email has an unsubscribe link. To stop SMS, reply STOP. Transactional emails about an active application (status, offers, closing) will continue while your file is active — those aren’t marketing.
  • Do Not Sell / Do Not Share.We don’t sell or share personal information in the cross-context-advertising sense, so there’s nothing to opt out of — but if you want a written confirmation of that for your records, ask us and we’ll send one.

State-specific rights.If you live in California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Delaware, or any other state with a comprehensive privacy law, the rights above are available to you on the same terms. Contact us using the address below and tell us which right you’d like to exercise; we’ll respond within the timeframe your state requires.

How to exercise any of these rights. Email support@irvingfund.com from the email address we have on file, or call our line at (888) 491-0491. We will not retaliate against you for exercising any right under this policy.

9. Children

Our service is for businesses and the owners of those businesses. It is not directed to people under 18, and we do not knowingly collect information from anyone under 18.

10. Changes to this policy

We will post any changes to this page and update the “Last updated” date above. If a change is material, we will notify active applicants by email at least 30 days before it takes effect.