Privacy Policy

Please read this document carefully and save or print a copy for your records.

Eos Loan is a brand of EOS Solar Inc, a Texas corporation (NMLS #2744537) (“Eos Loan,” “Eos,” “we,” or “us”). We respect your privacy and your expectation of security over your personal information and are committed to protecting it through compliance with this Privacy Policy.

This Privacy Policy applies when you visit the Eos websites or use any of our online services (collectively, the “Services”) as: an applicant for or borrower of consumer financing for energy batteries, water filters, EV chargers, and related home-energy equipment (“customer”); a manufacturer, contractor, representative of a contractor, or distributor partnering with Eos (“contractor”); or a capital provider, investor, potential investor, or other user of our Services (“Services user”). It describes the information we collect, how we use it, and the circumstances under which we share it.

Our consumer financing is offered to individuals in the states where Eos Loan is licensed or otherwise permitted to lend (currently including Texas, Massachusetts, and Florida). We may change this Privacy Policy from time to time; changes take effect when posted, as shown by the “Last Update” date above.

FINANCIAL PRIVACY (GRAMM-LEACH-BLILEY ACT)

Because we provide consumer financial products, our collection, use, and sharing of your nonpublic personal financial information are also governed by the Gramm-Leach-Bliley Act (GLBA) and Regulation P. The categories we collect and share, and your right to limit certain sharing, are described in our separate Consumer Privacy Notice (the “FACTS” notice), delivered when you become a customer and available at https://eosloan.com/legal/financial-privacy-notice. If anything here conflicts with the Consumer Privacy Notice as to your financial information, the Consumer Privacy Notice controls.

INFORMATION WE COLLECT

From customers.

We collect information necessary or useful to process and administer the products and Services you request, including: (1) information you provide on applications or other forms — such as your name, phone number, email, Social Security or taxpayer-identification number, date of birth, address, employment, income, assets, and bank-account and payment information; (2) the installation address and information about the equipment to be financed; (3) information about your transactions, such as amounts financed, account balances, and payment history; (4) information from third parties, including consumer reporting agencies, data-aggregation providers, and identity-verification services; and (5) device, IP address, geolocation, and usage information when you use the Services or complete loan documents.

Where an application involves a business (for example, a contractor account or a commercial guarantor), we may also collect information about its principals or guarantors, such as Social Security numbers and dates of birth.

From contractors.

We collect contractor legal-entity and personnel contact information and tax-identification number; information about transactions originated through the contractor; information from commercial credit reporting agencies; device, IP address, and usage information; and other information you provide when you register as a contractor.

From Services users.

We collect information automatically when you interact with the Services (through cookies and similar technologies) and information you provide when you create an account, request information, sign up for our email list, complete a survey, request support, or otherwise contact us.

ENERGY AND DEVICE DATA

If we finance a battery, energy-storage system, EV charger, or related equipment (the “System”), we and our service providers may collect and process data from the System and your account, including state of charge, charge and discharge activity, energy production, storage and consumption, operating modes, device identifiers, firmware status, fault and performance data, and associated grid and meter signals (“Energy Data”). We use Energy Data to operate and optimize the System, verify the financed asset, enable virtual power plant (VPP) and other energy programs you opt into, support underwriting and servicing, and improve our products. The authorizations governing System operation and VPP participation, and how any related value is allocated, are in your Terms of Use and enrollment disclosures.

HOW WE USE YOUR INFORMATION

We use your information to: verify your identity and evaluate your application; where Eos is the lender, underwrite, originate, and service your loan; obtain consumer reports and report account information to consumer reporting agencies; operate the System and enable energy programs you opt into; process card and ACH payments and disbursements (one-time and autopay); verify your identity (including document and biometric checks) and detect and prevent fraud; communicate with you about your application, account, and our products and Services; perform analytics and improve the Services; and comply with applicable law.

AUTOMATED DECISIONING AND ALTERNATIVE DATA

We use automated processes and statistical or machine-learning models, together with information from consumer reporting agencies and additional (“alternative”) data sources, to verify identity and evaluate applications. With your authorization, alternative data may include bank-account and cash-flow information obtained through a data-aggregation provider (Plaid, accessed via Stripe) and rent, utility, telecommunications, and similar payment data (which may include sources such as NCTUE, DataX, The Work Number, and buy-now-pay-later data). If we take an adverse action based in whole or in part on a consumer report or a credit score, you will receive the notices required by the Equal Credit Opportunity Act and the Fair Credit Reporting Act, including the specific principal reasons for the decision — see our FCRA Disclosure and Credit Authorization.

PAYMENTS AND PAYMENT PROCESSING

We use Stripe to process payments — including credit and debit card payments and bank transfers (ACH) — for both one-time payments and recurring automatic payments (“autopay”). When you make or authorize a payment, Stripe and the relevant card networks, issuing banks, and payment providers collect and process your payment information (such as card or bank-account details, billing information, and device and transaction data) to process the transaction, authenticate you, and detect and prevent fraud. Stripe may store your payment method and update it through card-network account-updater services so your payments continue to work. Stripe processes this information under its own privacy policy at https://stripe.com/privacy. Your recurring-payment authorization is described in your Payment Authorization.

BANK-ACCOUNT INFORMATION AND OPEN FINANCE

With your consent, when you link a bank account, a data-aggregation provider (Plaid, accessed through Stripe’s Financial Connections) connects to your financial institution and shares your account and transaction information with us. We use this information to verify your account, support underwriting and servicing, and enable ACH payments. You may disconnect a linked account or request deletion as described by the provider and in this Privacy Policy.

IDENTITY VERIFICATION AND DOCUMENT CHECKS

To verify your identity and prevent fraud, we and our service providers (including Stripe Identity) may collect and verify government-issued identification and other documents you provide (such as images of your ID) and compare the information against authoritative and third-party sources.

BIOMETRIC INFORMATION

Our identity-verification process may involve a biometric check — for example, a photo or short “selfie”/liveness video used to confirm that you match your identification through facial-geometry analysis performed by our service provider (Stripe Identity). Where this occurs, we and our service provider collect and use biometric identifiers and biometric information solely to verify your identity and prevent fraud, with your consent, and do not sell them. We handle biometric data in accordance with applicable biometric-privacy laws, including the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Illinois Biometric Information Privacy Act, and similar laws, and we retain it only as long as needed for that purpose and within any period required by law. See our Biometric Information Notice and Consent for details.

INTERNET TECHNOLOGIES AND COOKIES

Our servers record the IP address and the pages visited when you use the Services. Our online Services may use cookies and similar technologies to verify your identity, remember preferences, enhance your experience, and improve our products and Services. You may opt out of certain cookies through your browser; disabling cookies may limit features. Our Services do not respond to legacy “Do Not Track” signals; however, we honor a recognized Global Privacy Control (GPC) signal as a request to opt out of the sale or sharing of personal information where required by applicable law.

GEOLOCATION, DEVICE, AND SECURITY INFORMATION

For fraud prevention, security, and audit purposes, we record device and connection information (including IP address, approximate geolocation, and device characteristics) associated with key account events. Where biometric login (such as fingerprint or face) is offered, we provide and obtain any consent required by applicable biometric-privacy laws (e.g., the Illinois Biometric Information Privacy Act) before collecting biometric identifiers. See our Biometric Information Notice and Consent for details.

INFORMATION DISCLOSED AND TO WHOM

Eos does not share your information with affiliated or nonaffiliated third parties except when required, for everyday business purposes, when you authorize us to do so, or as permitted by law. Examples include verifying application information; where Eos is not the lender, submitting your application to the Financier you request; operating the System and energy programs you opt into; processing payments and disbursements; reporting to consumer reporting agencies; and preventing fraud. We may disclose information to service providers (such as our payment processor (Stripe), data-aggregation provider (Plaid), identity-verification provider, energy-program operators/aggregators, and consumer reporting agencies) who are required to use it only to provide services to us or as permitted by law, and to regulators or in response to a court order or subpoena. Your right to limit certain sharing of financial information is described in the Consumer Privacy Notice (FACTS).

YOUR PRIVACY RIGHTS

Correction.

You may request correction of inaccurate personal information we maintain. We may request documentation to verify accuracy and may deny a repeat request made within six (6) months absent new documentation. As an alternative to correction, we may delete inaccurate information where it does not negatively impact you or where you consent.

State privacy rights.

Depending on your state of residence, you may have rights to access, correct, delete, or obtain a copy of certain personal information, and to opt out of targeted advertising, sale, or certain profiling. Important: personal information we collect, process, or maintain to provide financial products and services is generally regulated under the GLBA and is exempt from the Texas Data Privacy and Security Act (TDPSA) and most comparable state privacy laws; those state-law rights therefore apply primarily to information not covered by the GLBA (for example, general website-visitor data). To exercise any available right, contact our Data Protection Officer at dpo@eosloan.com (or compliance@eosloan.com for complaints); we will verify your request as required by law.

CONFIDENTIALITY AND SECURITY

We restrict access to your information to teammates and service providers with a business need to know. We maintain commercially reasonable administrative, technical, and physical safeguards consistent with the GLBA Safeguards Rule (16 C.F.R. Part 314) and applicable state law; for Massachusetts residents, we maintain a written information security program (WISP) as required by 201 CMR 17.00. We retain your personal information while you have an account or while we provide products or Services to you, and thereafter as necessary to respond to questions or claims, demonstrate fair treatment, or keep records required by law; when no longer necessary, we delete or anonymize it.

CONTACTING YOU

You agree that we may contact you for lawful purposes related to your application and account and, where you consent, to market our and our partners’ products and services. We may contact you by mail, telephone, email, or text message, including, where you consent, using automated dialing systems and prerecorded messages at the numbers you provide. You are not required to provide your mobile number as a condition of receiving credit, and you may withdraw consent to automated marketing communications at any time by contacting us or by any reasonable means (for example, replying STOP to a text).

THIRD-PARTY LINKS; AGE RESTRICTIONS; CHANGES

Our Services may link to third-party websites we do not control; we are not responsible for their privacy practices. Our Services are intended for individuals 18 years of age or older; we do not knowingly collect information from anyone under 18. For any material changes, we will post an updated policy with an effective date. If you have questions or wish to exercise privacy rights, contact our Data Protection Officer at dpo@eosloan.com; for compliance matters, compliance@eosloan.com; for general inquiries, contact@eosloan.com.