Global Privacy Policy

Last updated: April 2026

1. General Information and Contact Details

At AltScore (ALTSCORE INC in the United States, KINLENDING S.A. in Ecuador, and AltScore S.A. de C.V. in México, “AltScore”, “we”, “us” or “our”), we believe technology should make lending better for everyone—more accessible, more transparent, and more fair. Data privacy and security are at the core of everything we build. While industry-leading certifications and compliance frameworks guide our approach, our philosophy goes beyond checkboxes. We design our products with privacy-first principles and a deep respect for the individuals whose data passes through our platform.

We understand that every piece of client’s and partner’s data should receive proper treatment. That’s why we apply best practices, stringent security measures, and automation to ensure data is handled ethically and responsibly. If you’re an individual who wants to know how your data was processed by one of our partners through AltScore, we encourage you to reach out—we believe in transparency and are here to help.

We are technology enthusiasts, leveraging AI and automation to create digital lending experiences that are not just efficient but also empathetic. Our goal is to empower individuals and their businesses, particularly those who have been historically underbanked, by giving them access to fairer financial opportunities—not limiting them due to a lack of traditional financial history.

At the same time, we recognize that innovation must be balanced with responsibility. Compliance and ethical data handling are not just obligations but priorities that shape how we build and operate. As we push the boundaries of financial technology, we remain committed to upholding the highest standards of privacy, security, and regulatory compliance—always ensuring that our solutions serve people, not just algorithms.

Headquarters:

Ecuador: Edificio Aveiro, Av. de los Shyris 32-42, Quito
United States: 4201 Cathedral Ave, Unit 919E, Washington DC, 20016
Mexico: Edificio Tabasco 262, Interior 302, CDMX

For questions about data usage, contact our Data Protection Officer: data.protection@altscore.ai

2. Our Approach to Data Protection

At AltScore, privacy is more than a regulatory requirement—it’s a commitment. We believe in using data ethically, ensuring transparency, and empowering individuals to control their information. Our privacy-first approach integrates compliance into every product and service, supporting both our customers and their end users.

Core Principles:

Transparency: Clear and concise communication on how data is collected, used, and shared.
Purpose Limitation: Collecting only the data necessary for specific, legitimate purposes.
Data Minimization: Using anonymized and pseudonymized data wherever possible.
Security: Protecting data through a wide and automated security program, cutting-edge data protection technology, and strict access controls.

3. Security Compliance and Certifications

AltScore holds SOC 2 and ISO 27001 certifications, ensuring that our data handling processes meet globally recognized security standards. Our infrastructure is designed to safeguard data through encryption, access management, and continuous monitoring.

4. What Data Do We Collect and Why?

We collect and process different types of data to securely deliver our services.

Transactional Data: Raw data from partner’s transactions collected during scoring and initial integration, including transactional data obtained automatically through tailored integrations and manually for re-scoring processes.
Public Aggregated Insights: Public data points that are used for predictive analytics, risk profiling, and improving our credit-scoring models.
Behavioral Metadata: Information related to device interactions, user behavior, usage patterns, and transactional data. This allows us to assess creditworthiness and provide real-time credit decisions.
Technical Data: Device identifiers, browser type, IP address, and operating system information, which help us ensure system performance, security, and fraud prevention.

We ensure that all collected data is relevant, limited to what is necessary, and processed securely. Sensitive personal information is only collected with consent, and we do not use it for purposes beyond those specified.

We collect data with consent, obtained directly through AltScore’s platforms and services or indirectly through our partner organizations. Consent inheritance is permitted when partners have obtained consent from users in compliance with applicable regulations.

Consent Inheritance:

If a partner collects consent for using AltScore’s services, we rely on that consent to process data.
Partners are responsible for ensuring consent aligns with legal requirements.

Users have the right to withdraw their consent at any time. This can be done either through the platform provided by the partner or by contacting AltScore directly. If a user chooses to withdraw consent through the partner’s platform, the partner may have specific instructions or procedures that the user will need to follow. If a user chooses to withdraw consent by contacting AltScore directly, they can do so using the contact information provided by AltScore.

We share data only when necessary to deliver our services, and we take precautions to ensure that data is shared securely and in compliance with applicable laws and regulations.

Product-related operations: Credit assessment results are shared with clients and strategic partners, respecting the consent between data-holders and processors.
Service Providers: Limited information may be shared with infrastructure partners. We perform security assessments on our critical third-party providers.
Legal Compliance: Data may be disclosed when required by law or to protect individual rights.

Cross-Border Data Transfers: AltScore operates globally, ensuring that all cross-border data transfers comply with relevant data protection laws locally and globally.

Cloud Providers: We are a cloud-native company. Our data is securely stored using industry-leading cloud providers: Google Cloud Platform (GCP), MongoDB Cloud, and Amazon Web Services (AWS). These platforms provide enterprise-grade security measures, such as encryption at rest and in transit, regular audits, and state-of-the-art data protection mechanisms. Additionally, our infrastructure is designed with high availability to ensure uninterrupted service and rapid recovery in the unlikely event of an incident.

7. Data Retention and Storage

We retain data only as long as necessary to provide services and fulfill legal obligations. To meet local and global regulatory requirements, data is stored for up to three (3) years unless earlier deletion or anonymization is requested.

After three years, or upon earlier request, data is securely deleted or anonymized. If data is stored in backup systems, it is isolated from other data and protected by bank-level technology and processes until permanent deletion is possible.

8. Your Rights Under the Law

AltScore’s clients and partners have the following rights regarding their data:

Withdraw Consent: Revoke consent at any time.
Erasure: Request deletion of data.
Restrict Processing: Limit data usage to specific purposes.
Data Portability: Request transfer of data to another organization.
Access: Know what data is held and how it is used.
Rectification: Correct inaccurate or incomplete data.

You are not required to pay any charge for exercising your rights. Due to pseudonymization, AltScore may require additional information from the partner organization to fulfill certain requests.

9. Claims

We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you wish to complain about how your personal data is used by AltScore, please write to us at: data.protection@altscore.ai

AltScore will investigate your complaint and aim to respond within 10 working days.

10. Your Right to Lodge a Complaint with the Supervisory Authority

If you believe that your rights under this Policy or applicable data protection laws have been violated, you have the right to complain to a relevant Data Protection Authority or regulator who governs data-privacy issues under your country or region.

Government institutions for forwarding claims in the countries we operate:

USA: The data protection authority that applies is determined by the location of the data holder in the USA.
Mexico: Agencia de Acceso a la Información Pública
Argentina: Agencia de Acceso a la Información Pública
Ecuador: Superintendencia de Protección de Datos