R11 Privacy Policy

Effective Date: June 4, 2026 · Version 1.0

This Privacy Policy describes how R11 Inc., a Delaware corporation, and its subsidiaries and affiliates, including R11 Capital LLC (collectively, "R11," "we," "us," or "our"), collect, use, share, and protect information in connection with our websites (including r11inc.com and app.r11inc.com), our invoice purchasing and early payment services, and our related communications and applications (collectively, the "Services").

R11 provides financial services to businesses. We do not offer products or services to individuals for personal, family, or household purposes.

1. Information We Collect

What we collect depends on how you interact with us.

1.1 Visitors and Applicants

When you visit our websites or submit an application or inquiry, we collect:

Contact and business information you provide, such as your name, email address, phone number, company name, and information about your business (for example, invoice volume, customer types, accounting systems used, years in business, and payment timelines).
Technical information collected automatically, such as IP address, browser and device characteristics, pages viewed, referral source, and campaign parameters.
Security signals processed by our anti-fraud and anti-bot tools to distinguish legitimate visitors from automated traffic.

1.2 Customers and Authorized Users

When a business becomes an R11 customer and its personnel are invited to use our platform, we collect:

Account information, such as name, business email address, role, and login credentials (passwords are stored in hashed form by our authentication provider; we never see them in plain text).
Acceptance records, such as which agreements and policy versions a user accepted and when.
Platform activity, such as submissions, approvals, and actions taken in the platform, which we record for security, audit, and recordkeeping purposes.

1.3 Customer Business and Financial Information

To provide our Services, we collect information about our business customers, including:

Invoices and receivables information, such as invoice references, amounts, dates, project details, payor identities, and supporting documents the customer uploads or authorizes us to retrieve.
Accounting data, if the customer connects an accounting platform (such as QuickBooks Online), including invoices, customers, payments, bills, vendors, and financial reports.
Bank account and transaction data, if the customer connects a bank account through our data access providers, including account and transaction history, balances, and account identifiers. We store only partial (last-four) account and routing numbers in our systems; full account numbers used for payments are held by our regulated payment processors. We never see or store bank login credentials — those are handled directly by the data access providers described in Section 4.
Underwriting and verification information, such as business legal name, tax identification numbers, ownership information, and, where required for identity verification, credit evaluation, or legal compliance, information about a business's principals or owners, which may include government identifiers such as Social Security numbers. We collect this information through secure channels, restrict access to it, and do not display it back through the platform.

1.4 Our Customers' Customers

Our business customers sell goods and services to their own customers (for example, homeowners who purchase solar installations). When we purchase or evaluate a receivable, the related records — such as invoices and accounting entries — may identify those individuals by name or contain limited information about them. We receive this information from our customers as part of the receivables and supporting records, not from the individuals themselves. We use it only to provide our Services: verifying, purchasing, servicing, and collecting receivables; preventing fraud; and meeting our legal and audit obligations. We do not market to these individuals, and we do not sell their information.

If you believe an R11 customer has shared your information with us and you have questions, you may contact us using the details in Section 12, or contact the business you transacted with directly.

1.5 Payors and Business Counterparties

We collect information about the businesses obligated to pay the invoices we purchase (such as financing platforms, lenders, and other payors), including payment behavior and contact details, primarily at the business level.

2. How We Use Information

We use the information described above to:

Provide, operate, and improve the Services, including evaluating applications, verifying invoices, advancing funds, detecting payments, and settling reserves;
Assess risk and make credit and purchasing decisions about businesses that apply to or work with us;
Verify identities, prevent fraud, and comply with legal obligations, including sanctions screening and financial recordkeeping requirements;
Secure our systems, enforce our agreements, and maintain audit trails;
Communicate with you, including transactional and service messages about your account and transactions, and — with appropriate consent or as otherwise permitted by law — marketing communications about our products and services (see Section 7); and
Comply with law, respond to lawful requests, and protect the rights, safety, and property of R11, our customers, and others.

We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising. We do not use third-party advertising trackers on our websites.

We share information only as described below:

Service providers. We use companies that perform services on our behalf, such as cloud infrastructure and database hosting, authentication, content delivery and security, email and text message delivery, electronic signature, and customer relationship management. These providers are permitted to use information only to provide services to us.
Financial data and integration partners. As described in Section 4, when a customer connects an account, information flows between R11 and the named integration partners under the customer's authorization.
Payment processors and financial institutions. To move funds, we share necessary information (including full bank account details, which the processor — not R11 — maintains) with regulated payment processors and banking partners.
Payors and parties to a transaction. To verify, purchase, and collect receivables, we may communicate with the payor on an invoice and share information reasonably necessary for that purpose, such as notices of assignment.
Professional advisors. We share information with our lawyers, accountants, auditors, and insurers as needed.
Financing, diligence, and corporate transactions. We may share information with actual or prospective lenders, investors, and their advisors in connection with financing facilities, capital raising, due diligence, audits, or a corporate transaction such as a merger, financing, or sale of assets — under confidentiality obligations.
Legal and safety. We disclose information when required by law, regulation, legal process, or government request, or when we believe disclosure is necessary to protect rights, safety, or property, or to enforce our agreements.
With direction or consent. We share information when you direct us to or otherwise consent.

Text messaging opt-in data: No mobile information, including text messaging originator opt-in data and consent, will be shared with or sold to third parties or affiliates for their own marketing or promotional purposes. The exclusions above do not apply to information sharing necessary to deliver the messages themselves (such as with our messaging service providers).

4. Connected Accounts and Data Access Providers

Customers may choose to connect external accounts to the platform. These connections are optional, authorized by the customer, and revocable.

Accounting (Intuit QuickBooks Online). If a customer connects QuickBooks Online, we access the accounting data the customer authorizes through Intuit's interfaces, subject to Intuit's terms and privacy practices. The customer can disconnect the integration at any time through the platform or through Intuit.
Bank data (Quiltt and its aggregation partners). If a customer connects a bank account, the connection is made through Quiltt, Inc., which works with financial data aggregators such as Mastercard (Finicity) and MX. The customer authenticates directly with their financial institution inside the connection flow; R11 never receives or stores bank login credentials. Use of the connection flow is subject to the end user terms and privacy notices presented within it, including those of Quiltt and the applicable aggregator. Customers may revoke a bank connection at any time through the platform or by contacting us, and may also have revocation rights directly with the aggregator or their financial institution.

When a connection is made, we record who authorized it and when.

5. Cookies and Similar Technologies

We use only the cookies and similar technologies necessary to operate and secure the Services:

Authentication cookies that keep users signed in to the platform; and
Security technologies that process limited device and network signals to protect our forms and infrastructure from bots and abuse.

We do not use advertising cookies or third-party analytics trackers. Because we do not track users across third-party websites, we do not respond to "Do Not Track" browser signals. If our use of cookies changes materially, we will update this Policy and, where required, provide additional choices.

6. Security

We maintain administrative, technical, and physical safeguards designed to protect information, appropriate to the sensitivity of the data we handle. These include encryption of data in transit and at rest, access controls that segregate each customer's data, and storage of only partial bank account numbers in our systems. No system is perfectly secure; if a breach affecting your information occurs, we will notify you and regulators as required by applicable law.

7. Communications and Your Choices

Transactional messages. We send service and transactional messages (for example, application status, funding confirmations, and security notices) as part of providing the Services. You cannot opt out of essential service messages while you use the Services.
Marketing email. You may opt out of marketing email at any time by using the unsubscribe link in any marketing message or by contacting us.
Text messages. If you opt in to receive text messages from R11, message frequency varies, and message and data rates may apply. Reply STOP to cancel at any time and HELP for help. Consent to receive marketing texts is not a condition of obtaining any R11 product or service. Carriers are not liable for delayed or undelivered messages.

8. Data Retention

We retain information for as long as needed to provide the Services and for legitimate business and legal purposes afterward. Because we are a financial services company, we are subject to recordkeeping obligations: records of transactions, funding, collections, credit decisions, agreements, and related audit trails are retained for the period required by applicable law, our regulatory and contractual obligations, and the needs of audits and financing arrangements — typically at least seven years for financial transaction records. Where we can honor a deletion request without violating these obligations, we will; where we cannot, we will tell you and restrict the information to retention purposes.

9. State Privacy Rights

Depending on where you live, state law may provide rights regarding personal information, such as rights to access, correct, or delete it, or to opt out of certain uses. We honor rights requests as required by applicable law. To make a request, contact us using the details in Section 12; we will verify your identity and respond within the time required by law. If you are an individual whose information we received from one of our business customers, we may refer your request to that customer or ask them to assist in verifying it.

As additional state privacy laws become applicable to R11, we will supplement this section with the required state-specific disclosures.

10. Children

The Services are intended for businesses and their authorized representatives. They are not directed to anyone under 18, and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Policy from time to time. The current version, its effective date, and version number are always posted at our legal page. For material changes, we will provide notice through the Services or by email before the change takes effect. Each version is retained in our records.

12. Contact Us

R11 Inc. Attn: Privacy 233 S Wacker Dr, Suite 4400 Chicago, Illinois 60606 Email: support@r11inc.com