Last updated: May 26, 2026
Andrew Steinmeyer Loan Consulting — Privacy Policy
This Privacy Policy describes how Andrew Steinmeyer Loan Consulting (“Andrew Steinmeyer,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit andrewsteinmeyer.com, use our online forms, subscribe to communications, or engage our loan consulting Services in the United States.
By using the Site or Services, you acknowledge this Privacy Policy. If you do not agree, please do not use the Site or provide personal information to us.
This Policy applies to personal information we process as a controller or business, as those terms are defined under applicable U.S. state privacy laws. It does not apply to information processed solely by third-party lenders, payment processors, or analytics providers under their own policies, though we describe how those relationships may affect you.
We are committed to handling personal information responsibly and in compliance with applicable federal and state privacy laws, including where relevant the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and similar laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy statutes.
This Policy covers visitors to the Site, prospective and current consulting clients, newsletter subscribers, and individuals who communicate with us by email or through video sessions.
Andrew Steinmeyer Loan Consulting determines the purposes and means of processing personal information described in this Policy for our own operations. Lenders you apply to independently determine their processing when you enter a relationship with them.
Our Terms of Service govern use of the Site. This Policy governs privacy practices. If there is a conflict regarding privacy, this Policy controls.
We may collect identifiers such as your name, email address, state of residence, and IP address; commercial information such as stated loan purpose, approximate loan amount, employment status, and self-reported credit band; internet activity such as pages viewed, referring URLs, and device type; and communications you send us, including contact form messages and email correspondence.
If you engage in a consulting engagement, we may collect additional financial information you voluntarily provide, such as income ranges, debt summaries, asset descriptions, and documents you upload for review. We do not intentionally collect Social Security numbers through public website forms; if you choose to share highly sensitive identifiers by email, you do so at your own risk and we encourage use of secure methods we specify.
We may collect information from third parties such as credit-related data only if you authorize us and the third party to share it, or as otherwise permitted by law.
The following table summarizes categories we may collect. Specific data depends on your interactions.
Some state laws define sensitive personal information to include government identifiers, precise geolocation, and financial account logins. We minimize collection of sensitive data and request it only when necessary for Services you request.
We collect information directly from you when you complete forms, subscribe to emails, correspond with us, participate in consultations, or upload documents.
We collect information automatically through cookies, pixels, and similar technologies when you browse the Site, as described in Section 7.
We may receive information from referral partners or lenders only when you ask us to coordinate an introduction and consent to sharing.
Contact, subscribe, and service inquiry forms collect information you enter. Required fields are marked; optional fields help us tailor responses.
Our hosting providers may log IP addresses, user agents, timestamps, and requested URLs for security and troubleshooting.
We use personal information to respond to inquiries, provide consulting Services, prepare comparisons and educational materials, communicate about appointments and deliverables, process payments, improve the Site, detect fraud and security incidents, comply with law, and send marketing communications where permitted and with appropriate choices.
We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising as defined under some state laws without offering required opt-outs where applicable.
We may use de-identified or aggregated information that cannot reasonably identify you for analytics and service improvement.
We use contact information to schedule consultations, deliver written summaries, and follow up on open questions related to your financing goals.
With your consent where required, we may send newsletters and educational content. You may unsubscribe using the link in each email or by emailing contact@andrewsteinmeyer.com.
We may use and disclose information to comply with subpoenas, respond to government requests, enforce our Terms, and protect against fraud or harm.
For U.S. users, we rely on consent where required (for example, marketing emails), performance of a contract or steps at your request before entering a contract (providing requested consulting), legitimate interests (securing the Site, improving Services, and communicating about your inquiry) balanced against your rights, and compliance with legal obligations.
Where state laws require a specific basis for sensitive personal information, we limit collection and use to what is necessary for the purposes disclosed at collection.
Where we rely on legitimate interests, we consider whether processing is necessary, whether less intrusive means exist, and whether your rights override our interests for specific activities.
We may share information with service providers who assist with hosting, email delivery, analytics, payment processing, scheduling, and document storage, subject to contractual confidentiality and use restrictions.
We may share information with lenders or brokers in our network when you direct us to facilitate an introduction or application.
We may disclose information if required by law, subpoena, or court order, or to protect rights, safety, and security of users, us, or others.
In connection with a business transaction such as a merger or sale of assets, information may be transferred subject to confidentiality obligations.
Typical categories of providers include website hosting, cloud storage, email marketing platforms, customer relationship management tools, video conferencing providers, and payment gateways. Contracts require providers to use data only to perform services for us.
We do not sell your personal information to data brokers. Referrals to lenders occur only at your direction and are not a "sale" of personal information under CCPA when conducted as a service you request.
When you ask us to introduce you to a lender, we share only the information necessary for that introduction, which may include your name, contact details, stated loan purpose, and summary financial information you authorized. Lenders may request additional documentation directly from you under their own privacy policies and regulatory obligations.
We may disclose information to courts, regulators, and law enforcement when we believe in good faith that disclosure is required or advisable to comply with law, protect our rights, investigate fraud, or protect the safety of any person.
We use cookies and similar technologies to remember preferences, maintain session integrity, measure Site performance, and understand how visitors use our content.
You can control cookies through browser settings and, where offered, through our cookie preference tools. Disabling certain cookies may affect Site functionality.
We do not respond to all "Do Not Track" signals uniformly because industry standards vary; we describe choices available in this Policy and on the Site.
Most browsers allow you to refuse or delete cookies. Refer to your browser help documentation for instructions. Mobile devices may offer advertising identifier controls in system settings.
We may use third-party analytics services such as Google Analytics or comparable tools to collect usage statistics. These providers may set their own cookies and collect information according to their policies.
We may use aggregated analytics to improve content, navigation, and conversion on the Site. We do not use analytics to make automated lending decisions because we are not a lender.
If we use Google Analytics, Google may collect information such as how often users visit pages. You can learn about Google practices at policies.google.com and use browser add-ons to opt out where available.
Marketing emails may include pixels that tell us whether messages were opened or links clicked, so we can improve content. You can limit tracking by disabling images or unsubscribing.
If you are a California resident, you may have the right to know categories and specific pieces of personal information collected, sources, purposes, and categories of third parties with whom information is shared; to delete personal information subject to exceptions; to correct inaccurate information; to limit use of sensitive personal information where applicable; and to opt out of sale or sharing as defined by law.
To exercise rights, email contact@andrewsteinmeyer.com with "California Privacy Request" in the subject line. We will verify your request using information associated with your inquiry. You may designate an authorized agent with written permission.
We will not discriminate against you for exercising privacy rights. We provide this Policy as our notice at collection for California residents.
In the preceding twelve months, we may have disclosed identifiers, commercial information, and internet activity to service providers for the business purposes described in Section 4. We do not sell personal information.
California Civil Code Section 1798.83 permits California customers to request certain information about disclosure of personal information to third parties for direct marketing. We do not share personal information with unaffiliated third parties for their direct marketing without your consent.
We verify requests to a reasonable degree of certainty. Excessive or unfounded requests may be denied as permitted by law.
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale, or certain profiling, subject to exceptions.
Appeal rights may apply if we deny a request; instructions will be provided in our response.
Where required, we honor universal opt-out mechanisms recognized under applicable state regulations for targeted advertising and sale of personal data.
Residents may submit access, correction, deletion, and portability requests, and opt out of targeted advertising and sale. Contact contact@andrewsteinmeyer.com.
Similar rights apply with state-specific deadlines and appeal processes we will describe in our response.
Newer state laws may impose additional requirements we monitor and implement as they become effective.
We retain personal information for as long as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on sensitivity and purpose.
Consulting files may be retained for several years after engagement ends unless you request deletion subject to legal exceptions. Marketing lists are retained until you unsubscribe or we determine records are no longer needed.
We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit for the Site (HTTPS), access controls for internal systems, and vendor due diligence.
No method of transmission or storage is completely secure. You are responsible for safeguarding credentials and for the security of information you send by email if you choose less secure channels.
If we become aware of a security incident affecting personal information, we will investigate and provide notifications required by applicable breach notification laws.
Use strong passwords for any account features, do not share login credentials, and notify us promptly if you suspect unauthorized access.
The Site and Services are not directed to children under thirteen (13) years of age, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will take appropriate steps to delete it.
Our Services target adults. Users between 13 and 18 should use the Site only with parental involvement and not submit loan applications without a parent or guardian.
The Site is intended for users in the United States. If you access the Site from outside the U.S., you understand that information may be processed in the United States where privacy laws may differ from those in your country.
Information may be stored on servers located in the United States. By using the Site, you consent to transfer and processing in the U.S. to the extent permitted by your local law.
We may update this Privacy Policy by posting a revised version with an updated date. Material changes may be communicated by email or Site notice where appropriate.
We encourage you to review this Policy periodically. Continued use after updates constitutes acknowledgment of the revised Policy where permitted by law.
For privacy questions or rights requests, email contact@andrewsteinmeyer.com. We will respond within timeframes required by applicable law.
We do not accept privacy requests by telephone or postal mail. Email contact@andrewsteinmeyer.com for all privacy-related communications.
We design data collection forms to collect only information reasonably necessary for the stated purpose, consistent with Federal Trade Commission guidance on data minimization and state privacy law requirements effective in 2024 and later.
When you unsubscribe from marketing emails, we retain a hashed or suppressed record of your email address to honor your opt-out preference across future campaigns, which is not used for promotional messaging.
If you participate in a video consultation, the conferencing provider may process audio, video, and connection metadata under its own privacy policy; we select providers that offer reasonable security controls.
We may aggregate inquiry trends, such as percentage of users interested in debt consolidation versus business loans, for internal reporting without identifying individuals.
If law enforcement requests information without appropriate legal process, we review requests carefully and may object, narrow, or comply as required by applicable law and our legal counsel's advice.
We do not use personal information to make solely automated decisions that produce legal or similarly significant effects concerning you, such as automated loan approvals, because we are not a lender.
Employees and contractors with access to personal information receive training on confidentiality, phishing awareness, and incident reporting on a periodic basis.
We require service providers to implement safeguards appropriate to the sensitivity of data processed and to notify us of security incidents affecting our data without undue delay.
If you are a Nevada resident, you may submit opt-out requests regarding sale of certain covered information under NRS Chapter 603A; we do not sell covered information as defined by that statute.
If you are a Maine or Maryland resident, additional rights may apply to certain categories of data under state-specific statutes; contact us for applicable procedures.
We may publish anonymized case studies describing general client situations with identifying details removed or altered with permission.
Cookie consent banners, where displayed, record your choices so we can respect them on subsequent visits subject to technical limitations of browsers and devices.
We retain logs of privacy rights requests to demonstrate compliance with regulatory timelines and to improve our verification processes.
If you provide information about another person, such as a co-borrower, you represent that you have authority to share that information and that you have informed them of this Policy where required.
We may use standard contractual clauses or comparable safeguards when a service provider processes data outside the United States, to the extent applicable to our arrangements.
Device fingerprinting is not a primary collection method for us; we rely primarily on cookies and information you voluntarily supply.
We do not knowingly process personal information for purposes materially different from those disclosed at collection without providing notice and obtaining consent where required.
Public posts you make on our social media pages are subject to the platform's privacy policy as well as this Policy for information we download or retain from those channels.
We may de-identify data using industry-standard techniques and commit not to re-identify de-identified data except as permitted by law.
Financial institutions you apply to may request information from us only with your authorization; we verify authorization before releasing client files.
If you request deletion, we may retain certain records to comply with tax, accounting, anti-fraud, or litigation hold obligations as permitted by applicable privacy laws.
We review this Policy at least annually and when we launch new features that change how personal information is collected or used.
Questions about how a specific lender uses your data after referral should be directed to that lender's privacy officer or published privacy notice.
We do not offer financial incentives conditioned on collection of personal information beyond standard consulting fees for Services you choose to purchase.
Sensitive authentication data such as passwords for any client portal are stored using one-way hashing where technically feasible.
If we become subject to a regulatory inquiry regarding privacy practices, we may preserve relevant records beyond standard retention periods as required.
You may request a list of categories of personal information we collected in the prior twelve months where state law requires such disclosure in a portable format.
We will not require you to create an account to submit a privacy rights request, though verification may require confirming control of an email address on file.
Our marketing lists are scrubbed against suppression files after unsubscribe and upon periodic list hygiene exercises.
If you believe your information was compromised due to our systems, notify us promptly so we can investigate and take remedial steps required by law.
We may process personal information to establish, exercise, or defend legal claims in court or arbitration, including sharing information with attorneys and experts bound by confidentiality obligations.
When you click links in our emails or on the Site, you may be directed to third-party pages that set their own cookies; review those sites' policies before submitting information.
We maintain administrative records of consent, including timestamps and versions of policies accepted, where our systems capture such events for marketing subscriptions or optional features.
If you are an authorized agent submitting a privacy request on behalf of a consumer, we may require proof of authorization and verification of the consumer's identity consistent with state regulations.
We do not use facial recognition or biometric identifiers in connection with the Site or standard consulting Services unless we explicitly introduce such technology in the future with updated disclosures.
Backups of Site databases may retain deleted information for a limited period until backup cycles rotate; we apply deletion instructions to active systems promptly upon verified requests where exceptions do not apply.
Aggregated demographic information about Site visitors, such as general geographic distribution by state, may be derived from IP addresses and used to tailor educational content without identifying households.
If we introduce new data collection on the Site, such as live chat or client portals, we will update this Policy and provide notice at collection describing categories, purposes, and retention.
You may lodge a complaint with your state attorney general regarding privacy practices; we encourage you to contact us first so we can attempt to resolve concerns directly.
Contractors who perform work for us under non-disclosure agreements may access personal information only on a need-to-know basis and must return or destroy data when engagements end, subject to legal retention requirements.
We do not intentionally collect information from residents of the European Economic Area for targeted marketing; if you are in the EEA and contact us, we will process data only as necessary to respond and in accordance with applicable law.
Payment card information entered on checkout pages, if offered, is processed by PCI-compliant payment processors; we do not store full card numbers on our servers.
Survey responses you voluntarily complete may be used to improve Services and may be quoted in aggregate in marketing materials without identifying you unless you grant separate permission.
We may link your inquiry history across forms submitted with the same email address to provide continuity if you return for additional consulting on a related topic.