Privacy Policy Guidance for Enova SMB (ISO) Partners - 2023

Legal Disclaimer & Purpose of this Document

This document does not constitute legal advice of any kind, nor does it stipulate or offer exact wording for the privacy policies of Enova's partners.

The document is intended to clarify the expectations Enova has for its partners in terms of privacy disclosures and compliance with privacy regulations. It is also intended to offer resources for further reference and information about privacy policy best practice.

Enova Partnership Requirement

Enova is a publicly traded company with security and transparency obligations to our customers, employees, and shareholders as well as regulatory requirements to comply with.

One way we fulfill these is to draft our own privacy policies in accordance with applicable regulations and make them readily available to those whose information we collect.

Another way is by selecting third party partners who share our commitment to security, transparency, and compliance.

Potential Enova partners must have a privacy policy that accurately describes their data collection and usage practices and may not verbatim copy any of Enova’s or its subsidiaries’ and/or affiliates’ privacy policies. The remainder of this document will explain and clarify what Enova looks for when evaluating a partner's privacy policy.

Enova Partner Requirements Regarding Privacy

Applicable to all partners


Each partner must have a Privacy Policy explaining their information collection activities and practices to potential customers.


Each partner must have a Privacy Policy explaining their information collection activities and practices to potential customers.


Privacy Policy must be readily available and easily visible to site visitors on the main website.


'Privacy Policy' website footer that hyperlinks to a webpage with your privacy policy content.

Tab in settings menu stating 'Privacy Policy' and hyperlinking to a webpage with your privacy policy content.

Privacy Policy should be visible before a site visitor enters any information into a web form and available to them to review at any time (i.e. not just when applying).


Privacy Policy content must include:


The name of your business


Date of most recent privacy policy update


Effective as of Jan 1 2023, last updated Jan 20 2023s


What information you collect


Provide a list of the information you collect from merchants, such as name, address, email, date of birth, Social Security Number, bank statements, photo IDs, etc. as applicable


How and why you use the information you collect


Whether you share information with any other entities, and if so, for what purpose (i.e. why do you share this info?)


How you keep the information you collect safe and secure


Whether your site uses cookie or other tracking tools, and if so how those can be opted out of


What rights a consumer has over the information they provide to you, and how they can request these rights


Is it possible to opt out of marketing? Can someone make a request to access, delete, or update information that you've collected about them, and if so, how?

Applicable to partners who interact with California-based merchants

Partners who interact with the information of California residents must have all of the above as well as additional measures in order to comply with the California Consumer Privacy Act of 2018, the California Privacy Rights Act of 2020, and its regulations (collectively, the “CCPA”).


Privacy Policy must be updated every 12 months


Privacy Policy link must be 'conspicuously' placed on your website's main page


Privacy Policy content must include:


Categories of Personal Information You Collect


Categories of Sources You Collect Information From


Your Purposes for Collecting Personal Information


Personal Information You've Sold, Shared, or Disclosed (in the Past 12 Months) and Categories of Recipients

The CCPA interpretation of 'selling' or 'sharing' information includes certain third party website activities like cookies, retargeting ads, etc.

How Long You Keep the Personal Information You Collect


List of Rights California Residents Have Under CCPA


How California Residents Can Request Their CCPA Rights Regarding Information You Have About Them or Authorize Another Person to Request on Their Behalf