google-site-verification=tO-bTqeMtiybBF-DENE_9z57O6CdjgmrE3Bkwh_ClWQ Privacy Policy | StoneEagle
top of page

StoneEagle
Privacy Policy

Published: May 19, 2026

Overview and Scope

Thank you for visiting StoneEagle F&I, Inc. (“StoneEagle,” “Company,” “we,” “our,” or “us”). This Privacy Policy describes our privacy practices for: (a) visitors to www.se-fi.com (collectively, the “Websites”); and (b) individuals whose personal information we receive in connection with our software services provided to automobile dealerships, third-party administrators, general agents, and OEMs (“Business Services”).

Section I of this Policy covers our marketing Websites. Section II covers our Business Services and nonpublic personal financial information. Section III covers your state-specific privacy rights.

By accessing or using the Websites, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Websites. If you are accessing these Websites from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By continuing to use the Websites, you expressly consent to such transfer and processing.

 

We will notify you of material changes to this Policy by updating the “Last Modified” date above. For significant changes, we may, at our discretion, provide additional notice such as a banner on the Websites or an email to registered users. Your continued use of the Websites following such posting constitutes your acceptance of the updated Policy.

​​

Section I – Website Privacy Practices

 

1. Information We Collect on the Websites

A. Information You Provide
When you use our Websites (including contact forms, demo requests, support case submissions, blog comments, and newsletter sign-ups), you may provide:

  • Name, company name, job title

  • Business and personal email addresses

  • Phone numbers

  • Mailing or billing addresses

  • Messages, feedback, or support requests

  • Any other information you choose to include

B. Information Collected Automatically

When you visit our Websites, our systems and third-party tools automatically collect:

  • Internet Protocol (IP) address

  • Browser type and version, operating system, device type

  • Pages visited, time spent, referring URL, clickstream data

  • Cookie identifiers and similar tracking technologies

  • Approximate geolocation (country, region) derived from IP address

​​

2. Cookies and Tracking Technologies

We use the following tracking technologies on our Websites:

A. Cookies

Cookies are small text files placed on your device. We use:

  • Essential/functional cookies: necessary for the Website to operate (e.g., session management, login state)

  • Analytics cookies: to understand how visitors use the Website (see Google Analytics and Pendo below)

  • Advertising/targeting cookies: placed by third-party advertising networks to serve relevant advertisements based on inferred interests including demographic information such as age and gender

You may configure your browser to refuse cookies or alert you when cookies are set. Disabling cookies may limit some Website functionality. You may also opt out of interest-based advertising through industry tools such as the Digital Advertising Alliance opt-out at www.aboutads.info or the Network Advertising Initiative at www.networkadvertising.org.

B. Web Beacons / Clear GIFs / Pixel Tags

Certain pages on our Websites may contain small image files (web beacons) that allow us to count page visits, verify site integrity, and measure the effectiveness of email communications.

C. Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) browser signals as a valid opt-out of the sale or sharing of personal information for cross-context behavioral advertising, as required under the California Privacy Rights Act. If your browser transmits a GPC signal, we will treat it as a request to opt out of sharing your personal information for targeted advertising purposes.

​​​​

3. Third-Party Service Providers on the Websites

We have engaged the following third-party service providers in connection with Website operations. Each is bound by contractual obligations governing their use of personal information:

 

A. Wix.com

Our Websites are hosted and served through Wix.com Ltd. (“Wix”), a cloud-based website development and hosting platform. Wix collects and processes Website visitor data (including IP addresses, device data, and session information) as a data processor on our behalf, subject to Wix’s Data Processing Addendum and Privacy Policy (available at wix.com/about/privacy).

B. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to collect information about how users access and use the Websites. Google Analytics uses cookies and similar technologies to collect data such as pages viewed, time on site, traffic sources, and demographic information. Google may transfer data to servers located in the United States and other countries. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On available at tools.google.com/dlpage/gaoptout. For more information, see Google’s Privacy & Terms at policies.google.com.

C. Pendo

We use Pendo, a product analytics and user engagement platform provided by Pendo.io, Inc. (“Pendo”), on our web-based platforms. Pendo collects information about how users navigate and interact with our software interfaces, including pages and features visited, click patterns, session duration, and in-application behavior. This information is used to improve product usability, prioritize feature development, and deliver in-application guidance. Pendo may use cookies and similar technologies in connection with data collection. For more information, see Pendo’s Privacy Policy at www.pendo.io/legal/privacy-policy.

D. Third-Party Advertising Networks

We may work with third-party online advertising companies that collect information about your browsing activity on our Websites and elsewhere to serve targeted advertisements. These companies may use cookies, web beacons, and similar technologies to collect data. As described in Section III, California residents may opt out of sharing for cross-context behavioral advertising. Others may use the Digital Advertising Alliance opt-out tools referenced above.

​​​​

4. How We Use Website Information

We use the information collected through the Websites to:

  • Operate, maintain, improve, and secure the Websites

  • Respond to your inquiries, demo requests, and support tickets

  • Send marketing communications (where you have consented or where permitted by law)

  • Analyze usage patterns and optimize user experience

  • Deliver relevant advertising and measure advertising effectiveness

  • Comply with legal obligations

  • Enforce our Terms of Use and protect the rights and safety of the Company and others

5. Disclosure of Website Information

We may disclose information collected through the Websites to:

  • Our subsidiaries and affiliated entities, including Pencilwrench LLC

  • Service providers listed in Section I(3) above, and others we engage to support Website operations, bound by confidentiality obligations

  • A successor entity in connection with a merger, acquisition, reorganization, sale, or transfer of assets

  • Law enforcement, regulators, or courts as required by applicable law, legal process, or to protect our legal rights

  • Any party with your consent

We do not sell your personal information to third parties for monetary consideration for their own marketing purposes. For information about third-party advertising cookies that may constitute "sharing" under applicable state law, please see Section III.​

6. Data Retention — Website Data

We retain personal information collected through the Websites for as long as reasonably necessary to fulfill the purposes described in this Policy, to comply with applicable legal obligations, to resolve disputes, and to enforce our agreements. Typical retention periods are as follows:

  • Contact and lead form data: as required or until you request deletion, subject to applicable legal and regulatory retention requirements

  • Google Analytics data: governed by our Google Analytics data retention settings (default 26 months)

  • Pendo session data: as configured in our Pendo account (generally up to 24 months)

  • Cookie data: varies by cookie type; session cookies expire when you close your browser; persistent cookies expire per the applicable retention period set at deployment

​​

Section II — Business Services: Nonpublic Personal Financial Information

​​

7. Overview of Business Services Data

StoneEagle F&I operates as a software service provider to automobile dealerships, third-party administrators of vehicle service contracts, aftermarket and ancillary product providers, general agents, and OEMs. Our primary software platforms include retail reporting tools for sales, F&I and fixed operations, menu presentation tools, and administration systems that manage the lifecycle of vehicle service contracts and related products.

As a service provider, we receive nonpublic personal financial information (“NPFI”) delivered to us by dealership management systems, menu presentation systems, and administration systems. This Section describes our practices with respect to that information.

​​​

8. Types of Personal Information Collected in Business Services

The types of personal information we receive depend on the specific product or service.​​

9. How We Receive Business Services Information

We receive personal information through connection to our software.

​​​

10. How We Use Business Services Information

The information we collect in connection with Business Services is used:

  • To provide our software platforms and associated services.

  • To comply with applicable federal and state law

 

11. Data Security — Business Services

To protect nonpublic personal financial information from unauthorized access and use, we employ security measures that comply with applicable federal law, including the Gramm-Leach-Bliley Act (“GLBA”) and the Federal Trade Commission’s Safeguards Rule (16 C.F.R. Part 314, as amended effective June 2023). Our security program includes:

  • Designation of a qualified individual responsible for overseeing our information security program

  • Risk assessments to identify reasonably foreseeable internal and external risks to the security of customer information

  • Technical, administrative, and physical safeguards, including computer safeguards, secured files and facilities, access controls, and encryption of sensitive data in transit and at rest

  • Oversight of third-party service providers through contractual requirements and periodic assessments

  • An incident response plan for addressing security events

 

No security system is impenetrable. While we take commercially reasonable steps to protect the information in our care, we cannot provide an absolute guarantee of the security of our databases, nor can we guarantee that information you transmit to us over the internet will not be intercepted in transit. When transmitting sensitive financial information, we use Transport Layer Security (TLS) or equivalent encryption.​

12. Data Retention — Business Services

We retain nonpublic personal financial information for as long as necessary to fulfill our contractual obligations to dealerships and administrators, to support vehicle service contract lifecycle management, and to comply with applicable legal and regulatory retention requirements.​

​​

Section III — State Privacy Rights

13. California Residents — CCPA / CPRA

A. Categories of Personal Information Collected

For California residents, we collect the following categories of personal information as defined under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”):

  • Identifiers: name, postal address, email address, IP address, phone number

  • Personal records: loan number, customer account number, financial transaction information

  • Protected classifications: age/date of birth, gender

  • Commercial information: vehicle purchase, financing, and service transaction data

  • Internet/network activity: browsing history on our Websites, interaction with Website features

  • Inferences: information derived from the above to create a consumer profile for advertising purposes (Website visitors only)

B. Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in Sections I(4), I(5), II(10), and II(11) of this Policy.

 

C. Do Not Sell or Share My Personal Information

StoneEagle does not sell personal information to third parties for monetary consideration. However, certain third-party advertising cookies on our Websites may constitute “sharing” of personal information for cross-context behavioral advertising under the CPRA. California residents have the right to opt out of such sharing.

To opt out of the sale or sharing of your personal information for targeted advertising, you may:

  • Email us at legal@se-fi.com with the subject line “California Opt-Out – Do Not Sell or Share”

  • Use a Global Privacy Control (GPC)-enabled browser, which we will honor as described in Section I(2)(C)

  • Use the Digital Advertising Alliance opt-out tool at www.aboutads.info

D. California Consumer Rights

Subject to certain exceptions, California residents have the following rights:

  • Right to Know/Access: Up to twice per year, you may request that we disclose the categories and specific pieces of personal information we have collected about you in the prior 12 months, the categories of sources, the business or commercial purpose, and the categories of third parties with whom we share it.

  • Right to Delete: You may request deletion of personal information we have collected from you, subject to applicable exceptions (e.g., information needed to complete a transaction, comply with law, or detect security incidents).

  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.

  • Right to Opt Out of Sale or Sharing: As described in Section III(13)(C) above.

  • Right to Limit Use of Sensitive Personal Information: Where we collect sensitive personal information (as defined under CPRA), you may request that we limit its use to purposes permitted by law.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

 

To submit a California privacy rights request, please email legal@se-fi.com or call (855) 937-8729. We will respond within 45 days of receipt of a verifiable consumer request (extendable by an additional 45 days when reasonably necessary with prior notice).

E. Global Privacy Control

We recognize and process GPC signals received from your browser as a valid opt-out of sale or sharing of personal information for cross-context behavioral advertising, consistent with CPRA regulations.

F. “Shine the Light” Law

California Civil Code § 1798.83 permits California residents to request information about personal information shared with third parties for their direct marketing purposes during the prior calendar year. To submit such a request, contact us at legal@se-fi.com.​

 

​14. Texas Residents — Texas Data Privacy and Security Act (TDPSA)

Effective July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) provides Texas residents with certain rights regarding their personal data. Subject to applicable exceptions, Texas residents have the right to:

  • Confirm whether we process their personal data and access that data

  • Correct inaccuracies in their personal data

  • Delete personal data provided by or obtained about the consumer

  • Obtain a portable copy of their personal data in a readily usable format

  • Opt out of the processing of personal data for purposes of: (i) targeted advertising; (ii) sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects

 

To exercise your rights under the TDPSA, please email legal@se-fi.com with the subject line “Texas Privacy Rights Request.” We will respond within 45 days of receipt of your request (extendable by 45 days with notice). If we decline your request, you may appeal by contacting us at the same address with the subject line “Texas Privacy Rights Appeal.”​

15. Colorado, Connecticut, Virginia, and Utah Residents

Residents of Colorado, Connecticut, Virginia, and Utah have the right to:

  • Confirm whether we process their personal data and access that data

  • Delete certain personal data

  • Obtain a portable copy of personal data in a usable format

  • Opt out of personal data processing for purposes of targeted advertising, sale of personal data, or profiling

 

Colorado, Connecticut, and Virginia residents also have the right to correct inaccurate personal data and to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise these rights, please contact us at legal@se-fi.com. We will respond within the timeframe required by your state’s applicable law.

16. Other State Residents

Additional state privacy laws may apply to residents of other states in which we operate. We are committed to complying with applicable privacy law and will respond to verified privacy requests submitted to legal@se-fi.com consistent with our legal obligations under the laws of the requestor’s state of residence.

Section IV — General Provisions

17. Links to Third-Party Websites

​Our Websites may contain links to third-party websites, including social media platforms (LinkedIn, Facebook/Meta, X (formerly Twitter), Instagram) and other resources. These third-party websites have their own independent privacy policies and practices, which are not covered by this Privacy Policy. We are not responsible or liable for their policies or practices. Please review the privacy policies of any third-party websites you visit.

18. Children’s Privacy

Our Websites are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided personal information to us, please contact us at legal@se-fi.com so that we may delete it. California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Section III(13) for more information.

 

19. Data Security

We use commercially reasonable technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, use, and disclosure. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of any personal information you transmit to us, and we shall not be liable for any unauthorized access, use, or disclosure of personal information that occurs despite our commercially reasonable security measures.

20. Contact Information and Requests

To exercise any privacy rights described in this Policy, or to ask questions or submit concerns about our privacy practices, please contact us at:

 

StoneEagle F&I, Inc.

Attn: Legal Department — Privacy

3400 N. Central Expy, Suite 110

Richardson, Texas 75080

legal@se-fi.com

Tel: (855) 937-8729

Requests submitted by email should include “Privacy Request” in the subject line and specify the nature of your request and the state in which you reside. We may need to verify your identity before processing your request.

bottom of page