Effective Date: March 1, 2026 | Last Revised: March 2026

1. Scope of Services

1.1 General Description

DebtPro provides a comprehensive suite of financial services including, but not limited to: (a) debt portfolio acquisition and disposition; (b) debt brokering and advisory services; (c) commercial credit reporting and data furnishing to major credit bureaus; (d) portfolio valuation and due diligence consulting; (e) receivables management services; and (f) commercial credit facility origination and account maintenance. These services are collectively referred to as the "Services."

1.2 Debt Buying and Selling

The Company acts as a principal buyer and seller of distressed, charged-off, and performing debt portfolios. We facilitate transactions involving consumer receivables, commercial receivables, medical debt, auto deficiency balances, credit card charge-offs, telecommunications debt, utility receivables, and other categories of financial obligations. All portfolio transactions are conducted in compliance with applicable federal and state regulations, including the Fair Debt Collection Practices Act (15 U.S.C. Section 1692 et seq.), the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.), and applicable state licensing requirements.

1.3 Data Furnishing and Credit Reporting

DebtPro operates as a data furnisher to national consumer reporting agencies and commercial credit bureaus, including but not limited to Dun & Bradstreet, Experian Business, and Equifax Business. Our data furnishing services include the reporting of commercial trade experiences, payment histories, account statuses, and related financial data in compliance with the Fair Credit Reporting Act and the Metro 2 reporting format established by the Consumer Data Industry Association (CDIA). Clients who utilize our data furnishing services are subject to the separate Data Furnishing Agreement contained within this Legal Center.

1.4 Brokering and Transaction Services

We provide intermediary services connecting debt sellers with qualified buyers. Our transaction coordination services ensure secure transfer of funds and portfolio documentation between parties. All client funds are held in segregated accounts at FDIC-insured financial institutions pending settlement conditions.

2. Eligibility

2.1 General Eligibility

To use our Services, you must: (a) be at least eighteen (18) years of age; (b) be a legally formed business entity in good standing within your state of formation, or a natural person operating a lawful sole proprietorship; (c) possess all licenses, permits, and registrations required by federal, state, and local law to engage in debt purchasing, collection, or related financial services; and (d) not be subject to any sanctions, enforcement actions, or consent orders from any federal or state regulatory agency that would prohibit your participation in the Services.

2.2 Verification

The Company reserves the right to verify your eligibility at any time, including but not limited to requesting copies of state collection agency licenses, surety bonds, proof of errors and omissions insurance, organizational documents, and identification of beneficial owners. Failure to provide requested verification materials within ten (10) business days may result in suspension or termination of your account.

3. Account Registration and Responsibilities

3.1 Account Creation

You agree to provide accurate, current, and complete information during the registration process and to update such information as necessary to maintain its accuracy. Each account must represent a single legal entity or natural person. The creation of multiple accounts for the same entity without prior written authorization is prohibited.

3.2 Account Security

You are solely responsible for maintaining the confidentiality of your account credentials, including your username, password, API keys, and any multi-factor authentication tokens. You agree to notify the Company immediately upon becoming aware of any unauthorized access to or use of your account. The Company shall not be liable for any loss or damage arising from your failure to secure your account credentials.

3.3 Authorized Users

If you designate additional authorized users on your account, you are fully responsible for their actions and any obligations they incur on your behalf. You must ensure that each authorized user has reviewed and agreed to these Terms of Service before being granted access.

4. Service Fees and Payment Terms

4.1 Fee Schedule

Service fees are set forth in the applicable service agreement, order form, or fee schedule provided to you at or before the time of engagement. The Company reserves the right to modify its fee schedule upon thirty (30) days' written notice. Continued use of Services after the effective date of a fee change constitutes acceptance of the revised fees.

4.2 Payment Terms

Unless otherwise specified in writing, all invoices are due and payable within thirty (30) days of the invoice date. Payments must be made by ACH transfer, wire transfer, or such other methods as the Company may designate. Late payments shall accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law. You are responsible for all costs of collection, including reasonable attorneys' fees, incurred by the Company in collecting past-due amounts.

4.3 Taxes

All fees are exclusive of taxes. You are responsible for payment of all applicable sales, use, excise, value-added, and other taxes, fees, and duties imposed by any governmental authority with respect to the Services, other than taxes based on the Company's net income.

5. Intellectual Property

5.1 Company Property

All content, software, algorithms, data models, trade names, trademarks, service marks, logos, proprietary methodologies, scoring models, and analytical tools used in connection with the Services ("Company IP") are and shall remain the exclusive property of the Company or its licensors. Nothing in this Agreement grants you any right, title, or interest in the Company IP except as expressly stated herein.

5.2 License Grant

Subject to your compliance with this Agreement, the Company grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services solely for your internal business purposes. This license does not include the right to sublicense, resell, distribute, or create derivative works from any component of the Services.

5.3 Feedback

Any suggestions, ideas, enhancement requests, or feedback you provide regarding the Services ("Feedback") shall be the exclusive property of the Company. You hereby assign to the Company all right, title, and interest in any such Feedback without obligation of compensation or attribution.

6. Limitation of Liability

6.1 Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. THE COMPANY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THE COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS.

6.2 Limitation

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE COMPANY, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, BUSINESS OPPORTUNITIES, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE COMPANY'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO THE COMPANY DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

7. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to: (a) your use of the Services; (b) your breach of this Agreement; (c) your violation of any applicable law, regulation, or third-party right; (d) any data you submit, furnish, or transmit through the Services; or (e) any dispute between you and a third party arising from transactions facilitated through the Services. This indemnification obligation shall survive termination of this Agreement.

8. Termination

8.1 Termination by Either Party

Either party may terminate this Agreement upon thirty (30) days' written notice to the other party. The Company may terminate this Agreement immediately and without notice if: (a) you breach any material term of this Agreement; (b) you become subject to bankruptcy, insolvency, or receivership proceedings; (c) your continued use of the Services would violate applicable law; or (d) you fail to pay any amounts due within fifteen (15) days after receiving notice of delinquency.

8.2 Effect of Termination

Upon termination: (a) your access to the Services will be revoked; (b) all outstanding fees become immediately due and payable; (c) you must cease using any Company IP; and (d) each party shall return or destroy the other party's confidential information within thirty (30) days. Sections 5 through 11 shall survive termination of this Agreement.

9. Force Majeure

Neither party shall be liable for any failure or delay in performance under this Agreement due to causes beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, epidemics, war, terrorism, riots, civil unrest, government actions or restrictions, power failures, internet or telecommunications outages, cyberattacks, fire, flood, earthquake, labor disputes, or supply chain disruptions. The affected party shall provide prompt notice of the force majeure event and use commercially reasonable efforts to resume performance as soon as practicable.

10. Severability

If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such finding shall not affect the validity of the remaining provisions, which shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the original intent of the parties.

11. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws principles. Any legal action or proceeding arising under this Agreement shall be brought exclusively in the state or federal courts located in Palm Beach County, Florida, and the parties hereby consent to the personal jurisdiction and venue of such courts. Notwithstanding the foregoing, the Company may seek injunctive or equitable relief in any court of competent jurisdiction.

12. Entire Agreement

This Agreement, together with all order forms, service agreements, policies, and addenda referenced herein or executed between the parties, constitutes the entire agreement between you and the Company with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, whether written or oral. No amendment to this Agreement shall be binding unless executed in writing by both parties or, in the case of modifications by the Company, posted to the Legal Center with appropriate notice.

13. Contact Information

For questions regarding these Terms of Service, contact us at: DebtPro, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Website Access and Usage

1.1 Grant of Access

Subject to your compliance with these Terms, DebtPro grants you a limited, non-exclusive, non-transferable, revocable right to access and use the Website for lawful purposes related to debt buying, selling, data furnishing, or other services offered by the Company. This right does not include the right to access any password-protected areas without valid credentials, to scrape or harvest data from the Website, or to use the Website in a manner that interferes with its intended operation.

1.2 Availability

The Company does not guarantee that the Website will be available at all times or without interruption. We may suspend, restrict, or terminate access to the Website at any time, with or without notice, for maintenance, upgrades, security concerns, or any other reason at our sole discretion. We are not liable for any loss or inconvenience caused by Website unavailability.

1.3 Accuracy of Information

While we make commercially reasonable efforts to ensure the accuracy of information presented on the Website, we do not warrant that all content is complete, current, or error-free. Information on the Website is provided for general informational purposes and does not constitute legal, financial, tax, or professional advice. You should consult qualified professionals before making business decisions based on information found on this Website.

2. Prohibited Activities

When using the Website, you agree not to:

• Use the Website for any unlawful purpose or in violation of any applicable federal, state, or local law or regulation
• Attempt to gain unauthorized access to any portion of the Website, other accounts, computer systems, or networks connected to the Website through hacking, password mining, or any other means
• Use any automated device, program, script, robot, spider, scraper, or other means to access the Website for any purpose, including monitoring or copying any content
• Introduce viruses, trojans, worms, logic bombs, ransomware, or other material that is malicious or technologically harmful
• Interfere with or disrupt the integrity or performance of the Website, its servers, or connected networks
• Impersonate any person or entity, or falsely state or misrepresent your affiliation with any person or entity
• Engage in any activity that could damage, disable, overburden, or impair the Website's infrastructure
• Harvest, collect, or store personal data about other users without their express consent
• Use the Website to transmit unsolicited commercial communications (spam) or to distribute chain letters, pyramid schemes, or similar content
• Reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of any software used on the Website
• Remove, alter, or obscure any copyright, trademark, or other proprietary notice displayed on the Website
• Use the Website in any manner that could create liability for or cause the Company to lose the services of its internet service providers, hosting providers, or other technology partners

3. User-Generated Content

3.1 Submissions

Certain features of the Website may allow you to submit, upload, or transmit content including text, data files, documents, and communications ("User Content"). You retain ownership of your User Content, but you grant the Company a non-exclusive, worldwide, royalty-free, perpetual, irrevocable license to use, reproduce, modify, adapt, publish, display, and distribute your User Content solely in connection with operating and providing the Services.

3.2 Responsibility

You are solely responsible for all User Content that you submit through the Website. You represent and warrant that: (a) you own or have obtained all necessary rights, licenses, and permissions for the User Content; (b) the User Content does not infringe on any third party's intellectual property or privacy rights; (c) the User Content does not contain any unlawful, defamatory, obscene, or otherwise objectionable material; and (d) the User Content complies with all applicable laws and regulations, including data privacy laws.

3.3 Removal

The Company reserves the right, but has no obligation, to monitor, review, or remove User Content at any time and for any reason, including content that the Company determines, in its sole discretion, violates these Terms or is otherwise objectionable.

4. Links to Third-Party Sites

The Website may contain links to third-party websites, applications, or services ("Third-Party Sites") that are not owned or controlled by the Company. The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any Third-Party Sites. The inclusion of a link does not imply endorsement by the Company. You access Third-Party Sites at your own risk, and you should review the terms and policies of those sites before engaging with them. The Company shall not be liable for any damage or loss caused or alleged to be caused by or in connection with your use of any Third-Party Site.

5. Disclaimers

5.1 No Professional Advice

Nothing on this Website constitutes legal, financial, tax, accounting, or other professional advice. The content is provided for general informational purposes only. Any reliance you place on information found on this Website is strictly at your own risk. Before acting on any information obtained from this Website, you should seek the advice of a qualified professional.

5.2 No Guarantee of Results

The Company makes no guarantees regarding the outcome of any transaction, the performance of any debt portfolio, the accuracy of any valuation, or the results of any data furnishing activity. Past performance data or case studies displayed on the Website are not indicative of future results.

5.3 Warranty Disclaimer

THE WEBSITE AND ALL CONTENT THEREIN ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, THE COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

6. DMCA Compliance

6.1 Copyright Policy

The Company respects the intellectual property rights of others and expects users of the Website to do the same. We comply with the Digital Millennium Copyright Act of 1998 (17 U.S.C. Section 512) ("DMCA") and respond to notices of alleged copyright infringement that comply with the DMCA and any other applicable laws.

6.2 Filing a Notice

If you believe that your copyrighted work has been copied and is accessible on the Website in a way that constitutes copyright infringement, please provide the following information to our Designated DMCA Agent: (a) a physical or electronic signature of the copyright owner or a person authorized to act on their behalf; (b) identification of the copyrighted work claimed to have been infringed; (c) identification of the material claimed to be infringing, with sufficient detail to allow us to locate it; (d) your contact information, including address, telephone number, and email; (e) a statement that you have a good faith belief that the use is not authorized by the copyright owner, its agent, or the law; and (f) a statement, under penalty of perjury, that the information in the notification is accurate and that you are the copyright owner or authorized to act on the owner's behalf.

6.3 DMCA Agent

DMCA notices should be sent to: DebtPro Legal Department, Email: support@debtpro.us, Subject Line: "DMCA Takedown Notice."

7. Modifications to Terms

The Company reserves the right to modify these Terms at any time. When we make changes, we will update the "Last Revised" date at the top of these Terms and, where appropriate, provide additional notice through the Website or via email. Your continued use of the Website after the effective date of any modifications constitutes your acceptance of the updated Terms. If you do not agree with any modification, your sole remedy is to discontinue use of the Website.

8. Electronic Communications Consent

By using the Website or providing your contact information, you consent to receive electronic communications from the Company, including but not limited to emails, notifications, alerts, and other messages related to the Services. You agree that all agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. You may withdraw your consent to receive marketing communications at any time by using the unsubscribe mechanism in our emails or by contacting us at support@debtpro.us. Withdrawal of consent for marketing communications does not affect our ability to send you transactional or service-related communications.

9. Contact

Questions about these Terms of Use should be directed to: DebtPro, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Information We Collect

1.1 Personal Information

We may collect the following categories of personal information directly from you or through your use of our Services:

• Identifiers: Full name, alias, postal address, email address, telephone number, Social Security Number (for KYC/AML purposes only), Tax Identification Number (EIN), driver's license number, and passport number
• Commercial Information: Records of transactions, portfolio purchase and sale history, payment records, account balances, and service utilization history
• Financial Information: Bank account numbers, routing numbers, payment card details (processed through PCI-DSS compliant processors), credit history, and financial statements submitted in connection with eligibility verification
• Professional Information: Business name, entity type, state of formation, licensing information, surety bond details, and professional affiliations
• Internet and Network Activity: Browsing history on our Website, search history, IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, and interaction data
• Geolocation Data: Approximate geographic location derived from your IP address
• Communications: Content of emails, chat messages, phone calls (when recorded with consent), and other communications with our staff

1.2 Information from Third Parties

We may obtain information about you from third-party sources, including: (a) credit reporting agencies, for identity verification and fraud prevention; (b) government databases, for licensing verification and OFAC screening; (c) business data providers, for business verification and due diligence; (d) referral partners, when you are referred to our Services; and (e) publicly available sources, including state corporate registries, court records, and professional licensing databases.

1.3 Automatically Collected Information

When you visit our Website, we automatically collect certain information through cookies, web beacons, pixels, log files, and similar technologies. This includes your IP address, browser type and version, device type, operating system, referral source, length of visit, page views, navigation paths, and the date and time of your visit. For additional details on our use of tracking technologies, see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services, process transactions, manage your account, and respond to your requests and inquiries
• Identity Verification: To verify your identity in accordance with our Know Your Customer (KYC) obligations and to prevent fraud, money laundering, and other financial crimes
• Regulatory Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including the Fair Credit Reporting Act, the Bank Secrecy Act, the USA PATRIOT Act, and state licensing requirements
• Data Furnishing: To report commercial trade data and account information to credit bureaus on behalf of our data furnishing clients, in compliance with the FCRA and Metro 2 standards
• Communications: To send you transactional emails, service updates, billing notices, security alerts, and, with your consent, marketing communications about products and services that may interest you
• Analytics: To analyze usage patterns, monitor the effectiveness of our Website and marketing campaigns, and conduct research to improve our Services
• Security: To detect, investigate, and prevent security incidents, unauthorized access, and fraudulent activity
• Legal: To establish, exercise, or defend legal claims, and to enforce our Terms of Service and other agreements

3. Information Sharing and Disclosure

3.1 Service Providers

We share your information with third-party service providers who perform services on our behalf, including payment processors, cloud hosting providers, email service providers, analytics providers, customer support platforms, and identity verification services. These providers are contractually obligated to use your information only as necessary to perform services for us and to maintain appropriate security measures.

3.2 Credit Bureaus and Reporting Agencies

In connection with our data furnishing services, we report account information and trade data to national consumer reporting agencies and commercial credit bureaus, including Dun & Bradstreet, Experian, and Equifax. This reporting is performed in compliance with the FCRA (15 U.S.C. Section 1681 et seq.) and applicable state credit reporting laws.

3.3 Business Partners and Transaction Counterparties

When you engage in debt buying, selling, or brokering transactions through our platform, we may share information necessary to facilitate the transaction with the other party, including business entity information, licensing status, and transaction-related financial data. We share only the minimum information necessary for the transaction.

3.4 Legal Requirements

We may disclose your information when required to do so by law, regulation, legal process, or enforceable governmental request. This includes responding to subpoenas, court orders, regulatory inquiries, law enforcement requests, and other legal processes. We may also disclose information when we believe in good faith that disclosure is necessary to: (a) comply with the law; (b) protect the rights, property, or safety of the Company, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

3.6 With Your Consent

We may share your information with third parties when you provide explicit consent or direct us to do so.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Information: Retained for the duration of your account and for seven (7) years after account closure
• Transaction Records: Retained for a minimum of seven (7) years in compliance with applicable tax and financial record-keeping requirements
• BSA/AML Records: Retained for a minimum of five (5) years after the record is created, as required by the Bank Secrecy Act (31 U.S.C. Section 5311 et seq.)
• Data Furnishing Records: Retained for a minimum of five (5) years in compliance with FCRA requirements
• Marketing Data: Retained until you withdraw consent or for three (3) years after your last interaction with us, whichever occurs first
• Website Analytics: Retained in aggregate form for up to three (3) years

5. Your Rights

5.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy of that information in a structured, commonly used, and machine-readable format.

5.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information we maintain about you.

5.3 Deletion

You have the right to request the deletion of your personal information, subject to certain exceptions where retention is required by law or necessary for our legitimate business purposes.

5.4 Opt-Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. To exercise this right, contact us at support@debtpro.us or use the "Do Not Sell or Share My Personal Information" link on our Website.

5.5 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. However, if you request deletion of information necessary for us to provide the Services, we may be unable to continue providing those Services.

6. California Residents -- Your CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code Section 1798.100 et seq.) ("CCPA/CPRA"), provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected personal information, our business or commercial purposes for collecting or selling personal information, and the categories of third parties with whom we share personal information.
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale/Sharing: You may direct us not to sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to purposes necessary to provide the Services.

To exercise your CCPA/CPRA rights, submit a verifiable consumer request to us at support@debtpro.us or call (561) 254-6608. We will verify your identity before processing your request. We will respond to verifiable requests within forty-five (45) days, as required by law. You may designate an authorized agent to submit requests on your behalf by providing a signed written authorization or power of attorney.

7. Other State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws may have additional rights similar to those described above. We honor all applicable state privacy laws. To exercise your rights under any state privacy law, contact us at support@debtpro.us.

8. Children's Privacy

Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take prompt steps to delete such information. If you believe we have collected information from a child under 18, please contact us immediately at support@debtpro.us.

9. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, and destruction. These measures include encryption of data in transit using TLS 1.2 or higher, encryption of sensitive data at rest using AES-256, multi-factor authentication, role-based access controls, intrusion detection systems, regular vulnerability assessments, and employee security training. However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Our Services are operated from the United States. If you access our Services from outside the United States, your information may be transferred to, stored in, and processed in the United States. By using our Services, you consent to the transfer of your information to the United States, where data protection laws may differ from those of your jurisdiction. We take appropriate measures to ensure your information receives adequate protection in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Revised" date and provide notice through our Website or by email. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: DebtPro, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Purpose and Scope

1.1 Purpose

The purpose of this Data Furnishing Agreement is to establish the terms, obligations, and procedures by which the Company will furnish trade experience data, payment histories, account statuses, and related commercial credit information to national credit reporting agencies and business credit bureaus ("Bureaus") on behalf of the Client. The Company acts as an intermediary data furnisher, aggregating and transmitting Client data in the required format to the appropriate Bureaus.

1.2 Scope of Reporting

Data furnishing services under this DFA may include reporting to one or more of the following Bureaus: (a) Dun & Bradstreet (D&B); (b) Experian Business; (c) Equifax Business; and (d) such other credit reporting agencies as the parties may agree upon in writing. The specific Bureaus to which data will be furnished shall be identified in the Client's service order or onboarding documentation.

1.3 Types of Data

Data furnished under this DFA may include: trade account identifiers, account open dates, credit limits, high balances, current balances, payment amounts, payment due dates, payment history (30/60/90/120+ day delinquency patterns), account statuses, account types, terms of credit, and such other data fields as required by the applicable Bureau's reporting format.

2. Data Accuracy Obligations

2.1 FCRA Section 623 Compliance

The Client acknowledges that, as a person who furnishes information to consumer reporting agencies, both the Client and the Company have obligations under Section 623 of the Fair Credit Reporting Act (15 U.S.C. Section 1681s-2). These obligations include, but are not limited to: (a) the duty to provide accurate information; (b) the duty not to report information that the furnisher knows or has reasonable cause to believe is inaccurate; (c) the duty to correct and update information; and (d) the duty to provide notice of disputes.

2.2 Client Accuracy Warranty

The Client represents and warrants that all data submitted for furnishing is accurate, complete, and current as of the date of submission. The Client shall not submit data that it knows or has reasonable cause to believe is inaccurate. The Client shall promptly notify the Company of any errors or changes that require corrections to previously furnished data. Failure to maintain data accuracy may result in suspension or termination of data furnishing services.

2.3 Company Verification

The Company may, but is not obligated to, perform validation checks on data submitted by the Client before furnishing it to the Bureaus. Such checks may include format validation, consistency checks, and duplicate detection. However, the Company does not independently verify the factual accuracy of the underlying trade data and relies on the Client's representations regarding accuracy.

3. Monthly Reporting Obligations

3.1 Reporting Schedule

The Client shall submit data to the Company for furnishing on a monthly basis, no later than the fifth (5th) business day of each calendar month. Data submissions shall cover the reporting period of the immediately preceding calendar month. The Company shall process and transmit compliant data to the designated Bureaus within ten (10) business days of receipt.

3.2 Format Requirements

All data submissions must conform to the Metro 2 format as published by the Consumer Data Industry Association (CDIA), or such other format as may be required by the applicable Bureau. The Metro 2 format includes the Header Record, Base Segment, J1 Segment (associate information), J2 Segment (secondary associate), K1-K4 Segments (specialized data), L1 Segment (original creditor), N1 Segment (employment), and Trailer Record. The Company shall provide the Client with data submission templates and format specifications upon onboarding.

3.3 Late or Missing Submissions

If the Client fails to submit data by the monthly deadline, the Company shall use the most recent data on file for that reporting period. If data is not received for two (2) consecutive reporting periods, the Company may report the accounts as "no data available" or suspend reporting until submissions resume. The Company is not liable for any adverse effects on the Client's customers arising from late or missing data submissions.

4. Dispute Investigation Procedures

4.1 FCRA Section 611 Compliance

When a consumer or business entity disputes the accuracy or completeness of information furnished by the Company on behalf of the Client, the Company and Client shall comply with the dispute investigation requirements of FCRA Section 611 (15 U.S.C. Section 1681i) and Section 623(b) (15 U.S.C. Section 1681s-2(b)).

4.2 Dispute Notification

Upon receiving an Automated Consumer Dispute Verification ("ACDV") through the e-OSCAR system or a direct dispute from a consumer, the Company shall notify the Client within two (2) business days. The notification shall include the nature of the dispute, the account in question, and all relevant information provided by the Bureau or consumer.

4.3 Client Investigation

The Client shall conduct a reasonable investigation of the disputed information within ten (10) business days of receiving the Company's dispute notification. The Client shall review all relevant records and report its findings to the Company, including whether the disputed information should be: (a) verified as accurate; (b) modified; (c) deleted; or (d) reported as disputed by the consumer. The Client must provide its response in sufficient time for the Company to meet the thirty (30) day investigation deadline imposed by the FCRA.

4.4 e-OSCAR Compliance

The Company utilizes the e-OSCAR (Online Solution for Complete and Accurate Reporting) system for processing automated disputes received from the Bureaus. The Client authorizes the Company to respond to ACDV inquiries on its behalf based on the Client's investigation results. All e-OSCAR responses shall accurately reflect the Client's findings and comply with the Metro 2 response codes and guidelines.

5. Bureau Relationships

5.1 Furnisher Agreements

The Company maintains active data furnisher agreements with each Bureau to which it reports. These agreements impose specific obligations on the Company, including data quality standards, reporting timelines, dispute handling procedures, and information security requirements. The Client acknowledges that its use of the data furnishing services is subject to the terms of these Bureau agreements.

5.2 Bureau Audits

The Bureaus may conduct audits or reviews of the Company's data furnishing practices. If such an audit pertains to data furnished on behalf of the Client, the Client agrees to cooperate fully with the Company in responding to audit requests, including providing source documentation, records, and explanations as may be necessary.

6. Client Obligations and Representations

The Client represents, warrants, and covenants that:

• It has the legal right and authority to furnish the data submitted to the Company
• All data submitted represents genuine commercial transactions or credit relationships
• It will maintain complete and accurate records supporting all furnished data for a minimum of five (5) years
• It will comply with all applicable federal and state laws governing credit reporting, including the FCRA, the Equal Credit Opportunity Act (ECOA), and state credit reporting statutes
• It will not use the data furnishing services for any fraudulent, deceptive, or unlawful purpose
• It will promptly update or correct data when it learns of inaccuracies
• It will provide the Company with all information reasonably necessary to fulfill its data furnishing obligations
• It maintains appropriate written information security policies and safeguards for all data related to the furnishing services

7. Data Correction Procedures

7.1 Correction Requests

The Client may submit data correction requests to the Company at any time. Corrections must include the account identifier, the specific data field(s) to be corrected, the corrected value(s), and the reason for the correction. The Company shall process correction requests and furnish updated data to the applicable Bureau(s) within five (5) business days of receipt.

7.2 Bulk Corrections

If the Client identifies a systemic error affecting multiple accounts, it shall immediately notify the Company and provide a complete list of affected accounts and the necessary corrections. The Company shall process bulk corrections on an expedited basis and coordinate with the Bureau(s) to ensure timely updating of records.

8. Termination of Reporting

8.1 Cessation of Services

Upon termination of this DFA or the underlying service agreement, the Company shall cease furnishing new data on behalf of the Client within thirty (30) days of the effective termination date. The Company may, at its discretion, continue to report the final status of accounts for one additional reporting cycle to ensure orderly cessation.

8.2 Post-Termination Obligations

The Client's obligations regarding data accuracy, dispute cooperation, record retention, and indemnification shall survive termination of this DFA. The Company shall retain records of all data furnished on behalf of the Client for a minimum of five (5) years following termination, as required by the FCRA and Bureau agreements.

9. Indemnification

The Client shall indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) inaccurate, incomplete, or misleading data submitted by the Client; (b) the Client's failure to comply with the FCRA, ECOA, or other applicable laws; (c) the Client's failure to properly investigate and respond to disputes; (d) the Client's breach of this DFA; or (e) any third-party claim arising from the Client's data furnished through the Company.

10. Record Retention

Both parties shall maintain records related to data furnishing activities for a minimum of five (5) years from the date of the last report. Records to be retained include data submissions, dispute correspondence, investigation results, correction requests, Bureau communications, and all supporting source documentation. Records shall be maintained in a manner that allows for timely retrieval in response to regulatory inquiries, legal proceedings, or Bureau audits.

11. Contact

For questions regarding this Data Furnishing Agreement, contact: DebtPro Data Furnishing Department, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Administrative Safeguards

1.1 Information Security Program

The Company maintains a comprehensive written information security program ("ISP") that is reasonably designed to protect the security, confidentiality, and integrity of customer information. The ISP is overseen by a designated Information Security Officer who is responsible for coordinating and implementing the program. The ISP is reviewed and updated at least annually to address emerging threats, changes in business operations, and regulatory developments.

1.2 Risk Assessment

The Company conducts formal risk assessments at least annually to identify reasonably foreseeable internal and external threats to the security, confidentiality, and integrity of customer information. Risk assessments evaluate the likelihood and potential damage of identified threats, the sufficiency of existing safeguards, and the effectiveness of the overall security program. Results of risk assessments are documented and used to prioritize security improvements.

1.3 Access Controls

Access to customer information is restricted to authorized personnel on a need-to-know basis. The Company implements role-based access controls (RBAC) that assign permissions based on job function. Access privileges are reviewed quarterly and revoked promptly upon termination of employment or change of role. All access to sensitive systems requires unique user identification and multi-factor authentication.

1.4 Background Checks

All employees, contractors, and temporary personnel who have access to customer information are subject to background checks before being granted access. Background checks include criminal history, credit history (where permitted by law), and verification of employment history and professional references.

2. Technical Safeguards

2.1 Encryption

All customer information transmitted over public networks is encrypted using Transport Layer Security (TLS) version 1.2 or higher. Sensitive data at rest, including financial information, Social Security Numbers, and account credentials, is encrypted using the Advanced Encryption Standard (AES) with a minimum key length of 256 bits. Encryption keys are managed in accordance with industry best practices and rotated at least annually.

2.2 Network Security

The Company's network infrastructure is protected by enterprise-grade firewalls, intrusion detection and prevention systems (IDS/IPS), and network segmentation. Production systems processing customer information are isolated from general business systems. All network traffic is monitored in real time, and alerts are generated for anomalous activity.

2.3 Application Security

Applications that process customer information are developed using secure coding practices in accordance with the OWASP Top Ten. Applications undergo security testing, including static analysis (SAST), dynamic analysis (DAST), and penetration testing, before deployment and after significant changes. Vulnerabilities are remediated according to severity, with critical vulnerabilities addressed within twenty-four (24) hours of discovery.

2.4 Audit Trails

The Company maintains comprehensive audit logs that record access to customer information, system configuration changes, authentication events (successful and failed), data modifications, and administrative actions. Audit logs are protected against tampering, retained for a minimum of one (1) year, and reviewed regularly for indicators of unauthorized activity.

2.5 Endpoint Protection

All endpoints used to access customer information are equipped with anti-malware software, endpoint detection and response (EDR) tools, and automated patch management. Removable media storage is restricted and encrypted. Screen lock policies are enforced with a maximum idle time of fifteen (15) minutes.

3. Physical Safeguards

3.1 Facility Security

Physical access to facilities housing information systems that process customer information is restricted to authorized personnel through access control mechanisms such as key cards, biometric readers, and visitor management systems. All physical access events are logged. Visitors must be escorted at all times within secure areas.

3.2 Data Center Security

The Company's data processing infrastructure is hosted in data centers that maintain SOC 2 Type II certification or equivalent. Data center security controls include 24/7 on-site security personnel, video surveillance, redundant power supply, climate control, and fire suppression systems.

3.3 Media Disposal

Electronic media containing customer information are sanitized before disposal using NIST SP 800-88 compliant methods. Paper records containing customer information are cross-cut shredded. Disposal activities are documented and verified.

4. Incident Response

4.1 Incident Response Plan

The Company maintains a written incident response plan that defines procedures for detecting, containing, investigating, and remediating security incidents. The plan identifies an incident response team, establishes communication protocols, defines severity classifications, and outlines escalation procedures. The incident response plan is tested at least annually through tabletop exercises or simulations.

4.2 Incident Detection

The Company employs continuous monitoring tools, including security information and event management (SIEM) systems, to detect potential security incidents. Employees are trained to recognize and report suspected security incidents through an internal reporting mechanism.

4.3 Breach Notification

In the event of a security breach involving unauthorized access to or acquisition of customer information, the Company will provide notification in accordance with applicable state breach notification laws. As of March 2026, all fifty (50) states, the District of Columbia, and U.S. territories have enacted breach notification statutes with varying notification requirements, timelines, and content specifications. The Company will: (a) investigate the breach to determine the scope and nature of the compromised data; (b) contain the breach and remediate the vulnerability; (c) notify affected individuals within the timeframes required by applicable law (generally between thirty (30) and ninety (90) days); (d) notify applicable state attorneys general and regulatory agencies as required; and (e) provide identity theft protection services when appropriate.

5. Employee Training

All employees receive information security awareness training upon hire and at least annually thereafter. Training covers the Company's security policies and procedures, recognizing and reporting phishing and social engineering attacks, proper handling and disposal of customer information, password management best practices, and regulatory requirements applicable to the employee's role. Employees with access to sensitive systems or customer information receive additional role-specific training. Training completion is documented and tracked.

6. Third-Party Vendor Management

Before engaging a third-party service provider that will have access to customer information, the Company conducts a risk assessment of the provider's security practices. The Company requires service providers to: (a) maintain an information security program with safeguards appropriate to the sensitivity of the data; (b) agree to contractual terms that include data protection obligations, breach notification requirements, and audit rights; (c) provide evidence of compliance through SOC reports, certifications, or questionnaire responses; and (d) cooperate with the Company's monitoring and audit activities. Service provider compliance is reviewed at least annually.

7. Annual Security Assessments

The Company conducts annual independent security assessments, including penetration testing and vulnerability assessments, of systems that process customer information. Assessment results are documented, and identified vulnerabilities are remediated according to a risk-based prioritization schedule. The Company also conducts internal security reviews on a quarterly basis.

8. GLBA Compliance

As a financial institution under the Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.), the Company complies with the GLB Act's requirements regarding the protection of consumer financial information, including: (a) the Financial Privacy Rule (Regulation P), which requires providing privacy notices to customers; (b) the Safeguards Rule (16 C.F.R. Part 314), which requires maintaining an information security program; and (c) the Pretexting Rule, which prohibits the use of false pretenses to obtain customer financial information. The Company designates a qualified individual to oversee its information security program, as required by the updated FTC Safeguards Rule effective June 9, 2023.

9. Contact

For questions about this Data Protection and Security Policy, or to report a security concern, contact: DebtPro Information Security, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. FDCPA Compliance Statement

1.1 Commitment to Compliance

DebtPro recognizes the rights of consumers under the FDCPA and is committed to conducting all collection-related activities in strict compliance with federal and state consumer protection laws. The Company prohibits any conduct that would violate the FDCPA, including but not limited to harassment, false or misleading representations, unfair practices, and failure to provide required disclosures.

1.2 Regulatory Framework

The Company's collection practices are governed by the FDCPA (15 U.S.C. Section 1692 et seq.), Regulation F (12 C.F.R. Part 1006), the Consumer Financial Protection Act of 2010 (12 U.S.C. Section 5531), the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.), the Telephone Consumer Protection Act (47 U.S.C. Section 227), and applicable state collection laws and regulations.

2. Consumer Rights

Under the FDCPA and applicable state laws, consumers have the following rights in connection with debt collection:

• Right to Validation: Within five (5) days of the initial communication, the consumer must receive a written validation notice containing the amount of the debt, the name of the creditor, a statement that the debt will be assumed valid unless disputed within thirty (30) days, and a statement that the consumer may request the name and address of the original creditor (15 U.S.C. Section 1692g(a))
• Right to Dispute: The consumer may dispute the debt in writing within thirty (30) days of receiving the validation notice. Upon receiving a written dispute, the Company must cease collection efforts until it obtains and provides verification of the debt (15 U.S.C. Section 1692g(b))
• Right to Cease Communication: The consumer may direct the Company in writing to cease further communication. Upon receiving such a request, the Company must cease communication except to: (a) advise the consumer that collection efforts are being terminated; (b) notify the consumer that specific remedies may be invoked; or (c) notify the consumer that the Company intends to invoke a specified remedy (15 U.S.C. Section 1692c(c))
• Right to Privacy: The Company may not communicate with third parties about a consumer's debt except as permitted by the FDCPA, including communication with the consumer's attorney, a consumer reporting agency, the creditor, the creditor's attorney, or the Company's attorney (15 U.S.C. Section 1692c(b))
• Right to Be Free from Harassment: The consumer has the right to be free from any conduct that harasses, oppresses, or abuses any person in connection with the collection of a debt (15 U.S.C. Section 1692d)

3. Communication Restrictions

3.1 Time and Place

The Company shall not communicate with a consumer at any unusual time or place, or at a time or place known or that should be known to be inconvenient to the consumer. Unless the Company has knowledge of circumstances to the contrary, communications are presumed convenient between the hours of 8:00 a.m. and 9:00 p.m. local time at the consumer's location (15 U.S.C. Section 1692c(a)(1)).

3.2 Workplace Communications

The Company shall not communicate with a consumer at the consumer's place of employment if the Company knows or has reason to know that the employer prohibits such communications (15 U.S.C. Section 1692c(a)(3)).

3.3 Attorney Representation

If the Company knows that the consumer is represented by an attorney with respect to the debt and can readily ascertain the attorney's name and address, the Company shall communicate solely with the consumer's attorney (15 U.S.C. Section 1692c(a)(2)).

3.4 Electronic Communications

In accordance with Regulation F (12 C.F.R. Section 1006.6(d)), the Company may communicate with consumers by email or text message only if the consumer has provided prior consent and the Company provides a reasonable and simple method for the consumer to opt out of such communications. Each electronic communication must include clear opt-out instructions.

3.5 Telephone Call Frequency

In compliance with Regulation F (12 C.F.R. Section 1006.14(b)), the Company shall not place telephone calls to a consumer regarding a particular debt more than seven (7) times within a seven (7) day period, and shall not place a telephone call to a consumer within seven (7) days after having a telephone conversation with the consumer about the particular debt.

4. Prohibited Practices

The Company strictly prohibits the following practices by its employees, agents, and representatives:

• Use or threat of violence or criminal means to harm the person, property, or reputation of any person (15 U.S.C. Section 1692d(1))
• Use of obscene or profane language (15 U.S.C. Section 1692d(2))
• Publication of "deadbeat lists" or similar shame tactics (15 U.S.C. Section 1692d(3))
• Causing a telephone to ring repeatedly or continuously with intent to annoy, abuse, or harass (15 U.S.C. Section 1692d(5))
• False representation that the debt collector is an attorney or government representative (15 U.S.C. Section 1692e(1), (4))
• Misrepresentation of the character, amount, or legal status of the debt (15 U.S.C. Section 1692e(2))
• Threat of any action that cannot legally be taken or is not intended to be taken (15 U.S.C. Section 1692e(5))
• False representation that non-payment will result in arrest, imprisonment, or seizure of property (15 U.S.C. Section 1692e(4))
• Collection of amounts not authorized by the debt agreement or permitted by law (15 U.S.C. Section 1692f(1))
• Deposit of a post-dated check before the date on the check (15 U.S.C. Section 1692f(2))
• Communication by postcard (15 U.S.C. Section 1692f(7))
• Use of any false, deceptive, or misleading representation or means in connection with the collection of any debt (15 U.S.C. Section 1692e)

5. State-Specific Collection Laws

In addition to federal law, the Company complies with all applicable state debt collection statutes and regulations. Many states impose additional requirements beyond the FDCPA, including licensing and bonding requirements, additional consumer disclosures, shorter statute of limitations periods, and restrictions on interest and fees. The Company maintains a compliance matrix of state-specific requirements and ensures its practices conform to the most restrictive applicable standard. The Company holds collection agency licenses in all states where its activities require licensing.

6. Complaint Procedures

6.1 Internal Complaints

Consumers may file complaints regarding the Company's collection practices by: (a) calling (561) 254-6608; (b) sending an email to support@debtpro.us with the subject line "Collection Complaint"; or (c) mailing a written complaint to the Company's address. The Company will acknowledge receipt of the complaint within five (5) business days and complete its investigation within thirty (30) days.

6.2 External Complaints

Consumers may also file complaints with: (a) the Consumer Financial Protection Bureau (CFPB) at consumerfinance.gov/complaint; (b) the Federal Trade Commission (FTC) at ftc.gov/complaint; (c) the applicable state attorney general's office; or (d) the applicable state consumer protection agency.

7. Regulatory Oversight

The Company's collection activities are subject to oversight by the CFPB, the FTC, state attorneys general, and state regulatory agencies. The Company cooperates fully with regulatory examinations and inquiries. The Company maintains records of all collection activity, consumer communications, disputes, and complaints for a minimum of three (3) years, as required by Regulation F (12 C.F.R. Section 1006.100).

8. Contact

For questions about this FDCPA Compliance Policy or to exercise your rights as a consumer, contact: DebtPro Compliance Department, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. BSA/AML Compliance Program

1.1 Program Overview

The Company's BSA/AML compliance program consists of five core components, as required by FinCEN guidance: (a) designation of a BSA/AML Compliance Officer; (b) development of internal policies, procedures, and controls; (c) an ongoing employee training program; (d) independent testing (audit) of the AML program; and (e) risk-based procedures for customer due diligence (CDD) and beneficial ownership identification.

1.2 Compliance Officer

The Company has designated a BSA/AML Compliance Officer who is responsible for the day-to-day operation of the AML program, including monitoring transactions for suspicious activity, filing required reports, maintaining records, coordinating with law enforcement, and ensuring the program is updated to reflect regulatory changes. The Compliance Officer reports directly to senior management and has authority to escalate issues without interference.

2. Customer Identification Program (CIP)

2.1 Identification Requirements

Before establishing a business relationship, the Company collects and verifies the identity of each customer in accordance with 31 C.F.R. Section 1010.220. For individual customers, we collect: full legal name, date of birth, residential address, and a government-issued identification number (SSN, ITIN, or passport number). For entity customers, we collect: legal entity name, principal place of business, formation jurisdiction, Employer Identification Number (EIN), and articles of formation or organization.

2.2 Verification Methods

Customer identity is verified using a combination of documentary and non-documentary methods. Documentary verification may include review of government-issued photo identification, articles of formation, certificate of good standing, and operating agreements. Non-documentary verification may include independent database searches, credit bureau inquiries, and cross-referencing information from public records. The Company documents the methods used to verify each customer's identity and the results of verification.

3. Know Your Customer (KYC) Procedures

3.1 Customer Due Diligence (CDD)

The Company conducts risk-based customer due diligence, which includes: (a) identifying and verifying the customer's identity; (b) understanding the nature and purpose of the business relationship; (c) identifying beneficial owners of legal entity customers who own 25% or more of the entity or who exercise significant control; and (d) conducting ongoing monitoring of the relationship to detect unusual or suspicious activity.

3.2 Enhanced Due Diligence (EDD)

For customers identified as higher risk -- including politically exposed persons (PEPs), customers domiciled in high-risk jurisdictions, customers with complex ownership structures, and customers engaged in cash-intensive businesses -- the Company conducts enhanced due diligence. EDD procedures may include additional identity verification, source of funds documentation, senior management approval for the relationship, and increased transaction monitoring.

3.3 Beneficial Ownership

In compliance with the FinCEN Customer Due Diligence Rule (31 C.F.R. Section 1010.230) and the Corporate Transparency Act, the Company identifies and verifies the identity of beneficial owners of legal entity customers. Beneficial owner information is collected at account opening and updated when the Company becomes aware of changes.

4. Suspicious Activity Reporting

4.1 Monitoring

The Company monitors customer transactions and activity for indicators of money laundering, terrorist financing, or other suspicious conduct. Monitoring includes automated transaction surveillance, manual review of flagged transactions, and periodic portfolio reviews. Red flags include, but are not limited to: transactions with no apparent business purpose, transactions involving known high-risk jurisdictions, unusual transaction patterns, rapid movement of funds, and attempts to structure transactions to avoid reporting thresholds.

4.2 Filing Suspicious Activity Reports (SARs)

When the Company detects suspicious activity involving $5,000 or more (or any amount in the case of suspected terrorist financing), the Company files a Suspicious Activity Report (SAR) with FinCEN through the BSA E-Filing System within thirty (30) days of initial detection (or sixty (60) days if no suspect is identified). SAR information is maintained in strict confidence, and the Company does not notify the customer of the filing, in accordance with 31 U.S.C. Section 5318(g)(2).

5. Record Keeping Requirements

The Company maintains records as required by the BSA, including:

• Customer identification records for a minimum of five (5) years after the account is closed (31 C.F.R. Section 1010.220(a)(3))
• Transaction records for a minimum of five (5) years (31 C.F.R. Section 1010.410)
• Copies of SARs and supporting documentation for five (5) years from the date of filing (31 C.F.R. Section 1010.320(d))
• Currency Transaction Reports (CTRs) for transactions exceeding $10,000 (31 C.F.R. Section 1010.311)
• Records of all CDD and EDD activities
• Employee training records

6. Employee Training

All employees receive BSA/AML training upon hire and at least annually thereafter. Training covers: (a) the Company's AML policies and procedures; (b) the BSA reporting obligations; (c) recognizing and reporting suspicious activity; (d) understanding the penalties for non-compliance; (e) customer identification and verification procedures; and (f) role-specific responsibilities. The Compliance Officer tracks training completion and maintains records of all training activities. Employees who fail to complete required training are subject to disciplinary action.

7. Independent Audit

The Company engages an independent third party to test and review its AML program at least every twelve (12) to eighteen (18) months. The independent audit assesses the adequacy of the program's policies and procedures, the effectiveness of monitoring and reporting, the quality of employee training, and overall compliance with applicable laws and regulations. Audit findings and recommendations are reported to senior management, and the Company documents its remediation of any identified deficiencies.

8. OFAC Screening

The Company screens all customers and transaction parties against the Specially Designated Nationals and Blocked Persons List ("SDN List") maintained by the Office of Foreign Assets Control ("OFAC") of the U.S. Department of the Treasury. Screening is conducted at the time of customer onboarding, at the initiation of each transaction, and periodically against updated lists. If a match is identified, the Company will block the transaction, freeze associated assets, and file a blocking report with OFAC within ten (10) business days, as required by 31 C.F.R. Part 501.

9. Contact

For questions about this AML Policy, contact: DebtPro BSA/AML Compliance Officer, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Informal Resolution Process

1.1 Good Faith Negotiation

Before initiating any formal dispute resolution proceedings, the parties agree to attempt in good faith to resolve any dispute, claim, or controversy arising out of or relating to these Terms, the Services, or the parties' relationship ("Dispute") through informal negotiation. The party asserting the Dispute shall provide written notice to the other party describing the nature of the Dispute, the relief sought, and relevant supporting facts. The notice shall be sent by email to support@debtpro.us (if directed to the Company) or to the email address on file (if directed to you).

1.2 Negotiation Period

Following receipt of a dispute notice, the parties shall have sixty (60) days to attempt to resolve the Dispute informally. During this period, the parties agree to engage in at least one telephonic or video conference to discuss the Dispute. If the Dispute is not resolved within the sixty (60) day period, either party may proceed to mediation or arbitration as described below.

2. Mediation

2.1 Mediation Requirement

If informal negotiation does not resolve the Dispute, either party may propose non-binding mediation before a single mediator. Mediation shall be conducted under the Commercial Mediation Procedures of the American Arbitration Association ("AAA") or such other rules as the parties may agree upon. The mediator shall be a neutral party with experience in financial services disputes, selected by mutual agreement or, if the parties cannot agree, appointed by the AAA.

2.2 Mediation Process

Mediation shall be conducted in Palm Beach County, Florida, or by video conference if both parties agree. Each party shall bear its own costs of mediation, and the mediator's fees shall be split equally. Statements made during mediation are confidential, inadmissible in any subsequent proceeding, and shall not be used as evidence or for impeachment purposes. The mediation shall be completed within thirty (30) days of the mediator's appointment unless extended by mutual agreement.

3. Binding Arbitration

3.1 Agreement to Arbitrate

IF THE DISPUTE IS NOT RESOLVED THROUGH INFORMAL NEGOTIATION OR MEDIATION, THE PARTIES AGREE THAT THE DISPUTE SHALL BE RESOLVED BY BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION UNDER ITS COMMERCIAL ARBITRATION RULES AND SUPPLEMENTARY PROCEDURES FOR CONSUMER-RELATED DISPUTES (IF APPLICABLE). ARBITRATION SHALL BE CONDUCTED BY A SINGLE ARBITRATOR WITH EXPERTISE IN FINANCIAL SERVICES AND COMMERCIAL LAW.

3.2 Arbitration Procedures

The arbitration shall be conducted in Palm Beach County, Florida, unless otherwise agreed by the parties. The arbitrator shall have the authority to award any remedy that would be available in court, including compensatory damages, injunctive relief, declaratory relief, and attorneys' fees and costs where permitted by applicable law. The arbitrator shall apply the substantive law of the State of Florida. The arbitrator's decision shall be in writing, shall include findings of fact and conclusions of law, and shall be final and binding on the parties. Judgment on the arbitration award may be entered in any court of competent jurisdiction.

3.3 Discovery

Discovery in arbitration shall be limited. Each party may serve up to ten (10) interrogatories, ten (10) requests for production of documents, and take up to two (2) depositions. The arbitrator may authorize additional discovery upon a showing of good cause. The arbitrator shall resolve discovery disputes and may impose sanctions for discovery abuse.

3.4 Confidentiality

All aspects of the arbitration proceeding, including the filing, proceedings, documents exchanged, testimony, and award, shall be confidential and shall not be disclosed to any third party except: (a) as necessary to prepare for or conduct the arbitration; (b) as may be required by law or regulation; (c) as necessary to confirm, vacate, or enforce the award; or (d) as otherwise agreed by the parties.

4. Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AND THE COMPANY AGREE THAT EACH PARTY MAY BRING DISPUTES ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, CONSOLIDATED, REPRESENTATIVE, OR PRIVATE ATTORNEY GENERAL ACTION. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF CLASS OR REPRESENTATIVE PROCEEDING. IF THIS CLASS ACTION WAIVER IS FOUND TO BE UNENFORCEABLE, THEN THE ENTIRETY OF THIS ARBITRATION PROVISION SHALL BE NULL AND VOID, AND THE DISPUTE SHALL BE DECIDED BY A COURT OF COMPETENT JURISDICTION.

5. Small Claims Court Exception

Notwithstanding the foregoing, either party may bring an individual action in small claims court for Disputes within the jurisdictional limits of such court. If the Dispute is removed from small claims court or transferred to a court of general jurisdiction, the arbitration provisions of this section shall apply.

6. Injunctive Relief

Nothing in this Dispute Resolution section shall prevent either party from seeking temporary or preliminary injunctive relief, or other provisional remedies, from a court of competent jurisdiction to prevent irreparable harm pending the outcome of arbitration. A request for injunctive relief shall not waive the right to arbitration of any Dispute.

7. Costs and Fees

7.1 Filing Fees

Each party shall be responsible for its own filing fees as established by the AAA. If you demonstrate that arbitration costs are prohibitive relative to the amount in dispute, the Company will consider a request to bear a portion of the filing fees. Payment of arbitrator fees shall be governed by the AAA rules.

7.2 Attorneys' Fees

Each party shall bear its own attorneys' fees and costs unless the arbitrator awards attorneys' fees to the prevailing party, as permitted by applicable law or the terms of the parties' agreement. The arbitrator may award reasonable attorneys' fees and costs to the prevailing party if the arbitrator determines that the opposing party's claim or defense was frivolous, brought for an improper purpose, or lacking in good faith.

8. Statute of Limitations

Any Dispute must be filed within the applicable statute of limitations period. Failure to file within the applicable limitations period shall constitute an absolute bar to the claim. For purposes of this section, a Dispute is considered "filed" when the notice of arbitration or complaint is submitted to the AAA or the appropriate court. The statute of limitations for claims arising under these Terms shall be governed by Florida law.

9. Jury Trial Waiver

FOR ANY DISPUTE THAT IS DETERMINED TO BE LITIGATED IN COURT RATHER THAN ARBITRATION, THE PARTIES HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVE ANY RIGHT TO A TRIAL BY JURY. THIS WAIVER APPLIES TO ALL DISPUTES, INCLUDING THOSE SOUNDING IN CONTRACT, TORT, STATUTORY, OR ANY OTHER LEGAL THEORY.

10. Survival

This Dispute Resolution section shall survive termination or expiration of the Terms of Service and any other agreement between the parties. It shall apply to Disputes that arise before or after the effective date of these Terms, including Disputes arising from events that occurred before you agreed to this Dispute Resolution section.

11. Contact

For dispute-related inquiries, contact: DebtPro Legal Department, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Federal Regulatory Compliance

1.1 Fair Credit Reporting Act (FCRA)

As a data furnisher and user of consumer reports, the Company complies with the Fair Credit Reporting Act (15 U.S.C. Section 1681 et seq.) and its implementing regulations. This includes compliance with accuracy requirements (Section 623), dispute investigation obligations (Section 611), permissible purpose limitations (Section 604), and adverse action notice requirements (Section 615). The Company maintains policies and procedures to ensure that all information furnished to consumer reporting agencies is accurate and complete, and that disputes are investigated promptly and thoroughly.

1.2 Fair Debt Collection Practices Act (FDCPA)

The Company's collection-related activities comply with the FDCPA (15 U.S.C. Section 1692 et seq.) and Regulation F (12 C.F.R. Part 1006). See the Fair Debt Collection Practices Compliance section of this Legal Center for detailed information.

1.3 Gramm-Leach-Bliley Act (GLBA)

As a financial institution, the Company complies with the GLB Act's privacy and data security requirements, including the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Rule. See the Data Protection and Security Policy for detailed information on our security safeguards.

1.4 Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

The Company maintains a BSA/AML compliance program that includes customer identification, due diligence, transaction monitoring, suspicious activity reporting, and record keeping. See the Anti-Money Laundering Policy for detailed information.

1.5 Telephone Consumer Protection Act (TCPA)

The Company complies with the TCPA (47 U.S.C. Section 227) and FCC regulations regarding telephone communications, including restrictions on the use of automatic telephone dialing systems (ATDS), prerecorded and artificial voice messages, text messages, and requirements for prior express consent. The Company maintains internal Do Not Call lists and scrubs contact lists against the National Do Not Call Registry.

1.6 Equal Credit Opportunity Act (ECOA)

The Company complies with the ECOA (15 U.S.C. Section 1691 et seq.) and Regulation B (12 C.F.R. Part 1002), which prohibit discrimination in credit transactions on the basis of race, color, religion, national origin, sex, marital status, age, receipt of public assistance, or the good faith exercise of any right under the Consumer Credit Protection Act.

2. State Licensing

2.1 Collection Agency Licensing

The Company holds collection agency licenses, registrations, or permits in all states where its activities require such authorization. The Company monitors changes in state licensing requirements and obtains or renews licenses as necessary. Licensing information, including license numbers, issuing authorities, and expiration dates, is available upon request.

2.2 Debt Buyer Registration

In states that require separate registration for debt buyers, the Company maintains current registrations. This includes compliance with state-specific debt buyer requirements regarding documentation, chain of title, and disclosure obligations.

2.3 Surety Bonds

The Company maintains surety bonds in all jurisdictions that require bonding for collection agency licensure or debt buyer registration. Bond amounts meet or exceed the minimum requirements established by each jurisdiction.

3. Industry Memberships and Affiliations

The Company participates in industry organizations and professional associations that promote best practices in the debt buying, collection, and credit reporting industries. These may include the Receivables Management Association International (RMAI), the ACA International, the Consumer Data Industry Association (CDIA), and state-level collector and creditor associations. Membership in these organizations supports the Company's commitment to ethical business practices, continuing education, and industry standards.

4. Ongoing Compliance Monitoring

4.1 Compliance Management System

The Company maintains a compliance management system ("CMS") consisting of: (a) board and management oversight; (b) a compliance program with written policies and procedures; (c) a consumer complaint management system; (d) independent compliance audits; and (e) compliance training. The CMS is designed to prevent violations, detect noncompliance, and ensure prompt remediation of identified issues.

4.2 Regulatory Change Monitoring

The Company actively monitors legislative and regulatory developments at the federal and state levels. When new laws, regulations, or regulatory guidance affect the Company's operations, the Company assesses the impact, updates its policies and procedures, trains affected employees, and implements any required changes before the effective date of the new requirements.

5. Regulatory Examination Cooperation

The Company cooperates fully with examinations, audits, investigations, and information requests from federal and state regulatory agencies, including the CFPB, the FTC, FinCEN, state attorneys general, and state financial regulatory agencies. The Company maintains organized records and documentation to facilitate efficient regulatory examinations and responds to regulatory requests within the timeframes specified.

6. Whistleblower Protections

The Company maintains a policy prohibiting retaliation against any employee, contractor, or agent who in good faith reports a suspected violation of law, regulation, or Company policy. Reports may be made to the Compliance Officer, to senior management, or through an anonymous reporting mechanism. The Company investigates all reports promptly and takes appropriate corrective action. This policy is consistent with the whistleblower protections provided under the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. Section 5567) and other applicable federal and state whistleblower statutes.

7. Contact

For questions about licensing or compliance, contact: DebtPro Compliance Department, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. What Are Cookies

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. Cookies are widely used to make websites work more efficiently, to remember your preferences, and to provide information to the website owner. Cookies may be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a set period or until you delete them). Cookies may be set by the website you are visiting ("first-party cookies") or by third parties whose content or services appear on the website ("third-party cookies").

2. Types of Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. These cookies do not store any personally identifiable information. Without these cookies, certain features of the Website may not be available. Examples include session identification cookies, load-balancing cookies, and security cookies used for user authentication and fraud prevention.

2.2 Performance and Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us understand which pages are the most and least popular and how visitors navigate the Website. All information these cookies collect is aggregated and anonymized. If you do not allow these cookies, we will not know when you have visited our Website. We may use services such as Google Analytics, which sets cookies to help us analyze how users interact with the Website.

2.3 Functional Cookies

These cookies enable the Website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these features may not function properly. Examples include cookies that remember your language preference, region, font size, or other display preferences.

2.4 Marketing and Targeting Cookies

These cookies may be set through our Website by our advertising partners. They may be used to build a profile of your interests and show you relevant advertisements on other websites. They do not directly store personal information but are based on uniquely identifying your browser and device. If you do not allow these cookies, you will experience less targeted advertising. These cookies enable us and our advertising partners to track the effectiveness of our marketing campaigns and to deliver advertisements that are more relevant to you.

3. Cookie Management

3.1 Browser Settings

Most web browsers allow you to manage cookies through their settings. You can configure your browser to: (a) accept all cookies; (b) notify you when a cookie is set; (c) reject all cookies; or (d) delete cookies that have already been set. Please note that disabling or deleting cookies may affect the functionality of the Website. Instructions for managing cookies in common browsers are available at the browser manufacturer's website.

3.2 Opt-Out Tools

You may opt out of interest-based advertising by visiting: (a) the Digital Advertising Alliance at optout.aboutads.info; (b) the Network Advertising Initiative at optout.networkadvertising.org; or (c) for European users, the European Interactive Digital Advertising Alliance at youronlinechoices.eu. Please note that opting out does not mean you will stop seeing advertisements; rather, the advertisements you see may be less relevant to you.

4. Third-Party Cookies

Some cookies on our Website are set by third-party services that appear on our pages. We do not control the setting of these cookies and cannot access them. Third-party cookies are subject to the respective third party's cookie and privacy policies. Third-party services that may set cookies on our Website include analytics providers, advertising networks, social media platforms, and security service providers.

5. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, our Website does not respond to DNT signals. However, you can manage your privacy preferences through the cookie management options described above. We will update this policy if a uniform DNT standard is adopted.

6. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, regulation, or our business practices. When we make material changes, we will update the "Last Revised" date. We encourage you to review this policy periodically.

7. Contact

For questions about this Cookie Policy, contact: DebtPro, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Permitted Uses

The Platform is provided for the following legitimate business purposes:

• Purchasing, selling, and brokering debt portfolios in compliance with applicable law
• Managing and tracking debt portfolio transactions and related documentation
• Submitting and managing data for credit reporting and data furnishing services
• Accessing account information, transaction history, invoices, and reports
• Communicating with the Company regarding services, support, and account inquiries
• Utilizing API integrations in accordance with published API documentation and rate limits
• Conducting due diligence and compliance-related activities associated with the Services

2. Prohibited Activities

You may not use the Platform to:

• Engage in any activity that violates applicable federal, state, or local law, regulation, or ordinance
• Submit false, fraudulent, misleading, or fabricated data for credit reporting or any other purpose
• Furnish data to credit bureaus for the purpose of inflating, manipulating, or otherwise artificially altering credit scores or ratings
• Access accounts, data, or systems that you are not authorized to access
• Share your account credentials with unauthorized individuals or entities
• Use automated tools, bots, scripts, or scrapers to access the Platform except through published APIs and within documented rate limits
• Attempt to probe, scan, test, or breach the security or authentication measures of the Platform
• Upload, transmit, or distribute viruses, malware, ransomware, or any other harmful code
• Conduct denial-of-service attacks or any activity that degrades the performance or availability of the Platform
• Use the Platform to harass, threaten, defame, or discriminate against any person
• Misrepresent your identity, affiliation, or authorization when using the Platform
• Engage in competitive intelligence activities, reverse engineering, or benchmarking of the Platform without prior written consent
• Resell, sublicense, or commercially exploit access to the Platform without prior written authorization

3. System Integrity

3.1 Resource Usage

You agree not to use the Platform in a manner that consumes an unreasonable or disproportionate amount of system resources, including CPU, memory, storage, bandwidth, or API calls. The Company reserves the right to throttle, suspend, or terminate access for users whose usage materially impairs the Platform's performance for other users.

3.2 API Usage

If you access the Platform through APIs, you must comply with all published rate limits, authentication requirements, and usage guidelines. The Company reserves the right to modify API rate limits and access parameters with reasonable notice. Unauthorized use of APIs, including circumventing rate limits or authentication, is a violation of this AUP.

4. Account Security

You are responsible for: (a) maintaining the security of your account credentials; (b) enabling multi-factor authentication when available; (c) promptly reporting any unauthorized access to your account; (d) ensuring that all authorized users on your account comply with this AUP; and (e) logging out of your account when using shared or public devices. The Company may require additional security measures, such as IP restrictions or session timeouts, for accounts that process sensitive data.

5. Reporting Violations

If you become aware of any violation of this AUP, you should report it promptly to support@debtpro.us. Reports should include a description of the violation, the date and time it was observed, any evidence supporting the report, and your contact information. The Company will investigate reported violations and take appropriate action. Reports may be made anonymously, although providing contact information allows us to follow up with additional questions.

6. Consequences of Violations

Violations of this AUP may result in one or more of the following actions, at the Company's sole discretion: (a) written warning; (b) temporary suspension of account access; (c) permanent termination of account access; (d) removal of offending content or data; (e) reporting to law enforcement or regulatory authorities; (f) legal action, including claims for damages and injunctive relief; and (g) cooperation with law enforcement investigations. The Company will consider the severity, frequency, and intent of the violation when determining appropriate consequences. The Company reserves the right to take immediate action without prior notice when necessary to protect the integrity, security, or availability of the Platform.

7. Contact

For questions about this Acceptable Use Policy, contact: DebtPro, Email: support@debtpro.us, Phone: (561) 254-6608.

Effective Date: March 1, 2026 | Last Revised: March 2026

1. Service Availability

1.1 Uptime Commitment

The Company commits to maintaining a monthly uptime percentage of at least ninety-nine and one-half percent (99.5%) for the Platform, measured on a calendar month basis. "Uptime" means the time during which the Platform's core functions -- including account access, transaction processing, and data submission -- are available and operational. Uptime is calculated as: ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100.

1.2 Scheduled Maintenance

The Company performs scheduled maintenance during designated maintenance windows, typically between 2:00 AM and 6:00 AM Eastern Time on Sundays. Scheduled maintenance windows are excluded from the uptime calculation. The Company will provide at least forty-eight (48) hours' advance notice of scheduled maintenance via email and Platform notification. If emergency maintenance is required outside scheduled windows, the Company will provide as much advance notice as practicable.

1.3 Uptime Monitoring

The Company monitors Platform availability continuously using automated monitoring tools. Downtime is measured from the time the Company becomes aware of the outage (through automated detection or client report) until service is restored and operational. The Company maintains monitoring logs as evidence of uptime performance.

2. Data Reporting Timelines

2.1 Data Submission Processing

Data submitted by clients for credit bureau reporting will be processed and validated within five (5) business days of receipt. If data fails validation, the Company will notify the client of the errors within two (2) business days and provide guidance on correction.

2.2 Bureau Transmission

Validated data will be transmitted to the designated credit bureau(s) within ten (10) business days of the client's submission date. Transmission timelines are subject to the receiving Bureau's processing schedules and system availability, which are outside the Company's control.

2.3 Update Processing

Data corrections and updates submitted by clients will be processed and transmitted to the applicable Bureau(s) within five (5) business days of receipt. Expedited processing may be available for an additional fee.

3. Response Time Commitments

3.1 Support Tiers

The Company provides support through email and telephone during business hours (Monday through Friday, 9:00 AM to 6:00 PM Eastern Time, excluding federal holidays). Support requests are classified by severity:

• Critical (Severity 1): Complete platform outage or data breach. Initial response within one (1) hour. Continuous work until resolved or workaround provided.
• High (Severity 2): Major feature unavailable, data submission failures, or significant performance degradation. Initial response within four (4) business hours. Target resolution within one (1) business day.
• Medium (Severity 3): Non-critical feature issues, minor performance issues, or general inquiries. Initial response within one (1) business day. Target resolution within three (3) business days.
• Low (Severity 4): Feature requests, documentation questions, or cosmetic issues. Initial response within two (2) business days. Resolution at the Company's discretion during regular development cycles.

3.2 Initial Response

"Initial response" means the Company acknowledges receipt of the support request and provides an estimated timeline for investigation or resolution. Initial response does not guarantee that the issue will be resolved within the response time.

4. Escalation Procedures

4.1 Escalation Path

If a support request is not resolved within the target resolution time, you may escalate the issue through the following path:

• Level 1 -- Support Team: Initial point of contact for all support requests
• Level 2 -- Technical Lead: Escalation for unresolved technical issues after initial resolution timeframe
• Level 3 -- Operations Manager: Escalation for persistent issues, service level concerns, or policy questions
• Level 4 -- Senior Management: Escalation for unresolved disputes, SLA credit requests, or strategic concerns

4.2 Escalation Timing

You may escalate to the next level if: (a) the target resolution time for the severity level has passed without resolution; (b) the issue has been downgraded in severity without your agreement; or (c) you are not receiving timely updates on the status of your request. To escalate, contact support@debtpro.us with the subject line "ESCALATION: [Ticket Number]."

5. Performance Metrics

5.1 Key Performance Indicators

The Company tracks the following performance metrics:

• Platform Uptime: Target of 99.5% monthly availability
• Data Processing Time: Average time from data submission to Bureau transmission
• Dispute Resolution Time: Average time to complete ACDV investigations
• Support Response Time: Average time to initial response by severity level
• Data Accuracy Rate: Percentage of data submissions passing validation without errors
• Client Satisfaction: Measured through periodic client surveys

5.2 Reporting

Upon request, the Company will provide a monthly performance report detailing actual performance against SLA metrics. Reports are available within ten (10) business days of the close of the reporting month.

6. Remedies for Service Failures

6.1 Service Credits

If the Company fails to meet the 99.5% monthly uptime commitment, you may be eligible for service credits as follows:

• 99.0% to 99.4% uptime: Credit equal to five percent (5%) of the monthly service fee
• 95.0% to 98.9% uptime: Credit equal to ten percent (10%) of the monthly service fee
• Below 95.0% uptime: Credit equal to twenty-five percent (25%) of the monthly service fee

6.2 Credit Request Process

To request a service credit, you must submit a written request to support@debtpro.us within thirty (30) days of the end of the month in which the SLA was not met. The request must include the dates and times of the service failure, a description of the impact, and any supporting documentation. The Company will review the request and respond within fifteen (15) business days.

6.3 Credit Limitations

Service credits are the sole and exclusive remedy for SLA failures. Credits may not exceed twenty-five percent (25%) of the monthly service fee for any single month. Credits are applied against future invoices and are not redeemable for cash. Service credits are forfeited if your account is terminated or in default at the time of credit application.

7. Exclusions

The uptime commitment and service credits do not apply to outages or performance issues caused by:

• Scheduled or emergency maintenance with appropriate notice
• Force majeure events as described in the Terms of Service
• Actions or inactions of the client, including misconfigured API integrations or excessive API requests exceeding documented rate limits
• Third-party service failures, including internet service providers, credit bureau systems, or payment processors
• Denial-of-service attacks or other malicious third-party activity directed at the Platform
• Client's failure to implement recommended system configurations, updates, or security patches
• Features or services designated as "beta," "preview," or "experimental"

8. Reporting and Transparency

8.1 Incident Communication

During a service outage or significant performance degradation, the Company will provide status updates at least every two (2) hours until the issue is resolved. Updates will include the nature of the issue, the estimated time to resolution, and any workarounds available. After resolution, the Company will provide a post-incident report for Severity 1 and Severity 2 incidents within five (5) business days, describing the root cause, the resolution, and the steps taken to prevent recurrence.

8.2 Quarterly Business Reviews

For clients with annual service agreements, the Company will conduct quarterly business reviews covering SLA performance, service utilization, open issues, and planned improvements. Reviews may be conducted via video conference or in person as mutually agreed.

9. SLA Modifications

The Company may modify this SLA upon thirty (30) days' written notice. Modifications will not apply retroactively. If a modification materially reduces service commitments, you may terminate the affected service agreement within thirty (30) days of receiving notice, without early termination penalties. Continued use of the Services after the effective date of an SLA modification constitutes acceptance of the updated terms.

10. Contact

For SLA inquiries, service credit requests, or escalations, contact: DebtPro Operations, Email: support@debtpro.us, Phone: (561) 254-6608.