Legal

Privacy Policy

Effective Date: January 1, 2026 · Last Updated: January 1, 2026 · 28 Articles
Identity & Scope
Article 1
Introduction & Identity of the Data Controller

This Privacy Policy is published by Baron Meddy Financial Inc., a corporation organized and existing under the laws of the State of New York, United States of America, with its principal place of business at 285 Fulton Street, New York, NY 10007 (hereinafter referred to as "Baron Meddy Financial," "the Company," "we," "us," or "our").

Baron Meddy Financial operates as the data controller with respect to the personal information collected through its website located at www.baronmeddy.com and through its affiliated platforms, including yieldOS, BMRegistry, BMIQ, and ScoreStride (collectively, "the Platforms"). As data controller, Baron Meddy Financial determines the purposes and means by which personal data is processed.

We are committed to protecting the privacy, security, and integrity of the personal information entrusted to us by our clients, visitors, prospective partners, newsletter subscribers, and all individuals who interact with our website, platforms, and services. This Privacy Policy describes in comprehensive detail how we collect, use, store, share, protect, and respect your personal information.

By accessing or using our website or any of our Platforms, submitting a contact inquiry, subscribing to our newsletter, or otherwise providing personal information to Baron Meddy Financial, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any provision of this Policy, you should discontinue your use of our website and Platforms immediately.

Data Controller Contact: Baron Meddy Financial Inc., 285 Fulton Street, New York, NY 10007. Email: contact@baronmeddy.com
Article 2
Scope of This Policy

This Privacy Policy applies to all personal information collected, processed, stored, or transmitted by Baron Meddy Financial Inc. and its subsidiaries and affiliated platforms in connection with the following activities and touchpoints:

  • Visits to and interactions with the Baron Meddy Financial website at www.baronmeddy.com, including all subpages and subdirectories;
  • Use of or registration on any of the Baron Meddy Financial platforms, including yieldOS, BMRegistry, BMIQ, and ScoreStride;
  • Submission of contact forms, inquiry forms, capital partner applications, or any other web forms hosted on our website or platforms;
  • Subscription to our newsletter, market intelligence publications, or any email communication programs operated by Baron Meddy Financial;
  • Participation in webinars, virtual events, or educational programs hosted or co-hosted by Baron Meddy Financial;
  • Communications with Baron Meddy Financial by email, telephone, or any other channel initiated by you or by our representatives;
  • Engagement with Baron Meddy Financial representatives in connection with our advisory, audit, escrow, consulting, or capital markets services;
  • Any other interaction, transaction, or communication through which personal information is submitted to or collected by Baron Meddy Financial.

This Policy does not apply to third-party websites, platforms, or services that may be linked to or from our website. Baron Meddy Financial is not responsible for the privacy practices of third-party operators, and we encourage you to review the privacy policies of any third-party services you access through links on our website.

This Policy applies to individuals located in all jurisdictions, including but not limited to the United States, the European Economic Area, the United Kingdom, and all other countries in which Baron Meddy Financial operates or offers services. Where applicable law imposes additional requirements, those requirements supplement but do not supersede this Policy.

Article 3
Definitions & Interpretation

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:

TermDefinition
Personal DataAny information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, IP address, location data, and any other identifier that can be used directly or indirectly to identify an individual.
ProcessingAny operation or set of operations performed on personal data, including collection, recording, storage, adaptation, retrieval, use, disclosure, dissemination, or deletion.
Data ControllerThe natural or legal person that determines the purposes and means of processing personal data. Baron Meddy Financial Inc. is the data controller for all data processed under this Policy.
Data ProcessorA third party that processes personal data on behalf of Baron Meddy Financial pursuant to a data processing agreement.
Data SubjectAny identified or identifiable natural person whose personal data is processed by Baron Meddy Financial.
ConsentAny freely given, specific, informed, and unambiguous indication by which a data subject signifies agreement to the processing of their personal data for one or more specified purposes.
CookieA small text file placed on a device by a web server for the purpose of identifying the device, storing user preferences, or tracking user behavior across sessions.
GDPRThe General Data Protection Regulation (EU) 2016/679, as it applies to data subjects in the European Economic Area and, by virtue of the UK GDPR, to data subjects in the United Kingdom.
CCPAThe California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CPRA), applicable to California residents.
PlatformsThe digital platforms operated by or affiliated with Baron Meddy Financial, including yieldOS, BMRegistry, BMIQ, and ScoreStride.
ServicesThe advisory, audit, escrow, consulting, capital markets, and financing services offered by Baron Meddy Financial and described on this website.

Any reference in this Policy to a statute, regulation, or other legal instrument shall be construed as a reference to that instrument as amended, extended, or re-enacted from time to time. References to the singular include the plural and vice versa.

Article 4
Legal Basis for Processing (GDPR Article 6)

Baron Meddy Financial processes personal data only where a valid legal basis exists under applicable law. For individuals located in the European Economic Area or the United Kingdom, the processing of personal data is governed by the General Data Protection Regulation (GDPR) and the UK GDPR respectively. The following legal bases under GDPR Article 6 apply to our processing activities:

  • Consent (Article 6(1)(a)): Where you have given us your explicit, informed consent to process your personal data for a specific purpose — such as subscribing to our newsletter, agreeing to receive marketing communications, or authorizing identity verification and data enrichment processes.
  • Contract Performance (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract — including the processing of inquiry and application data submitted through our contact forms and platform onboarding processes.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which Baron Meddy Financial is subject, including obligations under applicable securities law, anti-money laundering regulations, know-your-customer requirements, and applicable financial services regulations.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for the purposes of the legitimate interests pursued by Baron Meddy Financial or a third party, provided that such interests are not overridden by your interests, fundamental rights, or freedoms. Our legitimate interests include the prevention of fraud, the improvement of our platforms and services, the maintenance of platform security, and the conduct of our capital markets and advisory business.

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Where we rely on legitimate interests, we have conducted a legitimate interests assessment to ensure that our interests do not override your rights and freedoms.

For individuals located outside the European Economic Area and the United Kingdom, including residents of the United States, processing is governed by applicable federal and state privacy law, including the California Consumer Privacy Act where applicable. The legal bases described above are applied as closely as practicable in those jurisdictions.

Data Collection
Article 5
Information You Provide Directly

Baron Meddy Financial collects personal information that you voluntarily provide to us when you interact with our website, platforms, or services. The categories of information you may provide directly include:

  • Identity Information: Your first name, last name, and full name as provided through our contact forms, platform registration processes, or capital partner inquiry forms.
  • Professional Information: Your company or organization name, job title, professional role, and industry sector, provided when submitting business inquiries or applying for capital partner access.
  • Contact Information: Your work or personal email address, telephone number (including country code), and any other contact details you choose to provide.
  • Geographic Information: Your country of residence or business operations, as selected or provided through our contact and inquiry forms.
  • Inquiry Content: The subject matter, summary, and detailed message content of any inquiry, question, or communication you submit through our contact form or email channels.
  • Service Interest: Your stated interest in specific Baron Meddy Financial services, platforms, or engagement types, as indicated through service selection menus or dropdown fields on our inquiry forms.
  • Newsletter Subscription: Your email address, submitted for the purpose of subscribing to our market intelligence newsletter and related publications.
  • Capital Partner Application Data: Information submitted through our capital partner inquiry and application process, which may include accreditation status, investment parameters, and institutional affiliation.

You are under no obligation to provide personal information to Baron Meddy Financial. However, failure to provide certain mandatory fields — indicated by an asterisk (*) on our forms — may prevent us from processing your inquiry, providing the requested service, or delivering subscribed communications. All optional fields are clearly indicated as such.

Article 6
Information Collected Automatically

When you visit the Baron Meddy Financial website or use our Platforms, certain technical and behavioral information is collected automatically by our systems and third-party service providers. This information is collected through server logs, cookies, pixel tags, and similar technologies, and may include:

  • Internet Protocol (IP) Address: Your device's IP address is captured automatically with each server request and is used for security monitoring, fraud detection, geographic analytics, and regulatory compliance purposes.
  • User Agent String: Technical information about your web browser, browser version, operating system, and device type, captured to optimize content delivery and identify potential security threats.
  • Page URL and Referrer: The specific URL of the page you were viewing when you submitted a form or inquiry, as well as the URL of the page that referred you to our website, used to understand user journeys and improve our content.
  • Session Data: Information about your browsing session, including pages visited, time spent on each page, clickstream data, and interaction patterns, collected for analytics and platform improvement purposes.
  • Device Identifiers: Technical identifiers associated with your device, including browser fingerprint components, screen resolution, and language settings.
  • Geographic Location (approximate): Approximate geographic location derived from your IP address, used to present jurisdiction-appropriate content and for regional analytics. We do not collect precise GPS-level location data.
  • Form Interaction Data: Technical metadata associated with form submissions, including submission timestamp, form completion time, and field interaction patterns.

Automatically collected information is used primarily for security, analytics, fraud prevention, and service improvement purposes. It is not used to identify you individually unless combined with other personal information you have voluntarily provided.

Article 7
Information From Third-Party Sources & Enrichment

In certain circumstances, Baron Meddy Financial may receive or derive additional information about you from third-party sources. This occurs primarily in the context of our newsletter subscription service and lead management processes, and is conducted solely for the purpose of improving the accuracy and relevance of our communications.

Specifically, when you submit your email address through our newsletter subscription form or contact form, we may use a third-party email validation and data enrichment service to perform the following operations:

  • Email Deliverability Verification: Validating that the email address you provided is active, deliverable, and associated with a functioning mail server, to ensure that our communications reach you successfully and that our systems are not burdened by invalid addresses.
  • Disposable Email Detection: Identifying and rejecting email addresses associated with disposable or temporary email services, to maintain the integrity of our subscriber database.
  • Identity Enrichment: Where available, deriving supplemental identity information — such as first name, last name, gender, and country of origin — associated with the submitted email address, from publicly available and licensed commercial data sources. This information is used to personalize our communications and improve the quality of our CRM records.
  • Risk Scoring: Assessing the quality and legitimacy of submitted contact data to prevent fraudulent submissions and protect the integrity of our platforms.
Third-Party Enrichment Provider: Baron Meddy Financial uses ZeroBounce (zerobounce.net) as its primary email validation and enrichment service provider. ZeroBounce processes email addresses on our behalf as a data processor under a formal data processing agreement. ZeroBounce's privacy policy is available at zerobounce.net/privacy.

We may also receive information about you from publicly available sources, professional directories, and licensed commercial data providers in the context of our business development and institutional partnership activities. Any such information is handled in accordance with this Privacy Policy and applicable law.

Article 8
Cookies & Tracking Technologies

Baron Meddy Financial uses cookies and similar tracking technologies on its website and Platforms. A cookie is a small text file stored on your device by a web server, used to recognize your device on subsequent visits, store your preferences, and collect analytics data.

We use the following categories of cookies:

  • Strictly Necessary Cookies: These cookies are essential for the basic functioning of our website and Platforms. They enable core features such as secure form submission, session management, and security protections. These cookies cannot be disabled without impairing the functionality of the website. No consent is required for strictly necessary cookies.
  • Performance and Analytics Cookies: These cookies collect anonymous information about how visitors use our website — including which pages are visited most frequently, how long visitors spend on each page, and where visitors come from. This data is used exclusively to improve the performance and content of our website. We use anonymized analytics data only.
  • Functionality Cookies: These cookies allow our website to remember choices you have made — such as your country selection, language preference, or previously entered form data — to provide a more personalized experience.
  • Security Cookies: These cookies are used to detect and prevent fraudulent activity, protect against automated attacks, and maintain the security integrity of our website and Platforms.

Baron Meddy Financial does not use behavioral advertising cookies, cross-site tracking cookies, or third-party advertising cookies. We do not permit advertisers or advertising networks to set cookies through our website.

You may control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a notification before a cookie is stored. Please note that disabling certain cookies may affect the functionality of our website. Instructions for managing cookies are available in the help documentation of your browser.

Article 9
Information Collected Through Our Platforms

Each of the Baron Meddy Financial platforms — yieldOS, BMRegistry, BMIQ, and ScoreStride — may collect additional categories of personal and business information specific to the services they provide. The following describes the types of data collected by each Platform:

  • yieldOS: As a capital markets facilitation platform, yieldOS collects identity and business verification data as part of its KYC (Know Your Customer) intake process, including government-issued identification, business registration documents, financial statements, banking information, and creditworthiness data. This information is collected and processed in accordance with applicable financial regulations and anti-money laundering requirements.
  • BMRegistry: As a government procurement intelligence platform, BMRegistry collects business registration details, federal and state contractor credentials, procurement history, and financing application data. This information is used to verify contractor eligibility and facilitate access to embedded financing through yieldOS.
  • BMIQ: As a global business intelligence platform, BMIQ may collect user account information, search and query behavior, saved data segments, and usage analytics. BMIQ processes company and country intelligence data from licensed commercial and public sources.
  • ScoreStride: As a credit building and financial wellness platform, ScoreStride may collect personal financial information, credit profile data, business credit history, and related financial wellness data. This information is used to provide credit monitoring, tradeline management, and financing readiness assessments.

Each Platform operates under its own dedicated terms of service and, where applicable, supplemental privacy notices that provide more detailed information about platform-specific data collection and processing practices. Users of individual Platforms are encouraged to review the applicable Platform-specific privacy documentation.

Article 10
Sensitive Data — What We Do Not Collect

Baron Meddy Financial does not intentionally collect, process, or store special categories of sensitive personal data through its public-facing website or newsletter subscription services. Specifically, we do not collect the following categories of sensitive data through our general website and marketing channels:

  • Racial or ethnic origin;
  • Political opinions or affiliations;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic data or biometric data processed for the purpose of uniquely identifying an individual;
  • Health, medical, or clinical data;
  • Sexual orientation or gender identity;
  • Criminal conviction or offense data.
Important: If you inadvertently include sensitive personal information in the free-text message field of our contact form, that information will be stored in our CRM system as part of your inquiry record. We strongly advise against including sensitive personal information in inquiry messages. If you believe you have accidentally submitted sensitive information, please contact us immediately at contact@baronmeddy.com to request deletion.

Certain platform-specific services — particularly those offered through yieldOS and ScoreStride in connection with regulated financial services — may require the collection of financial and identity verification data that may be considered sensitive under applicable law. Such collection is conducted under separate legal authority, with explicit consent where required, and is governed by platform-specific privacy documentation and applicable regulatory frameworks.

Data Use
Article 11
How We Use Your Information

Baron Meddy Financial uses the personal information we collect for specific, legitimate, and clearly defined purposes. We do not use your personal information for purposes that are incompatible with those described at the time of collection without obtaining your prior consent. The primary purposes for which we use your information include:

  • Inquiry Response & Service Delivery: Processing and responding to inquiries, questions, and requests submitted through our contact form, email channels, or platform onboarding processes, and delivering the services you have requested or expressed interest in.
  • Newsletter Delivery: Sending our market intelligence newsletter, research publications, platform updates, and related communications to subscribers who have opted in to receive them.
  • CRM & Lead Management: Recording and managing contact data, inquiry history, service interest, and communication records within our customer relationship management system for the purpose of tracking and managing client and prospect relationships.
  • Identity Verification: Verifying the identity and legitimacy of individuals who interact with our platforms, particularly in the context of KYC requirements applicable to our capital markets services.
  • Platform Operation & Improvement: Maintaining, improving, securing, and developing our website and Platforms, based on usage data, feedback, and behavioral analytics.
  • Legal & Regulatory Compliance: Fulfilling our obligations under applicable law, including securities law, anti-money laundering regulations, know-your-customer requirements, and financial services regulations.
  • Fraud Prevention & Security: Detecting, investigating, and preventing fraudulent activity, security breaches, impersonation, and unauthorized access to our systems and Platforms.
  • Business Development: Identifying and pursuing institutional partnership opportunities, capital partner relationships, and service expansion opportunities based on expressed interest and engagement patterns.
Article 12
Marketing & Communications

Baron Meddy Financial may send you marketing and informational communications in the following circumstances:

  • Newsletter Subscribers: If you have subscribed to our newsletter, we will send you our market intelligence publications, insights on private credit and capital markets, platform updates, and related content. You may unsubscribe from these communications at any time by clicking the "Unsubscribe" link included in every email we send, or by contacting us at contact@baronmeddy.com.
  • Service Follow-Up: If you have submitted an inquiry or expressed interest in our services, we may contact you to follow up on your inquiry, provide additional information, or discuss how our services may address your needs. This communication is conducted on the basis of your expressed interest and our legitimate business interests.
  • Transactional Communications: We may send you administrative and transactional communications — such as confirmation of your form submission, changes to our policies, or important notices regarding your account or engagement with our Platforms — regardless of your marketing communication preferences. These communications are necessary and non-promotional in nature.

Baron Meddy Financial does not engage in unsolicited bulk email marketing, cold email campaigns to purchased lists, or any form of spam communication. All marketing communications are sent only to individuals who have expressly opted in or who have a pre-existing relationship with Baron Meddy Financial that establishes a legitimate interest basis for contact.

You have the right to opt out of marketing communications at any time. Opting out of marketing communications will not affect transactional or administrative communications necessary for the delivery of services you have requested.

Article 13
Identity Verification & Data Validation

Baron Meddy Financial employs a multi-layered approach to verifying and validating the accuracy and legitimacy of personal information submitted through its website and Platforms. This process is conducted for the dual purpose of protecting the integrity of our systems and ensuring that our communications and services are delivered to genuine, identifiable individuals.

Our identity verification and data validation processes operate as follows:

  1. Format Validation (Layer 1): Upon submission of any form containing an email address, our systems perform immediate client-side format validation to confirm that the submitted address conforms to standard email address syntax. This check occurs in real time within your browser and does not involve any external data transmission.
  2. Domain Verification (Layer 2): Our server-side systems verify that the domain associated with a submitted email address has a functioning mail exchange (MX) record, confirming that the domain is capable of receiving email. This check is performed using standard domain name system (DNS) lookup protocols.
  3. Real-Time Email Validation & Enrichment (Layer 3): Where enabled, submitted email addresses are passed to our third-party validation provider for real-time deliverability verification, disposable address detection, risk scoring, and where available, identity enrichment. The results of this validation process inform how your submission is handled within our CRM system.

The data derived from our identity verification and validation processes is used exclusively for the purposes of managing our contact database, personalizing our communications, and maintaining the security and integrity of our Platforms. It is not used for credit decisioning, eligibility determination, or any purpose that would constitute consumer reporting under the Fair Credit Reporting Act (FCRA) or equivalent legislation.

You may request information about the validation results associated with your submitted data, or request correction of any inaccuracies, by contacting us at contact@baronmeddy.com.

Article 14
Analytics & Platform Improvement

Baron Meddy Financial uses aggregated and anonymized analytics data to understand how visitors interact with our website and Platforms, to identify opportunities for improvement, and to make informed decisions about content, design, and feature development. Our analytics practices are governed by the following principles:

  • Aggregation & Anonymization: Where possible, analytics data is aggregated and anonymized before use in decision-making, such that it cannot be linked back to any individual user. Individual-level behavioral data is not reviewed unless required for security or fraud investigation purposes.
  • Purpose Limitation: Analytics data is used solely for the purpose of improving our website, Platforms, and services. It is not used for advertising targeting, resale, or any commercial purpose unrelated to our core business operations.
  • Retention Limitation: Analytics data is retained only for as long as necessary to achieve the improvement objectives for which it was collected, and in no case for longer than the retention periods specified in Article 21 of this Policy.
  • No Third-Party Advertising Analytics: We do not use analytics platforms that share data with advertising networks or that enable cross-site behavioral tracking for advertising purposes. Our analytics infrastructure is configured to respect user privacy and to minimize the collection of personally identifiable information.

We may use heatmapping, session recording, and A/B testing tools to analyze website interaction patterns. Where such tools are used, they are configured to mask personally identifiable information and to comply with applicable privacy law. Any third-party analytics providers used by Baron Meddy Financial are engaged as data processors under formal data processing agreements.

Article 15
Legal & Regulatory Compliance

As a financial services infrastructure firm operating in highly regulated sectors including private credit, capital markets facilitation, government contract financing, and audit services, Baron Meddy Financial is subject to a range of legal and regulatory obligations that require the collection, processing, retention, and in certain cases disclosure of personal information.

We process personal data for legal and regulatory compliance purposes in the following contexts:

  • Know Your Customer (KYC) Requirements: In connection with capital markets and financing activities conducted through our Platforms, we are required by applicable financial regulations to collect and verify the identity of borrowers, lenders, and other transaction participants. This includes the collection of government-issued identification, proof of address, business registration documents, and related identity verification data.
  • Anti-Money Laundering (AML) Compliance: We are required to monitor transactions and client relationships for indications of money laundering, terrorist financing, or other financial crimes, and to file suspicious activity reports with relevant regulatory authorities where required by law.
  • Securities Law Compliance: In connection with our capital markets activities and the facilitation of private placement transactions, we are required to maintain records of investor accreditation, offering documents, and transaction histories in compliance with applicable securities law, including Regulation D of the Securities Act of 1933.
  • Tax Reporting Obligations: We may be required to collect and report certain financial transaction data to tax authorities under applicable federal and state tax law.
  • Response to Legal Process: We may be required to disclose personal information in response to a valid court order, subpoena, government investigation, or other lawful legal process. Where permitted by law, we will notify affected individuals of such disclosures.

Personal data processed for legal and regulatory compliance purposes is retained for the periods mandated by the applicable legal or regulatory requirement, which may exceed the standard retention periods described in Article 21 of this Policy.

Article 16
Fraud Prevention & Security

The protection of our clients, capital partners, and platform users against fraud, impersonation, and unauthorized access is a foundational commitment of Baron Meddy Financial. We process certain categories of personal and technical data specifically for the purpose of detecting, preventing, investigating, and responding to fraudulent or malicious activity.

Our fraud prevention and security processing activities include:

  • Agent Verification Database: We maintain a real-time database of active Baron Meddy Financial agents and representatives, accessible through our public Verify Agent tool at www.baronmeddy.com/verify-agent. This database is maintained to protect clients and partners from impersonation fraud and unauthorized solicitation.
  • IP Address Monitoring: We monitor IP addresses associated with form submissions, platform access attempts, and API requests for indications of automated attacks, credential stuffing, unauthorized access, and suspicious behavioral patterns.
  • Anomaly Detection: Our systems monitor for unusual patterns of activity — including abnormal submission volumes, repeated failed verification attempts, and geographic anomalies — that may indicate fraudulent or malicious intent.
  • Blacklist Screening: Submitted contact data may be screened against internal and third-party blocklists to identify known fraudulent actors, sanctioned entities, and high-risk data sources.
  • Incident Response: In the event of a suspected or confirmed security incident involving personal data, we will follow our incident response procedures, which include internal investigation, remediation, and notification of affected individuals and relevant authorities as required by applicable law.

Processing for fraud prevention and security purposes is conducted on the legal basis of legitimate interests (GDPR Article 6(1)(f)), as the protection of our clients and platforms from fraud constitutes a compelling legitimate interest that is not overridden by the privacy interests of the data subjects concerned.

Data Sharing
Article 17
Third-Party Service Providers & Data Processors

Baron Meddy Financial engages certain third-party service providers to assist in the operation of our website, Platforms, and business functions. These providers process personal data on our behalf as data processors, pursuant to formal data processing agreements that obligate them to process personal data only on our instructions, to maintain appropriate security measures, and to comply with applicable privacy law.

The categories of third-party data processors we engage include:

  • Email Validation & Enrichment: ZeroBounce (zerobounce.net) — used to validate email deliverability, detect disposable addresses, and enrich contact records with supplemental identity data where available.
  • Web Hosting & Infrastructure: Our website and CRM infrastructure are hosted on cloud and managed hosting platforms that process technical data including IP addresses, server logs, and session data as part of standard hosting operations.
  • Customer Relationship Management (CRM): We operate a proprietary CRM system built on the Laravel framework, hosted on infrastructure controlled by Baron Meddy Financial. Limited technical support and maintenance access to this system may involve third-party infrastructure providers.
  • Email Delivery: We use a transactional email service provider to deliver confirmation emails, newsletter issues, and administrative communications. This provider processes email addresses and message metadata as a data processor.
  • Analytics: We may use web analytics services to collect anonymized usage data for platform improvement purposes. Any analytics provider we engage is configured to minimize personal data collection and is prohibited from using our data for its own commercial purposes.

We do not permit our data processors to use personal data for their own independent purposes, to sub-process personal data without our prior written authorization, or to transfer personal data outside of approved jurisdictions without implementing appropriate safeguards. We regularly review our data processor relationships to ensure ongoing compliance with this Policy and applicable law.

A current list of our data processors is available upon written request to contact@baronmeddy.com.

Article 18
Licensed Banking & Institutional Partners

As described in our public disclosures, Baron Meddy Financial facilitates capital markets and financing activities in partnership with licensed, regulated, and insured financial institutions and banking partners. In connection with these activities, certain personal and business information may be shared with our institutional partners for the following purposes:

  • Transaction Facilitation: Where a financing transaction is facilitated through our yieldOS platform, identity and business verification data collected during the KYC intake process may be shared with the institutional lender or capital partner involved in the transaction, to the extent necessary for them to evaluate, approve, and execute the transaction in compliance with their own regulatory obligations.
  • Regulatory Compliance: Certain regulated transactions may require the sharing of borrower or investor identity data with our banking and institutional partners to fulfill their own KYC, AML, and financial reporting obligations.
  • Credit Assessment: Business financial information submitted in connection with a financing application may be shared with underwriting partners involved in the credit assessment process, solely for the purpose of evaluating the financing application.

All sharing of personal data with licensed banking and institutional partners is conducted under formal data sharing agreements that establish the permitted purposes of data use, the security obligations of the receiving party, and the rights of data subjects with respect to the shared data. Our partners are prohibited from using shared data for any purpose other than the transaction or regulatory purpose for which it was shared.

Note: The sharing of personal data with institutional partners occurs only in the context of specific financing or capital markets transactions, and only where you have submitted an application or expressed intent to proceed with a transaction through our Platforms. It does not occur as a result of general website use or newsletter subscription.
Article 19
No Sale of Personal Data

Baron Meddy Financial does not sell, rent, lease, trade, or otherwise transfer personal data to third parties for their independent commercial use or benefit. This commitment applies unconditionally to all categories of personal data collected through our website, Platforms, and services, and covers all forms of consideration — monetary or otherwise.

Specifically, we confirm that:

  • We do not sell personal data to data brokers, list vendors, advertising networks, or marketing aggregators;
  • We do not provide personal data to third parties for the purpose of enabling them to send you unsolicited commercial communications;
  • We do not participate in data exchange programs in which personal data is shared with other organizations in exchange for data about their customers or users;
  • We do not monetize behavioral data, browsing patterns, or user profiles derived from our website analytics for advertising or commercial targeting purposes;
  • We do not disclose personal data to third parties for consideration in any form that would constitute a "sale" of personal information under the California Consumer Privacy Act (CCPA) or the California Privacy Rights Act (CPRA).

This no-sale commitment is a foundational principle of our data governance framework and reflects our belief that the trust of our clients and platform users is incompatible with the commercialization of their personal information. Any future change to this commitment would require explicit prior consent from affected data subjects and would be communicated through a material update to this Privacy Policy.

Article 20
Business Transfers & Acquisitions

Baron Meddy Financial Inc. is a growing firm with stated ambitions to expand through organic growth and strategic acquisitions across regulated financial services. In the event of a merger, acquisition, corporate restructuring, sale of assets, or similar transaction involving Baron Meddy Financial or any of its subsidiaries or affiliated Platforms, personal data held by the Company may be transferred to the acquiring or successor entity as part of the assets involved in the transaction.

In the event of such a transfer, Baron Meddy Financial will take the following steps to protect the interests of affected data subjects:

  • We will provide advance notice to affected data subjects, where practicable and permitted by applicable law, of the pending transfer of their personal data to a successor entity;
  • We will require the acquiring or successor entity to honor the commitments made in this Privacy Policy with respect to any personal data transferred, or to provide data subjects with the opportunity to opt out of any materially different processing practices prior to the transfer taking effect;
  • Where required by applicable law, we will seek prior consent from affected data subjects before transferring their personal data to a successor entity whose privacy practices differ materially from those described in this Policy;
  • In the event of an acquisition of Baron Meddy Financial by a regulated financial institution, the transfer and subsequent processing of personal data will be subject to applicable financial services privacy regulations, which may provide additional protections for affected data subjects.

Any transfer of personal data in connection with a business transaction will be conducted in compliance with applicable privacy law, including the data transfer restrictions of the GDPR where applicable, and will be documented in updated privacy notices provided to affected data subjects.

Data Governance
Article 21
Data Retention & Deletion

Baron Meddy Financial retains personal data for no longer than is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. The following retention periods apply to the principal categories of personal data we process:

Data CategoryRetention Period
Contact form submissions5 years from date of submission, unless an active client relationship is established, in which case the retention period is extended for the duration of the relationship plus 7 years.
Newsletter subscriber dataFor the duration of the subscription, plus 2 years following unsubscription, to maintain suppression records and comply with anti-spam obligations.
CRM lead and prospect records7 years from the date of last meaningful interaction, unless a client relationship is established.
KYC and identity verification dataAs required by applicable financial regulations, typically 5–7 years from the date of the last transaction or termination of the relationship, whichever is later.
Transaction records7 years from the date of the transaction, in compliance with applicable financial recordkeeping requirements.
Server logs and technical data90 days, unless retained for longer for active security investigation purposes.
Analytics data26 months from collection, in anonymized and aggregated form.
Email communications7 years from the date of the last communication, or as required by applicable legal hold obligations.

Upon expiration of the applicable retention period, personal data is securely deleted or irreversibly anonymized in accordance with our data destruction procedures. Where deletion is requested by a data subject prior to the expiration of the retention period, we will process the deletion request in accordance with Article 27 of this Policy, subject to any legal or regulatory retention obligations that may prevent immediate deletion.

Article 22
Data Security & Infrastructure

Baron Meddy Financial implements appropriate technical and organizational security measures to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Our security program is designed to meet institutional-grade standards commensurate with the sensitivity of the financial and personal data we process.

Our technical security measures include:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) protocols. Our website enforces HTTPS across all pages and subdomains, and we implement HTTP Strict Transport Security (HSTS) to prevent protocol downgrade attacks.
  • Encryption at Rest: Sensitive personal data stored in our CRM and platform databases is encrypted at rest using industry-standard encryption algorithms.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. All access is authenticated, logged, and subject to role-based access control policies. Administrative access to our systems requires multi-factor authentication.
  • API Security: Our CRM and platform APIs are protected by bearer token authentication, rate limiting, IP allowlisting where applicable, and input validation to prevent injection attacks and unauthorized data access.
  • Security Headers: Our web infrastructure implements standard security headers including Content Security Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy to mitigate common web application vulnerabilities.
  • Monitoring & Alerting: We maintain continuous monitoring of our infrastructure for anomalous activity, unauthorized access attempts, and potential security incidents, with automated alerting and incident response procedures.

Despite our best efforts, no security system is impenetrable, and we cannot guarantee the absolute security of personal data transmitted over the internet. In the event of a security breach that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable law, without undue delay.

Article 23
International Data Transfers

Baron Meddy Financial is headquartered in New York, United States, and its primary data processing infrastructure is located in the United States. Given the global nature of our platforms — particularly BMIQ, which serves users across multiple jurisdictions — and our stated intention to expand internationally, personal data collected through our website and Platforms may be transferred to, stored in, or processed in jurisdictions other than the one in which you reside.

Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries that have not been granted an adequacy decision by the relevant data protection authority, we rely on the following transfer mechanisms to ensure an adequate level of protection:

  • Standard Contractual Clauses (SCCs): For transfers from the EEA and the UK, we implement the Standard Contractual Clauses approved by the European Commission and, where applicable, the UK International Data Transfer Agreement (IDTA), with all data processors and recipients located in non-adequate third countries.
  • Supplementary Technical Measures: In addition to Standard Contractual Clauses, we implement supplementary technical measures — including end-to-end encryption and data minimization — to ensure that transferred personal data is protected at a level equivalent to that required under GDPR, even in jurisdictions that may not provide equivalent statutory protection.
  • Adequacy Decisions: Where transfers are to countries that have received an adequacy decision from the European Commission or the UK Information Commissioner's Office, we rely on the adequacy decision as the transfer mechanism.

As Baron Meddy Financial expands its operations internationally and establishes country-specific versions of its website and Platforms, additional transfer mechanisms and supplementary privacy notices will be implemented for each relevant jurisdiction. Users accessing Baron Meddy Financial services from outside the United States should be aware that their personal data will be transferred to and processed in the United States, where data protection standards may differ from those in their country of residence.

Article 24
Children's Privacy

The website, Platforms, and services of Baron Meddy Financial are directed exclusively at adults and are not intended for, marketed to, or designed to be used by individuals under the age of eighteen (18) years. We do not knowingly collect, solicit, process, or store personal information from minors under the age of 18.

In particular, our capital markets, financing, and advisory services require participants to be legally capable of entering into binding financial contracts, which in most jurisdictions requires the participant to be of legal adult age. Accredited investor status, required for participation in certain of our capital markets activities, is itself predicated on legal adult capacity.

If you are under 18 years of age, you are not permitted to use our website, submit any form, subscribe to our newsletter, or register on any of our Platforms. Please do not provide personal information to Baron Meddy Financial through any channel.

If we become aware that we have inadvertently collected personal information from an individual under the age of 18, we will take immediate steps to delete that information from our systems. Parents or guardians who believe that a minor may have submitted personal information to Baron Meddy Financial are encouraged to contact us immediately at contact@baronmeddy.com to request deletion.

This Policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), applicable to online services directed at children under 13 in the United States, and with equivalent provisions under applicable international law.

Your Rights
Article 25
Your Rights Under CCPA (California Residents)

If you are a resident of the State of California, you have specific rights with respect to your personal information under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). These rights are in addition to any rights you may have under other applicable law.

As a California resident, you have the following rights:

  • Right to Know: You have the right to request that Baron Meddy Financial disclose what personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for which it was collected, the categories of third parties with whom it has been shared, and the specific pieces of personal information we hold about you.
  • Right to Delete: You have the right to request that Baron Meddy Financial delete personal information we have collected about you, subject to certain exceptions permitted under the CCPA, including information required for legal compliance, security purposes, or the completion of a transaction you have requested.
  • Right to Correct: You have the right to request that Baron Meddy Financial correct inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes for which it is processed.
  • Right to Opt Out of Sale or Sharing: As stated in Article 19 of this Policy, Baron Meddy Financial does not sell or share personal information for cross-context behavioral advertising. Accordingly, this right is not currently applicable to our data practices. Should our practices change, we will update this Policy and provide a prominent opt-out mechanism.
  • Right to Limit Use of Sensitive Personal Information: You have the right to direct Baron Meddy Financial to limit the use of sensitive personal information to uses that are necessary to provide the services you have requested, or as otherwise permitted under the CPRA.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. Baron Meddy Financial will not deny you services, charge you different prices, or provide a different level of service as a result of your exercising any right under the CCPA.

To exercise any of your CCPA rights, please submit a verifiable consumer request to us as described in Article 27 of this Policy. We will respond to your request within 45 days of receipt, with a possible extension of an additional 45 days where necessary.

Article 26
Your Rights Under GDPR (EEA, UK & Switzerland Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data under the General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (nFADP), as applicable:

  • Right of Access (Article 15 GDPR): You have the right to obtain confirmation of whether Baron Meddy Financial processes personal data about you, and if so, to receive a copy of that data along with information about the purposes of processing, the categories of data processed, the recipients of the data, the applicable retention periods, and your other rights under the GDPR.
  • Right to Rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data held about you, without undue delay.
  • Right to Erasure — "Right to Be Forgotten" (Article 17 GDPR): You have the right to request the deletion of your personal data where: (i) the data is no longer necessary for the purposes for which it was collected; (ii) you withdraw consent on which processing is based; (iii) you object to processing and there are no overriding legitimate grounds; (iv) the data has been unlawfully processed; or (v) deletion is required for compliance with a legal obligation.
  • Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances, including where the accuracy of the data is contested, where processing is unlawful and you oppose erasure, or where we no longer need the data but you require it for a legal claim.
  • Right to Data Portability (Article 20 GDPR): Where processing is based on consent or contract, and is carried out by automated means, you have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal data where such processing is based on legitimate interests or the performance of a task in the public interest. You also have the absolute right to object to the use of your personal data for direct marketing purposes, at any time and without providing justification.
  • Rights Related to Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects concerning you, except where such decision is necessary for entering into or performing a contract, is authorized by applicable law, or is based on your explicit consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or the location of the alleged infringement. In the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.
Article 27
How to Exercise Your Rights & Data Requests

To exercise any of the rights described in Articles 25 and 26 of this Policy, or to submit any other data-related request, you may contact Baron Meddy Financial through the following channels:

Data Rights Requests:
Email: contact@baronmeddy.com
Subject Line: "Privacy Rights Request — [Type of Request]"
Postal Address: Baron Meddy Financial Inc., 285 Fulton Street, New York, NY 10007
Response Time: Within 30 days (GDPR) / 45 days (CCPA) of receipt of a verifiable request.

To protect the security of your personal information and prevent unauthorized access to your data, we may require you to verify your identity before processing your request. Identity verification may include confirming your name, email address, and other identifying information that you previously provided to us. We will not process a request until we have verified the identity of the requester to a reasonable degree of certainty.

Requests will be processed free of charge, unless they are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or decline to act on the request. We will notify you of any applicable fees before processing your request.

Where a request involves the deletion or restriction of data that we are legally required to retain — such as KYC records, transaction records, or data subject to a legal hold — we will notify you of the specific legal or regulatory obligation that prevents full compliance with your request, and will restrict or delete all data that is not subject to such an obligation.

Where you have appointed an authorized agent to submit a request on your behalf, we may require written proof of the agent's authorization and verification of your own identity before processing the request.

Policy Administration
Article 28
Changes to This Policy & Contact Information

Baron Meddy Financial reserves the right to update, modify, or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, regulatory requirements, or the expansion of our services and Platforms. All updates to this Policy will be published on this page with a revised "Last Updated" date indicated in the page header.

The following process governs material changes to this Policy:

  • Material Changes: Where a proposed change materially affects how we collect, use, or share your personal information — particularly in ways that are less protective than those described in the current version of this Policy — we will provide advance notice of the change, either by email to active subscribers and registered users, or through a prominent notice on our website, no less than 30 days before the change takes effect.
  • Non-Material Changes: Changes that do not materially affect your rights or our obligations — such as typographical corrections, clarifications, or updates to reflect new platform names — will take effect immediately upon publication, without advance notice.
  • Continued Use: Your continued use of our website, Platforms, or services following the effective date of any update to this Policy constitutes your acceptance of the updated terms. If you do not agree with a material change to this Policy, you should discontinue use of our services and may request deletion of your personal data as described in Article 27.
  • Version Archive: Previous versions of this Privacy Policy are available upon written request, so that you may review changes made over time.

If you have any questions, concerns, or feedback regarding this Privacy Policy, our data practices, or your rights as a data subject, please do not hesitate to contact us:

Baron Meddy Financial Inc.
Attn: Privacy & Data Governance
285 Fulton Street, New York, NY 10007
Email: contact@baronmeddy.com
Website: www.baronmeddy.com

We are committed to resolving privacy concerns promptly and transparently. If you believe we have failed to address a privacy concern adequately, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction, as described in Articles 25 and 26 of this Policy.

This Privacy Policy was last reviewed and updated on January 1, 2026. Baron Meddy Financial Inc. All rights reserved.