web
You’re offline. This is a read only version of the page.
close
CapTraq
CapTraq

Privacy Policy

Effective Date: April 28, 2026  ·  Last Updated: April 28, 2026

AT A GLANCE FIT Solutions Corp operates CapTraq, a software platform for real estate sponsors and investors. We collect personal information you provide and information about how you use the Service. We use it to deliver and improve the Service, comply with law, and keep you informed. We do not sell your personal information. We work with vetted vendors (listed in Section 6) to operate the Service. AI processing is performed by Anthropic Claude under a contract that prohibits training on your data.

1. About This Policy

This Privacy Policy describes how FIT Solutions Corp, a Delaware corporation (“FIT Solutions,” “FitProTech,” “we,” “us,” or “our”), collects, uses, shares, and protects personal information when you use CapTraq, including the website at captraq.ai, the investor portal, sponsor admin tools, APIs, and related services (collectively, the “Service”).

This Policy applies to two groups of users:

  • Sponsor Users — real estate sponsors, GPs, syndicators who use CapTraq to manage capital raises and investor relationships.
  • Investor Users — limited partners and accredited investors who access CapTraq by invitation from a Sponsor User.

CapTraq is currently available only to users located in the United States. This Policy does not address rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, or other non-US privacy laws. If you are located outside the US, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account, use the Service, or communicate with us, you may provide:

Identity and contact information:

  • Name, email address, phone number, and mailing address;
  • Account credentials (username, password hash);
  • Profile photo and biographical information you choose to add.

Authentication information:

  • Tokens and identifiers from third-party SSO providers (Microsoft, Google, LinkedIn) when you choose to sign in via those services;
  • OAuth claims provided by these identity providers, such as your name, email, and verified email status.

Investment and entity information (Investor Users):

  • Names and identifying details of the investing entity (Individual, LLC, Trust, IRA, LP, etc.);
  • Tax identification numbers (SSN, EIN) where required for K-1 issuance and regulatory reporting;
  • Investment history, commitments, capital contributions, and distributions;
  • Bank account details collected through Plaid for ACH transactions;
  • Beneficial ownership and signatory information;
  • Communications with Sponsor Users sent through the Service.

Compliance information:

  • Accreditation verification documents (W-2s, tax returns, brokerage statements, attorney/CPA letters, or third-party verification reports);
  • Anti-money laundering (AML) and know-your-customer (KYC) information collected through Sponsor User workflows;
  • Government-issued identification where required for accredited investor verification.

Sponsor business information (Sponsor Users):

  • Company name, legal entity, EIN, address, and authorized signatory information;
  • Deal data, including offering documents, pro formas, waterfalls, and property details;
  • Investor lists, communications, and uploaded documents;
  • Branding assets (logos, colors) for white-label investor portals.

Payment information (Sponsor Users on paid plans):

  • Payment method details processed through our payment processor (we do not store full credit card numbers);
  • Billing address, invoice history.

Communications:

  • Messages sent to support, sales, or other contacts;
  • Survey responses, feedback, and beta program submissions.

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

Device and usage data:

  • IP address, browser type and version, operating system, device type;
  • Pages visited, time spent, clicks, referring URL;
  • Session timestamps, login attempts, security events.

Cookies and similar technologies:

  • Authentication cookies to keep you signed in;
  • Functional cookies to remember your preferences;
  • Analytics cookies to understand aggregate usage patterns.

You can configure your browser to refuse cookies, but core authentication features may not work without them. Section 9 describes our cookie practices in more detail.

2.3 Information from Third Parties

We may receive information about you from:

  • Identity providers (Microsoft Entra External ID, Google, LinkedIn) when you authenticate via SSO;
  • Plaid when you connect a bank account for ACH transactions;
  • DocuSign when you execute subscription documents through our integration;
  • Dwolla when you initiate or receive ACH payments;
  • Sponsor Users about their Investor Users (and vice versa, where appropriate);
  • Public business databases for fraud prevention and AML screening.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service;
  • Authenticate your identity and protect your account;
  • Process subscription payments and manage your account;
  • Enable Sponsor Users to manage their capital raises, investor portals, and ongoing operations;
  • Enable Investor Users to view their investments, sign documents, and receive distributions and tax documents;
  • Generate AI-assisted outputs you request, such as quarterly investor reports;
  • Communicate with you about your account, the Service, security alerts, and product updates;
  • Provide customer support and respond to your inquiries;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Comply with legal obligations, including tax reporting, securities regulations, AML/KYC requirements, and lawful requests from government authorities;
  • Improve and develop the Service through aggregate, de-identified analytics;
  • Enforce our Terms of Service and protect our rights and the rights of others.

4. Legal Basis for Processing

We process your personal information based on:

  • Performance of a contract — to deliver the Service you signed up for;
  • Legitimate interests — to operate, secure, and improve the Service in ways that do not override your privacy interests;
  • Legal obligation — to comply with tax, securities, AML, and other applicable laws;
  • Consent — where you have given specific consent (which you may withdraw at any time).

5. How We Share Information

5.1 Sharing Within the CapTraq Service

CapTraq is built around a Sponsor-Investor relationship. By using the Service, you understand:

  • Sponsor Users can see information about Investor Users who participate in their offerings, including identity, entity details, investment history, distributions, accreditation status, and uploaded documents;
  • Investor Users can see information about Sponsor Users hosting offerings they participate in, including the Sponsor User’s branding, deal information they choose to share, and communications;
  • Investor Users do not see information about other Investor Users in the same offering unless the Sponsor User explicitly chooses to share it;
  • FitProTech enforces these access boundaries through technical and administrative controls.

If you are a Sponsor User, you act as the data controller for the personal information of your Investor Users. You are responsible for providing your own privacy notices to your investors as required by law.

5.2 Service Providers

We share information with vendors who perform services on our behalf, under contracts that require them to protect your information and use it only for the services we engage them to provide. Our key service providers are listed in Section 6.

5.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or government request;
  • Enforce our Terms of Service or investigate violations;
  • Protect the rights, property, or safety of FitProTech, our users, or the public;
  • Detect, prevent, or address fraud, security, or technical issues.

5.4 Business Transfers

If FitProTech is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, your information may be transferred to the successor entity or acquirer. We will notify you of such transfer and any material changes to this Policy.

5.5 With Your Direction

We may share information at your direction — for example, when you connect a third-party tool, share an investor portal link, or invite a colleague to your account.

5.6 We Do Not Sell Your Personal Information

FitProTech does not sell personal information for monetary or other valuable consideration.

6. Third-Party Service Providers

CapTraq relies on the following service providers. Each handles your information under a written agreement that limits their use to providing services to FitProTech.

Cloud infrastructure:

  • Microsoft Azure (US data centers) — hosting, storage, networking, identity (Microsoft Entra External ID);
  • Microsoft Power Platform / Dataverse — application platform underlying CapTraq.

AI processing:

  • Anthropic (Claude API) — AI-generated quarterly reports, document summarization, and other AI-assisted features. Anthropic’s commercial terms prohibit training their models on customer-submitted data.

Authentication:

  • Microsoft — single sign-on via Microsoft Entra External ID;
  • Google — single sign-on for users who choose Google;
  • LinkedIn — single sign-on for users who choose LinkedIn.

Document execution and payments:

  • DocuSign — electronic signature on subscription agreements and other deal documents;
  • Dwolla — ACH payment processing for capital movements;
  • Plaid — bank account verification and connection.

Operational tools:

  • Email delivery providers for transactional notifications;
  • Customer support and helpdesk tools;
  • Analytics and product telemetry.

This list may evolve as the Service grows. We will update this Policy when we add or remove material service providers.

7. Data Retention

We retain your information only as long as necessary to:

  • Provide the Service to you;
  • Comply with our legal obligations (including tax, securities, and AML record retention, which may require seven years or longer);
  • Resolve disputes and enforce our agreements;
  • Maintain audit trails and security logs.

Specific retention practices:

  • Account information: retained while your account is active and for a reasonable period after closure;
  • Investment and capital flow records: retained per applicable securities and tax record retention rules (typically at least seven years);
  • Accreditation documents: retained per Sponsor User regulatory requirements (typically five years from offering close);
  • Communications and support records: retained for up to three years after resolution unless extended by legal hold;
  • Security logs and audit trails: retained for up to two years.

After retention periods expire, we delete or de-identify the information. De-identified data may be retained indefinitely for analytics and product improvement.

8. Your Rights and Choices

8.1 Access and Correction

You may access and correct most of your personal information through your CapTraq account settings. For information not directly accessible, contact us at privacy@fitprotech.ai and we will respond within a reasonable timeframe.

8.2 Deletion

You may request deletion of your account and personal information by contacting privacy@fitprotech.ai. We will delete information that is not subject to a legal retention obligation. Information we are required to retain (such as transaction records under securities and tax laws) will be retained for the required period and then deleted.

If you are an Investor User, certain information may also be retained by your Sponsor User as the data controller of investor records under applicable law. We will work with you and the Sponsor User as appropriate.

8.3 Data Portability

You may request an export of your account data in a commonly used format. Contact privacy@fitprotech.ai for portability requests.

8.4 Marketing Communications

You may opt out of marketing emails by following the unsubscribe link in any marketing email or by emailing privacy@fitprotech.ai. Transactional and account communications (security alerts, billing notices, distribution notifications) cannot be opted out of without closing your account.

8.5 California, Virginia, Colorado, Connecticut, and Other State Rights

Residents of certain US states have additional rights under state privacy laws (such as the California Consumer Privacy Act, Virginia CDPA, Colorado CPA, Connecticut CTDPA, and others). These rights may include:

  • Right to know what personal information we have about you;
  • Right to request deletion of personal information;
  • Right to correct inaccurate personal information;
  • Right to opt out of “sale” or “sharing” for cross-context behavioral advertising (we do neither);
  • Right to non-discrimination for exercising these rights.

To exercise these rights, contact privacy@fitprotech.ai. We will verify your identity before responding. You may designate an authorized agent to make a request on your behalf, subject to verification.

9. Cookies and Tracking

CapTraq uses cookies and similar technologies for:

  • Authentication — to keep you signed in across pages;
  • Security — to detect fraud and protect against unauthorized access;
  • Functionality — to remember your preferences;
  • Analytics — to understand aggregate usage patterns and improve the Service.

We do not use cookies for cross-site advertising or behavioral profiling. You can control cookies through your browser settings, though disabling authentication cookies will prevent you from using the Service.

10. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption in transit (TLS 1.2 or higher) for all communications;
  • Encryption at rest for stored data;
  • Microsoft Entra External ID for identity and access management;
  • Role-based access controls within our team and within the Service;
  • Audit logging of access to sensitive data;
  • Vendor security review for all service providers handling personal information;
  • Regular security testing and patching.

FitProTech is pursuing SOC 2 Type 2 certification. While we work toward this and other compliance milestones, we cannot guarantee that any system is perfectly secure. No method of transmission or storage is 100% secure.

If you believe your account has been compromised, contact us immediately at security@fitprotech.ai.

11. Breach Notification

In the event of a security incident affecting your personal information, we will notify you and applicable regulators in accordance with applicable law. Notification will describe the nature of the incident, the categories of information involved, the steps we are taking, and recommended actions you can take.

12. Children’s Privacy

CapTraq is not directed to or intended for children under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a child under 18, we will delete it. If you believe a child has provided us with personal information, contact us at privacy@fitprotech.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated Policy with a new “Last Updated” date. For material changes, we will provide additional notice through the Service or by email. Your continued use of the Service after the effective date of the updated Policy constitutes acceptance of the changes.

14. Contact Us

Questions about this Privacy Policy or our privacy practices should be sent to:

FIT Solutions Corp
Attn: Privacy
Email: privacy@fitprotech.ai

Security incidents: security@fitprotech.ai
Legal correspondence: legal@fitprotech.ai

© 2026 FIT Solutions Corp. All rights reserved.
captraq.ai · Build It. Fund It. Manage It.