Privacy Policy & Cookies

This Privacy Policy has been written in accordance with the applicable law. In order to provide you with the highest level of transparency and protection, we have stipulated provisions that are fully compatible with the principles of the EC Regulation No. 2016-679 of 27 April 2016 on general data protection (GDPR), which came into force on 25 May 2018, and which are applicable in all European countries.

This Privacy Policy describes how Quotanda collects, uses and discloses information, and what choices you have with respect to the information.

When we refer to “Quotanda”, “we”, “us” or “our”, we mean the Quotanda entity that acts as the controller or processor of your information.

All references to ‘Quotanda,’ ‘we,’ or ‘us’ under the Agreement, what law will apply in any dispute or lawsuit arising out of or in connection with the Agreement, and which courts have jurisdiction over any such dispute or lawsuit, depending on where the Customer is domiciled.


Quotanda Contracting Entity

Governing Law


United States & Canada

Quotanda LLC




Quotanda Loans SL



Rest of the World

Quotanda Mexico SAPI de CV


Mexico City

Information We Collect & Receive

Registration and Contact Information. We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via our chat service. This information you provide may include first and last name, email address, mailing address or phone number.

Personal Information. In order to fulfil our contractual and legal obligations (Fraud, AML, KYC) we collect information about you to enable us to verify your identity including ID and TAX ID numbers as well as existing debt and savings information.

Banking Information. We also collect certain banking information for verification purposes. When you fill-out an application or agree to a deferred payment plan, we may ask you to provide data including a list of your banking transactions, current balance, address, and identity confirmation.

Technical, Usage and Location Information. We automatically collect information on how you interact with, such as the IP address from which you access, date and time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device. We use cookies and similar technologies to collect some of this information. For more information, please see Quotanda’s Cookie Policy.

We also collect information relating to applicant education, work experience, photo identification. This information is collected to fulfil our contractual & legal obligations with our partner institutions.

We may collect other information from you that is not specifically listed here. We may use any such information in accordance with this Privacy Policy or as otherwise permitted by you.

How We Use Your Information

We process personal data about you either with your consent or in order to:

  • Fulfill our contractual responsibility to deliver the services to you;
  • Fulfill our legal obligations relating to fraud, anti-money laundering and identity verifications
  • To pursue Quotanda’s legitimate interests of:
    • improving service experience; and
    • developing new products and service features.

This may include keeping some information after you have deactivated your account for the period of time required for Quotanda to conduct audits, comply with legal obligations, resolve disputes and enforce our contracts.

We also process your contact information data to send emails and other communications. Quotanda will never send you unsolicited communications. There are some messages (“Service Messages”) that we will need to send you. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our services and important services-related notices, such as security and fraud notices. These communications are considered part of the services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Quotanda. These are marketing messages so you can control whether you receive them.

We, as Data Controller, may also use your Personal Information in the below ways:

  • to identify, prevent, detect or tackle fraud, money laundering and other crime;
  • to carry out regulatory checks;
  • to update your records;
  • to assess lending and insurance risks;
  • to arrange, underwrite and administer insurance and handle claims;
  • keeping you informed about your lending or borrowing.

In addition:

  • Law enforcement agencies may access and use this Information.
  • We and other organisations may also access and use this Information to prevent fraud and money laundering, for example, when:
    • checking details on applications for credit and credit-related or other facilities
    • managing credit and credit-related accounts or facilities
    • recovering debt
    • checking details on proposals and claims for all types of insurance
    • checking details of job applicants and employees
  • We and other organisations may access and use from other countries the Information recorded by fraud prevention agencies.

Information We Share

Personal Information

We will keep your Personal Information confidential and only disclose it to third parties in the following events:

  • if you ask us to or give us your permission to do so;
  • to a credit reference agency to check your identity and to prevent fraud (they will also keep a record of your request and use it whenever anyone applies to be authenticated in your name);
  • to our payment partners, agents, and subcontractors, acting for us or for Lenders, to use for the purpose of operating the Lending Platform and obtaining payment;
  • to investigate, prevent or detect fraud or carry out checks against money laundering;
  • to trace debtors and recover debt;
  • to meet our obligations to any relevant regulatory authority or taxing authority;
  • if we have to by law, the law allows it, or it is in the public interest;
  • if all of the assets which we use to operate the Lending Platform (or substantially all of them) are acquired by a third party, we may transfer Personal Information we hold to that party so that the acquirer can continue to operate the Lending Platform.
Contacting Other Customers
  • We do not disclose your Personal Information to any other Quotanda Customers or Partners unless it is necessary to enforce any of your Legal Contracts. If you receive such Information, you are not permitted to use it directly, other than in communication with us about your Legal Contracts.
  • You agree that, in the course of generating and managing your Legal Contracts, and operating your account, the Lending Platform will need to send to Lenders and their assignees or the Borrower or Co-signer of financial aid with Quotanda or one of the organizations where Quotanda software powers financial aid, as the case may be, certain transactional Information (for example, unique identifier, loan amount and Repayment details) but not your payment details. We will not be liable for any use or misuse of the transactional data by others, but you must inform us of any misuse of the Lending Platform of which you are aware.
Payment Information

Students make payments via Direct Debit ACH transfers. When you authorise a payment, any bank account or credit card information you provide as part of your Payment Information is collected and processed directly by our payment partner(s) Transferwise or Paypal through their Checkout services. We never store your full bank account or credit card information. These providers, may use your Payment Information in accordance with their own Privacy Policies, link(s) are below:

Third Party Service Providers

Quotanda currently uses third party subprocessors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party Subprocessor, Quotanda performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations. Information of our current subprocessors is listed here:

Salesforce, Inc. To host customer data or provide other infrastructure that helps with delivery of our Services. Information about how Salesforce complies with privacy and data protection regulations can be found

Olark Services. To provide customer support and email notifications. We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Olark, Inc. (“Olark”) and utilize Olark to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Olark analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information visit

Transferwise. Our Payment Service Providers (an intermediary between users and Quotanda for all payments). More information is in the ‘Payment Information’ section above.

Data Retention

We will retain your data if;

  • You are an active borrower of financial aid with Quotanda or one of the organizations where Quotanda software powers financial aid, we will retain your information for the duration of your account being active plus an additional 36 months from deactivation – to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
  • You are a registered user without an active product – 36 months from registration date

Monitoring and Recording

We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.


We enter into confidentiality and data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices. In addition:

  • We use SSL (Secure Sockets Layer) to securely establish an encrypted connection between our users web browser and our web server. This allows the user data to remain private as it gets transferred to our servers.
  • We use cryptography to protect users confidential data.
  • Users data is held on secure platforms such as Salesforce which follow strict security procedures.
  • Access control and user groups are used to restrict access to user data. Only qualified individuals are given access to certain data.
  • Auditing is used to monitor change in users data. This allows us to keep track of users data.

Transfer outside the European Union

We may transfer your Personal Information abroad to countries whose information protection laws are less strict than in the European Union. If so, we will ensure the Information is held securely to standards as least as good as those in the European Union and only used for the purposes set out in this clause.

Your Rights (Accessing Your Information)

Individuals located in certain countries, including the US and Europe, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. This is called a ‘subject access request’ and you can make this request in writing by contacting us at

Changes to the Privacy Policy

Quotanda may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Quotanda will send a notice of this change to all of our users.

Data Protection Authority

Subject to applicable law, you also have the right to (i) restrict Quotanda’s use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority or the Information Commissioner’s Office, which is Quotanda’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority: Spanish Data Protection Agency (Agencia Española de Protección de Datos) 

Contacting Quotanda

Please feel free to contact Quotanda if you have any questions about this Privacy Policy or Quotanda’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at

Cookie Policy

Our Cookie Policy forms part of our Privacy Policy

Quotanda uses cookies to improve the performance of our website and service and give you a better experience. This Cookie Policy explains what types of cookies we use, why, and how to identify and delete them.

Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our web site and service.

What are cookies?

Cookies are small text files, which are stored on your computer, mobile or tablet when you visit websites. The cookies we use can’t harm your computer and we don’t ever store sensitive data, such as bank details, in cookies.

Cookies serve many functions but in general cookies on the website are used to:

  1. recognise you next time you visit so we can provide you with relevant information about Quotanda
  2. identify errors or poor performance of the website

What cookies does Quotanda use?

Essential cookies. Some cookies are essential for the operation of the website. These cookies allow us to keep you signed in so you can move through the various parts of the system without having to continually enter your details. Without them, users would not be able to sign in. These cookies don’t gather any information about you that could be used for marketing or remembering where you have been on the internet.

Performance Cookies. ‘performance’ cookies collect information about how you use the website e.i. which pages you visit, and if you experience any errors. These cookies don’t collect any information that could identify you – all the information collected is anonymous and is only used to help us improve how the website works, understand what interests our users and measure how effective our advertising is. Some of the performance cookies we use are issued as part of services provided by selected third parties, like Google Analytics.

Functionality Cookies. ‘Functionality’ cookies are used to provide services or to remember settings to improve your visit to the website.

Targeting Cookies. ‘Targeting’ cookies are linked to services provided by third parties, such as ‘Like’ buttons and ‘Share’ buttons for social network services. Targeting Cookies are used to link to social network services, which may subsequently use information about your visit to target advertising to you on other websites.

You can control whether or not these cookies are used but preventing them may stop us from offering you some services. Third parties manage all of these cookies, and you may alternatively use the third parties’ own tools to prevent these cookies.

3rd Party Cookies:

How to disable Cookies

If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how. Alternatively, you may wish to visit or wikiHow – Clear your browser cookies which contain information on how to do this.

In compliance with the provisions of the Federal Law on Protection of Personal Data Held by Individuals (LFPDPPP) QUOTANDA MÉXICO SAPI DE CV, makes available the following Privacy Notice:

Responsible for the protection and treatment of your Personal Data

QUOTANDA MÉXICO SAPI DE CV, hereinafter “Quotanda”, domiciled at The Pool, Goldsmith 40, Polanco, Miguel Hidalgo, CP 11550, Mexico City, Mexico.

Means of obtaining Personal Data

The personal data that Quotanda obtains from you will be used only for the purposes described in this privacy notice and may be collected directly, because you enter your data using the online services through the page

For what purposes will we use your personal data?

Your personal data will be collected for the following main purposes that are necessary for the service you request:

  • Create a Score to determine the approval or not of the credit request.
  • The granting of credits for studies.

Additionally, we will use your personal information for advertising, promotional purposes, as well as for the organization of events and contests.

The refusal to use your personal data for these purposes may not be a reason for us to deny you the services and products that you request or contract with us.

Personal data to be processed

To carry out the purposes described in this Privacy Notice, we will use the following personal identification data: full name, surname, RFC, CURP, telephone number, signature, image, marital status, academic data, email, address, age, nationality, labor data.

Patrimonial and financial data

By virtue of the professional services offered by Quotanda, and in order to guarantee the maximum efficiency and quality in the provision of the same, it is necessary to collect financial and patrimonial data from our clients, for which we will require your consent. express at the end of this notice.

Sensitive personal data

Quotanda does not collect sensitive personal data regarding its clients.

Data transfer, national and international

By virtue of the provisions of articles 36 and 37 of the LFPDPPP, your personal data may be transferred and / or shared to:

  1. Controlling companies, subsidiaries or affiliates under the common control of Quotanda, a parent company or any company in the same Quotanda group that operates under the same internal processes and policies.
  2. When the transfer is necessary by virtue of a contract concluded or to be celebrated in the interest of the owner, by the person in charge and a third party.
  3. When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the controller and the owner.

It is important to note that the third parties to whom your personal data is transferred will be bound in the same terms of this Privacy Notice and will comply with the corresponding security and confidentiality measures.

Either way, we undertake not to transfer your personal information to third parties without your consent, except as provided in Article 37 of the LFPDPPP and to make this transfer in the terms established in the Act.

Exercise of ARCO Rights

Article 28 of the LFPDPPP grants you four rights to exercise:

  • The owner has the right to Access their personal data held by the person in charge and to know the Privacy Notice.
  • The owner has the right to rectify their data in case they are incorrect, incorrect or out of date.
  • The owner has the right to Cancel their personal data when they consider that they are not being used for the fulfillment of the purposes established in this Privacy Notice.
  • The owner has the right to Oponersand the treatment of their personal data regarding any of the purposes established in this Privacy Notice.

Mechanisms for the exercise of the ARCO Rights and Revocation of consent for the treatment of your data

To exercise your rights of Access, Rectification, Cancellation and Opposition or your right to revoke the consent for the treatment of your personal data, you must fill out and send the ARCO RIGHTS EXERCISE FORMAT, which can be downloaded at the following link, which must be sent to Quotanda through the following email:, or direct the physically format to the following address: The Pool, Goldsmith 40, Polanco, Miguel Hidalgo, CP 11550, Mexico City, Mexico, with attention to the Department of Protection of Personal Data, or you can submit your request in writing and in Spanish and complying with the requirements indicated in article 89 of the LFPDPPP regulation. For more information, you can contact the Quotanda Department of Personal Data Protection directly at: +525511638636.

For the origin of the exercise of your ARCO Rights you must prove the ownership of your ARCO rights or the representation with respect to the owner through the presentation of a copy of your identification document and the exhibition of the original for comparison, or those instruments established in article 89 of the LFPDPPP regulation.

Quotanda will follow up on your request within a period of 20 business days from the receipt of said format or request, with the complete documentation, to inform you of its provenance. If applicable, Quotanda will have a maximum period of 15 working days to make effective its ARCO right.

Right to revoke your consent for data processing

Article 8 of the LFPDPPP, provides for the possibility of revoking the consent granted for the processing of your personal data. To revoke it, you can request it using the same mechanism and procedure for the exercise of the ARCO Rights provided in this notice. However,

Quotanda informs you that keeping your personal data in its database will allow you to better understand your needs based on your history and thereby offer you a better service on your future reservations.

Measures to protect your information and to limit the use or disclosure of your personal information

Your Personal Information will be protected under strict confidentiality and to reasonably prevent the use or improper disclosure of it, we have implemented physical, technical and administrative security measures in accordance with the Federal Law on Protection of Personal Data Held by Private Parties and other applicable regulations.

In particular, we have a privacy policy, training courses, restricted access to personal information only to authorized users, privacy officers, an inventory of personal data (duly classified by data category), treatment systems, analysis of contractual risks and clauses.

In order for you to limit the use and disclosure of your personal information, we offer you the option of registering in the Public Registry to avoid Advertising (REPEP), which is in charge of the Federal Consumer Attorney, in order that your personal data is not used to receive advertising or promotions from companies of goods or services. For more information on this registration, you can consult theInternet portal PROFECO, or contact it directly.

Use of cookies

We inform you that on our website we use cookies that collect only information from browsing that users do anonymously, thus not treating personal data.

Modifications to this privacy notice

Quotanda may make modifications or updates to this Privacy Notice at any time.

The modifications or updates that are made will come into effect at the time they are published on the website onits affiliated sites or in any means of communication that you use to publish it, so it is recommended that you continue to review. If you do not expressly oppose this notice and its updates, it is understood that you have granted your tacit consent in terms of article 8 of the LFPDPPP.