Privacy Notice for California Residents

Sourcepoint, Inc. and its subsidiary Sourcepoint Fulfillment Services, Inc. (“we,” “our,” or “Sourcepoint”) respect your privacy and are committed to providing a transparent notice of our Privacy Notice and Disclosure for California Residents. This Privacy Notice and Disclosure for California Residents applies solely to those who reside in the State of California (“consumers” or “you”).

This Privacy Notice for California Residents supplements the information contained in our privacy policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

The CPRA effective January 2023, makes a distinction between “personal information” and “sensitive personal information.” “Personal information” is “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” “Sensitive personal information” includes anything that reveals an individual’s personal information, such as Social Security number, driver’s license number, state identification card, or passport number; “a consumer’s account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account” , “[a] consumer’s precise geolocation”; and “a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.” The data privacy protections for sensitive personal information are required to be more robust than those used to protect personal information.

The CPRA no longer includes the employee exception, which means that California employees, applicants, emergency contacts, beneficiaries, independent contractors, and members of boards of directors have the same rights as any other consumer. Employees may request that the company disclose to them the personal information collected on them and or request that this information be deleted or corrected. Employees may direct the company not to sell or share their personal information, and each employee has the right to limit the use of sensitive personal information. Employees have the right to access personal information and to know what personal information is old or shared and to whom.

Employers must provide notice of employees’ rights under the CPRA and give employees a way to tell the employer about their exercise of these rights. The employer has limited time to respond to a request and must properly document all responses.

Business to business transactions are now subject to the CPRA.

Effective Date: January 1, 2023

Last Review Date:  December 7, 2022

Your right to know

Your “Right to Know” about personal information collected, used, and disclosed including:

  • What categories of personal information we collect from you and the purpose for its collection
  • How we use those categories personal information
  • How we share the personal information you entrust to us
  • Transparency about or our commitment not to sell your data now or in the future Your “Right to Delete” personal
  • How to submit a verified consumer request for your Right to Know or Right to Delete
  • How to use an authorized agent to submit a verified consumer request
  • Your “Right to Non-Discrimination” for the exercise of a privacy right
  • Changes to our privacy notice
  • Our contact information

You have the right to request that the Company disclose what personal information it collects, uses, discloses, and sells. You can do this through a verified consumer request. That process is described below.

We collect personal information, which means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). The following table includes disclosures of the personal information we collect from consumers and have used in the past 12 months, followed by an explanation of the purposes for which it is collected and used, the categories of sources from which it was collected and categories of third parties with whom we share the personal information.

CategoryExamplesCollectedUsed in the past 12 months
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.
B. Personal Information
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. (Cal. Civ. Code § 1798.80(e)).
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial Information
Records of personal property or services purchased or considered.
E. Biometric Information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Cookies, browsing history, search history, information on a consumer’s interactions with a website, application, or advertisement.
G. Geolocation data
Approximate physical location or movements.
H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Please note that Personal Information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA’s scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994


How we obtain information

We obtain the categories of information listed above from the following categories of sources:

  • Directly from the individual, our clients, or their agents. For example, from electronic data file transfer that our clients provide to us related to the services for which they engage us.
  • Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
  • Directly and indirectly from activity on our websites. For example, from submissions through our website portal or website usage details collected automatically If you fill out a contact us form or other information you provide to us on our website or mobile applications.
  • If you interact with us on social media
  • From third parties that interact with us in connection with the services we provide.
  • From unaffiliated service providers who provide functionality and analytics regarding website and social media usage.

Personal Information disclosed for business purposes

We may disclose consumers’ personal information to third parties to perform the following activities

  • Auditing for legal and regulatory compliance
  • Security for detecting security breaches
    • Protecting against fraud and malicious activity
    • Take action against wrongdoers (e.g., fraudsters and hackers)
  • Debugging
    • Identifying and fixing technical errors
  • Performing services:
    • Account maintenance
    • Customer service
    • Processing transactions
  • Internal research to develop or demonstrate technology
  • Testing or improvement of any service or device “owned, manufactured, manufactured for, or controlled by” Sourcepoint and/or its parent companies, Firstsource Group USA, Inc. or Sourcepoint Limited.
  • To service providers who provide functionality and analytics regarding website and social media usage.
  • Cloud hosting
    • Information technology support


Right to access

Consumers have the right to request access to personal information. We have two (2) methods for submitting requests. Consumers can make this request for free, twice per year, Requests shall be sent to sourcepointccpa@sourcepointmortgage.com or by calling 1-800-736-2107 ext. 53107.

Upon receiving an access request, we will confirm receipt of the request from the consumer within ten (10) days of the request. We will provide the necessary information in a portable and easily accessible format, as requested by the consumer in a format feasible to us, within 45 days of the request. We will respond based on the personal information collected over the previous twelve (12) months.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

At the request of a consumer, we will include:

  • The categories of personal information we have collected about the consumer
  • The categories of sources of the consumer’s personal information
  • The business or commercial purpose for collecting the consumer’s personal information
  • The categories of any third parties with whom we share the consumer’s personal information
  • The specific pieces of personal information collected about the consumer

Please note that, in responding to your request, we are not permitted to disclose or provide you with your Social Security Number, Driver’s License Number, or other government issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.

Right to deletion

The consumer has a right to request the deletion of personal information that we hold on the consumer. This right does not apply where Sourcepoint or its service provider(s) needs to retain the personal information in order to do any of the following:

  • Provide goods or services to the consumer

Detect or resolve issues security or functionality-related issues

  • Comply with the law
  • Conduct research in the public interest
  • Safeguard the right to free speech


Sourcepoint will not discriminate against any consumer for having exercised their rights under the CCPA. Sourcepoint will not:

  • Deny the consumer goods or services
  • Denying benefits or impose penalties
  • Provide the consumer with a different level or quality of goods or services to the consumer
  • Threaten the consumer with any of the above

Selling consumer information

We do not sell consumer information and have not sold consumer information in the past twelve (12) months.

Changes to our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

Contact for more information

If you have any questions or comments about this notice, the ways in which we collect and use your information, your choices, and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at.

Phone: 1-877-399-1936

Website: https://www.stonehillgroup.com/contactus

Postal Address:

The StoneHill Group, Inc.
Attn: Client Services
1117 Perimeter Center West, Suite E-212
Atlanta, GA 30338

Sourcepoint Solutions in lieu of Sourcepoint, Inc. NMLS # 266274. This site is not authorized by the New York State Department of Financial Services. No mortgage solicitation activity or loan applications for properties located in the State of New York can be facilitated through this site.