M Financial Group
Privacy Policy

Effective Date: 10/23/2020
Revised: 05/15/2025

About M Financial Group

M Financial Group is a private corporation with multiple wholly owned subsidiary companies. This Privacy Policy governs the parent corporation, and all subsidiaries as listed below.

Hereafter referred to collectively as “M Financial Group”, “We”, “Our” or “Us”.

About This Policy

At M Financial Group, We respect your privacy, and We are committed to securing and protecting your personal information. This privacy policy describes how M Financial Group, including its subsidiary and affiliated companies, collect, store, share, and secure your information on Our websites and applications.

M Financial Group is a premier organization serving elite providers of financial solutions for high-net-worth individuals and successful businesses. Our business requires Us to collect a significant amount of personal information from you to operate, manage, and maintain your accounts and Our business. 

Our privacy notices, issued to consumers who are seeking to purchase Our products or services, describe your rights, and the choices available to you, such as limiting the sharing of your personal information for marketing purposes. A sample privacy notice is provided as part of this policy.

We collect information from you in the following ways:
  1. We collect the information you provide to Us either directly or indirectly through insurance producers, securities brokers, or investment advisors when you apply for Our products or services;
  2. We collect information about you from third parties, such as service providers or credit reporting agencies; and 
  3. We collect information from you automatically through your use of Our websites or applications, such as through cookies and similar technology.

We use and disclose your personal information to provide you with products and services, to communicate with you, to provide you with customer service, to market Our products and services to you, to develop or improve Our products and services, for legal or compliance purposes, or as required or permitted by applicable law.

This privacy policy is applicable on any website or application on which it is posted. Please note that additional privacy notifications may be presented to you as necessary when servicing your business needs, as required by law.

Applicability

This Privacy Policy is applicable to any non-public personal information that We collect from any natural person for the purpose of purchasing Our products or services for individual or household use. This policy is not applicable for natural persons acting in a commercial context or employment context. For example, this Privacy Policy is not applicable to employers establishing or acquiring employee benefit plans for the benefit of their employees.

Processing of your personal data

Processing of your personal dat

We Collect Information Through Our Websites and Apps.

We collect the information you provide when you use Our websites or apps. This may include, but is not limited to, your use of the following: 

We Collect Information When You Apply for Products or Services.

When you apply for products and services, We collect your personal information, either directly, or indirectly through securities brokers, investment advisors, or insurance producers. In some cases, the information requested is required by law to verify your identity or to comply with anti-money laundering and anti-terrorism regulations. Examples include:

We may collect information about you, a co-applicant (co-owner) when you request securities products, or a beneficiary when you or they apply for an insurance policy or service.

Reinsurance

M Financial Group includes a subsidiary reinsurance company (M Life Re) that may request your medical records to conduct underwriting and actuarial activities. If M Life Re requests your medical records, you will be asked to complete an Authorization for Release of Health-Related Information, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The authorization form will inform you who your Personal Health Information (PHI) will be shared with, and the specific purposes for which your PHI will be used.

We Collect Information from Third Parties.

We may collect additional information about you from third parties. For example, We may:

Information received from other sources is used solely for the purpose of providing and maintaining products purchased by you, providing customer service to you, or to comply with applicable laws and regulations.

We Collect Information Automatically

We may collect information automatically using online technologies such as cookies, logs, tags, scripts, local storage, and others when you use Our websites or apps, send Us an email, or interact with Our emails. We limit Our use of these technologies. We use this data to improve the performance of Our website, control security access, data security authentication, for fraud detection, or similar purposes. We may collect your IP address as part of Our cybersecurity protection protocols, but We do not use your IP address for marketing purposes.

You Can Control Cookies

You may choose to allow or disable cookies which are not required for Our sites to function. If you clear cookies on your web browsers or devices, you may need to set your cookie preferences again on your next visit to Our website(s). Cookies used on Our website(s) do not contain personal information about you. You can use your browser settings to limit the use of cookies, although doing so may limit the performance of Our website(s). We will retain cookies for 14 months from the date of your most recent visit to Our website(s).

We Use Google’s Services

We use Google Analytics and its companion product, Google Tag Manager. Google stores cookies on their website to enable Google’s analytic tools to provide helpful data to website owners about how you use their website. Data sent and retained by Google include your granular geolocation (city data), and your IP address. 

We do not sell, share, or rent your location or IP address to nonaffiliates.

You can view Google’s Privacy Policy here:  Safeguarding your data - Analytics Help

Sharing of Your Personal Data

Third-Party Vendors

We may engage third-party vendors to provide services to Us on your behalf, including IT services, securities clearing vendors, and IT service providers. 

Third-party vendors who are granted access to, or with whom We share your personal information, are required to agree, as part of their contractual obligations, to comply with all federal and state privacy laws, as applicable, including data protection measures that are appropriate for the sensitivity of the data being accessed by them or shared with them. They are prohibited from sharing your information, without express permission, and they must honor any opt-out request submitted by you, immediately upon your request being communicated to them by Us.

We conduct an extensive due diligence of every third-party vendor, and We verify their data security credentials, as appropriate.

Sharing Your Data for Marketing Purposes

We do not share, sell, or rent your personal data to any nonaffiliates for marketing purposes. 

We do share your personal data with Our affiliates (affiliates include investment advisors, insurance producers, or securities brokers) to market Our products and services to you, or to provide you with customer service. The Privacy Notice provided to you will include information about your choices for opting out of sharing, and instructions on how to contact Us to inform Us of your opt-out request.

Sharing Your Data for Legal Purposes

In certain circumstances, state or federal law requires that We share your personal information with other organizations such as:

How Your Data is Secured and Stored

We employ multiple levels of data security to ensure your data is safe from unauthorized disclosure, loss, or alteration, including:

User access is granted based on the user’s role, ensuring access to the minimum amount of data necessary to perform job functions. 
We will retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected. Due to the nature of the products and services We provide, We are required, by law, to maintain certain information for up to 10 years after your business relationship with Us is terminated. We maintain a detailed record retention schedule that identifies Our regulatory record retention requirements.

Your Rights

When you purchase goods or services from us, you become Our customer and you will receive a Privacy Notice that outlines your rights under the Privacy laws that are applicable to Us and the product or service you are purchasing from us.

We do not sell or rent your personal data to anyone that is not affiliated with Our organization; however, there are certain circumstances that We will share your personal information with non-affiliates. You have the right to opt out of sharing for the purposes outlined in the Privacy Notice you receive.

Children and Minors

Our products and services are not intended for ownership by individuals under the age of eighteen (18). 

In some cases, individuals as young as age seventeen (17) may be insured by a life insurance policy, which requires Us to collect personal information about the minor. In the case of a minor who is insured (not the owner of a life insurance policy), the parent or guardian would be required to consent to the collection of the minor’s personal information.

No individual under the age of 17 should submit or post information through Our website(s). We do not knowingly collect personal information from persons under the age of 17. If We become aware or suspect that you are under the age of 17, any information you submit will not be used or retained by us.

Your Data Outside the United States

We do not transfer or transmit your personal information outside the United States. 

If We determine there is a business need to transfer or transmit your personal information to a party outside the United States, We are required to notify you. Our notification must inform you about the information We are transferring/transmitting, who We are transferring/transmitting your information to, the purpose for which the data will be used, and the country your data will be transferred/transmitted to. You will also be given a minimum of 30 days to contact Us to opt-out of your data being transferred/transmitted.

If We transfer your data outside the United States, We are required to ensure your data is protected and provide you with notification of your rights under the corresponding data protection and privacy laws in the applicable jurisdiction, most notably the General Data Protection Regulation (GDPR) in European Union participating countries.

Your Right to Notify Us

If you have reason to believe that We failed to notify you of Our Privacy Policy, to provide you with a Privacy Notice at the appropriate time, or have questions, please contact us at Privacy@mfin.com. We will provide you with the necessary documentation and ensure that your opt-out preferences are honored immediately.

Privacy Laws that Apply to M Financial Group

M Financial Group is subject to the following privacy laws in the United States:

Although seventeen (17) states have passed comprehensive privacy laws and implementing regulations, M Financial Group is exempt from all state level privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights and Enforcement Act (CPRA).

However, We remain committed to the protection of your personal information and will honor requests from consumers to opt-out of sharing in certain circumstances, as detailed in the Privacy Notice you receive when you purchase product or services from Us. 

Contact Us

You can contact the Privacy Officer by phone at (800) 565-6960.

You can email Us at Privacy@mfin.com.

You can send your written request to:

M Financial Group
Attn: Privacy Officer
1125 NW Couch St. Ste. 900
Portland, OR 97209-4129

Sample Privacy Notice
Facts
What Does M Financial Group, Inc. ("MFG") Do with your Personal Information?
Why?
 Insurance Holding Companies and Insurance Agencies choose how they share your personal information. Federal and state laws give consumers the right to limit some but not all sharing. Federal and state laws also require us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?
The types of personal information we collect and share depend on the product or service you have with us. This information can include your name along with:
  • Social security number 
  • Driver’s license and other government identification numbers
  • Contact information (such as physical and email addresses)
  • Signature information
  • Employment or professional information

How?
All insurance holdings companies and insurance agencies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons MFG chooses to share; and whether you can limit this sharing. Please note that we do not sell any personal information as part of our business.
Reasons We Can Share Your Personal Information
Does MFG Share?
Can You Limit This Sharing?
For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, to fulfill our regulatory obligations, report to credit bureaus, resolve customer disputes, or for institutional risk control.
YES
NO
For our marketing purposesto offer our products and services to you. 
NO
We don’t share
For joint marketing with other financial companies
NO
We don’t share
For our affiliates’ everyday business purposes—information about your transactions and experiences.
YES
NO
For our affiliates’ everyday business purposes—information about your creditworthiness.
NO
We don’t share
For our affiliates to market to you
YES
NO
For nonaffiliates to market to you
NO
We don’t share
For nonaffiliates’ everyday business purposes
MFG may share your personal information with the Insurance Professional servicing your account, a nonaffiliate with which the Insurance Professional is associated and/or the employees or independent contractors of such nonaffiliate to facilitate the servicing of your account. MFG may share your personal information with nonaffiliates in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of our business or operating unit.
YES
YES
To Limit Our Sharing
  • Call us at (800) 656-6960, between the hours of 8 a.m. and 5 p.m. Monday through Friday. 
  • Write to us at M Financial Group, ATTN: Corporate Privacy Officer, 1125 NW Couch Street, Suite 900, Portland, OR 97209. The request should include your name, address, and account number.
Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing as described in this notice.
Questions
Call M Financial Group at (800) 656-6960
 
What We Do
How does MFG protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal and state law. These measures include computer safeguards and secured files and buildings. We restrict access to personal information to select employees and agents who have a need for such information for business purposes only. All such employees are trained and required to safeguard such information. Companies we hire to provide support services are not allowed to use your personal information for their own purposes and are contractually obligated to maintain strict confidentiality. We limit their use of your personal information to the performance of the specific service we have requested.
How does MFG collect my personal information?
We collect your personal information from you, for example, when you:
  • open an account or give us your income information
  • apply for insurance
We also collect your personal information from others, such as credit bureaus, our affiliates, or other companies. We may also collect some information about you from publicly available resources.
Why can’t I limit all sharing?
State and Federal law gives you the right to opt our of sharing under the following circumstances:
  • You can opt out of sharing information about your creditworthiness to affiliates for everyday purposes.
  • You can opt out of sharing with affiliates who would use your information to market to you.
  • You can opt out of sharing with non-affiliates who would use your information to market to you.
Some state laws also give you the ability to opt out of the sale of your personal information. M Financial Group does not sell your personal information to third parties.
Your Privacy Rights
What are they?
California law gives California residents additional rights regarding personal information. Those rights under California law include:
  • Disclosure: you can request information about the categories and specific pieces of personal information collected. You may also request information about the categories of sources from which the personal information was collected, the business purposes for collection, the business purposes for disclosure, the categories of third parties with whom we share personal information, and whether your personal information is sold to third parties.
  • Erasure/Deletion: under certain circumstances, you can request we delete your personal information, if that personal information is no longer needed to provide our services to you, or in other limited circumstances.
  • Third Party Marketing Disclosures: California residents have the right to request information from us regarding the manner in which we share certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
  • the categories of information we disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year;
  • the names and addresses of the third parties that received the information; and
  • if the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.
  • Non-Discrimination: under California law, you have the right to not be discriminated against should you choose to exercise your rights. We may offer certain incentives related to the collection or disclosure of your information as permitted by law.

The United Kingdom and the European Union gives residents of those respective regions additional rights regarding personal information. Those rights under the EU General Data Protection Regulation (“GDPR”) and United Kingdom General Data Protection Regulation (“UK GDPR”) are:
  • Right to Access/Disclosure: The right to have access to your personal data upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing.
  • Right to Correction/Rectification: The right to correct your personal data if you find it is inaccurate, incomplete or obsolete.
  • Right to Erasure/ “Right to be Forgotten”: The right to obtain the deletion of your personal data in the situations set forth by applicable data protection law.
  • Withdrawal of Consent to Processing: The right to withdraw your consent to the data processing without affecting the lawfulness of processing, where your personal data has been collected and processed based on your consent and not any other basis.
  • Right to Object: The right to object to the processing of your personal data under certain circumstances, in which case we may ask you to justify your request by explaining to us your particular situation.
  • Right to Restrict Processing: The right to request limits to the processing of your data, when allowed by and in circumstances set forth under applicable law, as well as to object to any direct marketing from us.
  • Right to Restrict Automated Individual Decision-Making (Profiling): The right to not be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you.
  • Right to Data Portability: The right to have your personal data directly transferred by us to a third-party processor of your choice (where technically feasible; may be limited to situations when processing is based on your consent).

Canadian law gives Canadian residents additional rights regarding personal information:
  • Right to Access/Disclosure: The right to have access to your personal data upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing.
  • Right to Correction/Rectification: The right to correct your personal data if you find it is inaccurate, incomplete or obsolete.
  • Right to Deletion: The right to obtain the deletion of your personal data in the situations set forth by applicable data protection law.

To request further information about our practices/your rights:
  • Call us at (800) 656-6960, between the hours of 8 a.m. and 5 p.m. Monday through Friday.
  • Write to us at M Financial Group, ATTN: Privacy Officer, 1125 NW Couch Street, Suite 900, Portland, OR 97209.
    The request should include your name, address, and account number.
  • If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.

Other Important Information
To request further information about our practices/your rights:
  • Call us at (800) 656-6960, between the hours of 8 a.m. and 5 p.m. Monday through Friday.
  • Write to us at M Financial Group, ATTN: Privacy Officer, 1125 NW Couch Street, Suite 900, Portland, OR 97209.
    The request should include your name, address, and account number.
  • If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.