Effective Date: 10/23/2020
Revised: 01/23/2026
M Financial Group is a private corporation with multiple wholly owned subsidiary companies. This Privacy Policy governs the parent corporation, and all subsidiaries as listed below.
Hereafter referred to collectively as “M Financial Group”, “We”, “Our” or “Us”.
At M Financial Group, We respect your privacy, and We are committed to securing and protecting your personal information. This privacy policy describes how M Financial Group, including its subsidiary and affiliated companies, collect, store, share, and secure your information on Our websites and applications.
M Financial Group is a premier organization serving elite providers of financial solutions for high-net-worth individuals and successful businesses. Our business requires Us to collect a significant amount of personal information from you to operate, manage, and maintain your accounts and Our business.
Our privacy notices, issued to consumers who are seeking to purchase Our products or services, describe your rights, and the choices available to you, such as limiting the sharing of your personal information for marketing purposes. A sample privacy notice is provided as part of this policy.
We use and disclose your personal information to provide you with products and services, to communicate with you, to provide you with customer service, to market Our products and services to you, to develop or improve Our products and services, for legal or compliance purposes, or as required or permitted by applicable law.
This privacy policy is applicable on any website or application on which it is posted. Please note that additional privacy notifications may be presented to you as necessary when servicing your business needs, as required by law.
This Privacy Policy is applicable to any non-public personal information that We collect from any natural person for the purpose of purchasing Our products or services for individual or household use. This policy is not applicable for natural persons acting in a commercial context or employment context. For example, this Privacy Policy is not applicable to employers establishing or acquiring employee benefit plans for the benefit of their employees.
We collect the information you provide when you use Our websites or apps. This may include, but is not limited to, your use of the following:
When you apply for products and services, We collect your personal information, either directly, or indirectly through securities brokers, investment advisors, or insurance producers. In some cases, the information requested is required by law to verify your identity or to comply with anti-money laundering and anti-terrorism regulations. Examples include:
We may collect information about you, a co-applicant (co-owner) when you request securities products, or a beneficiary when you or they apply for an insurance policy or service.
M Financial Group includes a subsidiary reinsurance company (M Financial Re) that may request your medical records to conduct underwriting and actuarial activities. If M Financial Re requests your medical records, you will be asked to complete an Authorization for Release of Health-Related Information, in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The authorization form will inform you who your Personal Health Information (PHI) will be shared with, and the specific purposes for which your PHI will be used.
We may collect additional information about you from third parties. For example, We may:
Information received from other sources is used solely for the purpose of providing and maintaining products purchased by you, providing customer service to you, or to comply with applicable laws and regulations.
We may collect information automatically using online technologies such as cookies, logs, tags, scripts, local storage, and others when you use Our websites or apps, send Us an email, or interact with Our emails. We limit Our use of these technologies. We use this data to improve the performance of Our website, control security access, data security authentication, for fraud detection, or similar purposes. We may collect your IP address as part of Our cybersecurity protection protocols, but We do not use your IP address for marketing purposes.
You may choose to allow or disable cookies which are not required for Our sites to function. If you clear cookies on your web browsers or devices, you may need to set your cookie preferences again on your next visit to Our website(s). Cookies used on Our website(s) do not contain personal information about you. You can use your browser settings to limit the use of cookies, although doing so may limit the performance of Our website(s). We will retain cookies for 14 months from the date of your most recent visit to Our website(s).
We use Google Analytics and its companion product, Google Tag Manager. Google stores cookies on their website to enable Google’s analytic tools to provide helpful data to website owners about how you use their website. Data sent and retained by Google include your granular geolocation (city data), and your IP address.
We do not sell, share, or rent your location or IP address to nonaffiliates.
You can view Google’s Privacy Policy here: Safeguarding your data - Analytics Help
We may engage third-party vendors to provide services to Us on your behalf, including IT services, securities clearing vendors, and IT service providers.
Third-party vendors who are granted access to, or with whom We share your personal information, are required to agree, as part of their contractual obligations, to comply with all federal and state privacy laws, as applicable, including data protection measures that are appropriate for the sensitivity of the data being accessed by them or shared with them. They are prohibited from sharing your information, without express permission, and they must honor any opt-out request submitted by you, immediately upon your request being communicated to them by Us.
We conduct an extensive due diligence of every third-party vendor, and We verify their data security credentials, as appropriate.
We do not share, sell, or rent your personal data to any nonaffiliates for marketing purposes.
We do share your personal data with Our affiliates (affiliates include investment advisors, insurance producers, or securities brokers) to market Our products and services to you, or to provide you with customer service. The Privacy Notice provided to you will include information about your choices for opting out of sharing, and instructions on how to contact Us to inform Us of your opt-out request.
In certain circumstances, state or federal law requires that We share your personal information with other organizations such as:
We employ multiple levels of data security to ensure your data is safe from unauthorized disclosure, loss, or alteration, including:
User access is granted based on the user’s role, ensuring access to the minimum amount of data necessary to perform job functions.
We will retain your personal data for as long as it is necessary to fulfill the purposes for which it was collected. Due to the nature of the products and services We provide, We are required, by law, to maintain certain information for up to 10 years after your business relationship with Us is terminated. We maintain a detailed record retention schedule that identifies Our regulatory record retention requirements.
When you purchase goods or services from us, you become Our customer and you will receive a Privacy Notice that outlines your rights under the Privacy laws that are applicable to Us and the product or service you are purchasing from us.
We do not sell or rent your personal data to anyone that is not affiliated with Our organization; however, there are certain circumstances that We will share your personal information with non-affiliates. You have the right to opt out of sharing for the purposes outlined in the Privacy Notice you receive.
Our products and services are not intended for ownership by individuals under the age of eighteen (18).
In some cases, individuals as young as age seventeen (17) may be insured by a life insurance policy, which requires Us to collect personal information about the minor. In the case of a minor who is insured (not the owner of a life insurance policy), the parent or guardian would be required to consent to the collection of the minor’s personal information.
No individual under the age of 17 should submit or post information through Our website(s). We do not knowingly collect personal information from persons under the age of 17. If We become aware or suspect that you are under the age of 17, any information you submit will not be used or retained by us.
We do not transfer or transmit your personal information outside the United States.
If We determine there is a business need to transfer or transmit your personal information to a party outside the United States, We are required to notify you. Our notification must inform you about the information We are transferring/transmitting, who We are transferring/transmitting your information to, the purpose for which the data will be used, and the country your data will be transferred/transmitted to. You will also be given a minimum of 30 days to contact Us to opt-out of your data being transferred/transmitted.
If We transfer your data outside the United States, We are required to ensure your data is protected and provide you with notification of your rights under the corresponding data protection and privacy laws in the applicable jurisdiction, most notably the General Data Protection Regulation (GDPR) in European Union participating countries.
If you have reason to believe that We failed to notify you of Our Privacy Policy, to provide you with a Privacy Notice at the appropriate time, or have questions, please contact us at Privacy@mfin.com. We will provide you with the necessary documentation and ensure that your opt-out preferences are honored immediately.
M Financial Group is subject to the following privacy laws in the United States:
Although seventeen (17) states have passed comprehensive privacy laws and implementing regulations, M Financial Group is exempt from state level privacy laws in most instances, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights and Enforcement Act (CPRA).
However, We remain committed to the protection of your personal information and will honor requests from consumers to opt-out of sharing in certain circumstances, as detailed in the Privacy Notice you receive when you purchase product or services from Us.
You can contact the Privacy Officer by phone at (800) 565-6960.
You can email Us at Privacy@mfin.com.
You can send your written request to:
M Financial Group
Attn: Privacy Officer
2669 Howell Street, Suite 1100
Dallas, TX 75204
Several states have passed comprehensive privacy laws that are effective as of the date of this Privacy Notice.
M Financial Group is comprised of a corporate holding company, M Financial Holdings Incorporated, and several wholly owned subsidiary companies. Not every subsidary is subject to state privacy laws.
The following M Financial Group subsidiary companies are subject to federal privacy laws set forth in Title V of the Gramm-Leach-Bliley Act of 1999(GLBA), and are therefore exempt from state privacy laws. Your privacy rights under GLBA are detailed on page 1 of this Privacy Notice.
