Legal Architecture & Risk Memo

This memorandum describes the legal architecture of the Hardline marketplace platform (the “Platform”), operated by Hardline Lending, Inc. (the “Company”). It is written to brief outside counsel on the regulatory posture, risk allocation, and document hierarchy that the Company has already deployed, so that counsel review begins from a complete factual record rather than reverse-engineering the framework from individual policies.

Hardline is a software-only, non-transactional discovery and document-coordination marketplace for business-purpose, non-owner-occupied real-estate-secured lending between entity Borrowers (typically real-estate investor LLCs) and balance-sheet private Lenders. The Platform never holds funds, never originates loans, never algorithmically matches counterparties, never sets pricing, and never charges per-deal or closing-contingent fees. The v1 fee model is zero; the planned post-v1 model is a flat Lender SaaS subscription plus a flat Borrower listing fee — neither tied to consummation.

Because the loans intermediated through Hardline are business-purpose (Regulation Z Comment 3(a)-3, 12 C.F.R. § 1026.3(a)(1)) and secured by non-owner-occupied real property, the consumer-credit federal regime (TILA, RESPA, HMDA, HOEPA, Reg Z disclosures) is largely inapplicable as to the loans themselves. The Company’s regulatory exposure is concentrated in: (i) state mortgage-broker and consumer-finance licensing regimes, most notably California’s Consumer Finance Law (Cal. Fin. Code §§ 22000 et seq., the “CFL”); (ii) fair-lending statutes that reach “any person who arranges credit” (Reg B, 12 C.F.R. Part 1002; Fair Housing Act, 42 U.S.C. § 3604); (iii) the GLBA Safeguards Rule (16 C.F.R. Part 314), under which Hardline is a “finder” per § 314.2(h); (iv) state biometric statutes triggered by the Stripe Identity KYC flow (BIPA at 740 ILCS 14; CUBI at Tex. Bus. & Com. Code § 503.001; WA RCW 19.375); (v) state consumer-privacy statutes (CCPA/CPRA and the 19-state superset); and (vi) general consumer-protection regimes (FTC Act § 5; state UDAPs).

Risk is allocated by a four-tier hierarchy: (a) the master Terms of Service binds every User to a single set of liability, indemnification, and dispute-resolution rules; (b) role-specific addenda (Lender and Borrower) layer in role-conditioned representations, attestations, and operational obligations; (c) ancillary policies (Privacy, E-Sign, Disclosures, Biometric, Privacy Choices) carry the regime-specific notice and consent freight; and (d) per-deal certifications captured in the application flow re-affirm the business-purpose status at the moment of formation of each loan opportunity.

The Company seeks counsel’s review and sign-off on the matters enumerated in Part 8. The headline items: (a) confirmation of the CFL Option A platform-only posture; (b) sufficiency of the Illinois geofence in light of BIPA jurisprudence (Rogers v. BNSF; Cothron v. White Castle); (c) Delaware governing law with a narrow California-resident McGill carve-out; (d) AAA Consumer-Rules administration paired with a sophistication recital; (e) the $100/12-month aggregate liability cap and the appropriate moment to renegotiate it on fee launch; and (f) whether the existing pass/fail KYC payload practice discharges defensive BIPA / CUBI obligations.

The Platform has two User roles: Borrowers and Lenders. Borrowers are entity real-estate investors (typically single-member or small-membership LLCs and similar pass-throughs) seeking short-term, business-purpose, non-owner-occupied real-estate-secured financing (bridge, fix-and-flip, rental-acquisition, ground-up construction). Lenders are private balance-sheet hard-money lenders deploying their own or affiliated capital. The Company makes no representation that any Lender is a regulated financial institution; the Lender Marketplace Agreement places the entire licensing-compliance burden on the Lender.

The platform funnel: (i) account creation with role selection and entity capture; (ii) Stripe Identity KYC for natural-person signatories; (iii) Borrower publishes a deal listing (subject property, requested terms, business-purpose 5-factor attestation, owner-occupancy gate); (iv) Lender browses, contacts, and produces a term sheet using the Platform’s PDF generator; (v) document exchange (appraisal, title, entity docs, exit plan) via Supabase-backed object storage; (vi) the Lender moves the deal through software state (Term Sheet → Diligence → Conditional Approval → Closing → Funded) with a manual “Mark docs signed” action when out-of-platform signatures are returned; (vii) the loan funds via direct off-platform wire between the Lender’s and the Borrower’s bank accounts. Hardline never takes possession of funds, never appears on the closing statement, and is not a party to the loan documents.

Personal information flows from the User to Hardline’s Supabase tenant (transactional and identity data), Stripe Identity (KYC verification, pass/fail payload only retained), Vercel (hosting + edge), and Resend (transactional email). No advertising pixels are loaded; no analytics SDKs that ingest PII operate on signed-in pages. There is no money flow through Hardline in v1. Funding occurs by direct wire from Lender to Borrower (or to closing agent / escrow). Hardline does not display, store, validate, or transmit wire instructions, and Disclosures § 4 imposes an out-of-band verification duty on the sender. The planned post-v1 monetization (a flat Lender SaaS subscription and a flat Borrower listing fee) is, by design, decoupled from loan consummation. This decoupling is structural to the CFL Option A analysis at § 3.2.

Hardline’s regulatory posture turns on the negative space, specifically the things it does not do, in deliberate parallel to common adjacent business models:

• Not a mortgage broker under the SAFE Act, CFL, or analogous state regimes, because Hardline does not take loan applications, offer or negotiate terms, or receive transaction-based compensation. Lender Addendum § A.4 makes the allocation contractual.
• Not a lender or creditor under Reg Z or ECOA, because Hardline does not extend credit and is not the “person to whom the obligation is initially payable” (12 C.F.R. § 1026.2(a)(17)).
• Not a money services business under 31 C.F.R. § 1010.100(ff), because Hardline does not transmit funds, issue payment instruments, exchange currency, or maintain stored value.
• Not an investment adviser or broker-dealer; the loans are debt instruments not offered as securities, and Hardline does not solicit investors or recommend specific loans. Lender Addendum § A.7 contains an express no-securities representation.
• Not a marketplace lender in the LendingClub/Madden sense; no whole-loan or note is sold across the Platform.
• Not an algorithmic matcher. The Platform displays listings in chronologically neutral order. No counterparty is preferentially surfaced based on demographic, geographic, or commercial signal. Operationally enforced (§ 7) and contractually represented (Disclosures §§ 7 and 9).

The cumulative effect is that Hardline operates in the regulatory space of a finder (16 C.F.R. § 314.2(h)) and a publisher — closer to a real-estate-finance Craigslist for a regulated counterparty than to any flavor of regulated financial intermediary.

SAFE Act (12 U.S.C. § 5101 et seq.). Not applicable to Hardline (entity, not natural person; loans are business-purpose; no employee solicits or negotiates terms).

RESPA (12 U.S.C. § 2601; Reg X). Not applicable; underlying loans are business-purpose and not “federally related mortgage loans” under 12 C.F.R. § 1024.2(b).

TILA / Reg Z (15 U.S.C. § 1601; 12 C.F.R. Part 1026). Not applicable to the loans because they qualify for the business-purpose exemption under 12 C.F.R. § 1026.3(a)(1) and Comment 3(a)-3. Borrower Addendum § B.1 elicits a five-factor certification tracking the official commentary, captured per-deal, time-stamped, and re-affirmed at term-sheet acceptance.

Dodd-Frank ATR/QM (12 C.F.R. § 1026.43). Not applicable for the same business-purpose reason. Borrower Addendum § B.1(f) acknowledges that a property’s “dwelling” status under Reg Z does not convert the loan into a consumer-purpose transaction.

HOEPA (12 C.F.R. § 1026.32). Not applicable.

ECOA / Reg B (12 C.F.R. Part 1002). Partially applicable. Reg B’s definition of “creditor” reaches “a person who, in the ordinary course of business, regularly refers applicants or prospective applicants to creditors.” This is the doctrinal hook on which fair-lending exposure can hang for a marketplace. Operational mitigations: (a) no demographic filters in Lender search; (b) chronologically neutral display order; (c) no Hardline-side counterparty scoring; (d) uniform-criteria hard-blocks (owner-occupied flag, geofence), not credit decisions. Open issue: whether an adverse-action-style notice on hard-blocks is best practice (Part 8 § 8.10).

Fair Housing Act (42 U.S.C. § 3604). Applies. Broader than ECOA; reaches “any person … whose business includes engaging in residential real-estate-related transactions.” Same operational mitigations.

BSA / FinCEN. Not applicable as a regulated financial institution. Hardline is not an MSB and not a covered “loan or finance company” under 31 C.F.R. § 1029.100 (which reaches residential mortgage loan persons). Lender Addendum § A.6 imposes AML/sanctions cooperation on the Lender, who may itself be a covered party.

OFAC. Applies as a strict-liability regime. Stripe Identity performs sanctions screening on natural-person principals. Lender Addendum § A.6 and Borrower Addendum § B.7 impose User representations.

FTC Act § 5; state UDAPs. Applies. Published claims drafted to be literally accurate and non-comparative.

GLBA Privacy Rule (16 C.F.R. Part 1016) and Safeguards Rule (16 C.F.R. Part 314). Applies. Hardline is a financial institution because, as amended in 2021, § 314.2(h) enumerates “finders.” Consequences: Reg P-style Privacy Notice; WISP per § 314.4; designated Qualified Individual; annual report to governing body (§ 314.4(i)); MFA or compensating-control documentation (§ 314.4(c)(5)).

FCRA. Not applicable presently; reserved for future consumer-report integrations.

COPPA. Not applicable; 18+ access.

CAN-SPAM and TCPA. Applies to transactional email; no SMS in v1.

E-Sign Act and UETA. Applies. /legal/e-sign satisfies the consumer-disclosure prerequisites; affirmative acceptance logged with version hash.

CFAA and DMCA. Terms § 22 (vulnerability disclosure / CFAA notice); Terms § 23 (DMCA agent designation).

California — CFL / CRMLA / CCFPL. The headline state. The CFL’s “broker” definition (Cal. Fin. Code § 22004) is fact-intensive. The Company evaluated three options:

• Option A (chosen): Software-only platform with no per-transaction or closing-contingent revenue, no negotiation involvement, no application intake, no rate/term setting. Lender Addendum § A.4 and Disclosures § 2 lock the posture contractually.
• Option B: Preemptive CFL license. Rejected for v1 because (i) license carries activity-presupposition risk; (ii) cost and time; (iii) examination overhead; (iv) easier to license up than down.
• Option C: DRE broker-partner arrangement. Rejected because it concedes broker character and introduces a counterparty whose compliance posture becomes part of Hardline’s.

Flip-triggers: any per-deal or closing-contingent fee; any counterparty selection, ranking, or scoring; any negotiation; any application intake; a DFPI inquiry letter raising broker characterization. Cal. Civ. Code § 1632 (translation requirements) does not apply because the Platform does not negotiate consumer contracts in the enumerated languages and the loans are business-purpose to entity counterparties.

New York, New Jersey, Illinois, California — blocked by geofence. NY due to Adar Bays criminal-usury exposure and DFS licensing aggression; NJ due to CFLA and DOBI posture; IL due to BIPA standing-broad damages post-Cothron / SB 2979. CA is blocked pre-launch pending outside-counsel sign-off on the platform-only Option A posture (Cal. Fin. Code §§ 22000 et seq.; DFPI enforcement environment); reassessment on receipt of a written specialist opinion. Q4 2026 reassessment is calendared for IL.

Texas, Florida, Arizona, Nevada — open. Texas CUBI (Tex. Bus. & Com. Code § 503.001) addressed defensively at /legal/biometric-policy; lender-licensing analysis at /legal/state-licensing. Florida ch. 494 excludes business-purpose non-residential. Arizona § 6-901 excludes commercial. Nevada NRS Ch. 645B and 675 not implicated by entity loans. See /legal/state-licensing for the full 13-state matrix.

The 19-state superset is administered by a single Privacy Policy structured to a California-maximum baseline. CCPA/CPRA controls the form. The other state laws (CO/CT/VA/UT/OR/IN/TX/TN/MT/IA/DE/NJ/NH/MD/KY/RI/NE/MN) are administered through the same notice + opt-out architecture, with one-shot mechanics keyed off the Global Privacy Control server-side signal.

BIPA (Illinois). Defensively addressed; geofence-blocked. /legal/biometric-policy carries BIPA-form notice, consent, retention, and destruction schedule, ready for re-entry.

CUBI (Texas). Active. Defensive Hardline notice for Texas users in the Stripe Identity flow.

Washington RCW 19.375. Active. WA reaches “enrollment” for a commercial purpose; Stripe is the enroller, Hardline carries defensive notice.

NY SHIELD Act (N.Y. Gen. Bus. Law § 899-bb). Active despite NY geofence; WISP under FTC Safeguards designed to satisfy SHIELD’s reasonable-security mandate.

The Platform’s legal documents are: (1) Terms of Service; (2) Privacy Policy; (3) Lender Marketplace Agreement; (4) Borrower Marketplace Agreement; (5) E-Sign Consent Disclosure; (6) Marketplace Disclosures; (7) Biometric Data Policy; (8) Your Privacy Choices; supplemented by (9) Acceptable Use Policy; (10) Cookie Policy; (11) Risk Disclosure; (12) Definitions Index; (13) State-Licensing Matrix; (14) Sub-Processors; and (15) Legal Contact.

Three architectural patterns were considered: (a) single omnibus contract (rejected for readability collapse, role-representation dilution, and unnecessary re-acceptance friction on regime-specific updates); (b) fully separate per-role contracts (rejected because it duplicates common provisions, complicates choice-of-law arguments, and weakens master delegation); (c) hybrid: one Terms with role addenda and ancillaries (chosen). The Terms govern everyone; addenda add role-conditioned representations and operational obligations; ancillaries carry the regulatory-notice freight separately so they can be updated on regime cadence without re-papering the master.

Terms § 20 establishes the precedence: (1) the Terms; (2) the applicable Marketplace Addendum for matters specific to that role; (3) the Privacy Policy, E-Sign Consent, Biometric Policy, and Disclosures for the subject matter each governs; (4) any deal-specific term sheet or side letter between Users is outside the Hardline contract stack — Hardline is not a party. Precedence is subject-matter-specific: a Privacy Policy provision controls on processing questions but does not displace a Terms provision on dispute resolution.

The Marketplace Addenda are not separately negotiated contracts; they are role-specific schedules of the Terms. Acceptance occurs at role selection, with re-affirmation at the per-deal moment for the Borrower (5-factor certification re-affirmed at each new listing) and at the term-sheet-issue moment for the Lender (broker-disclaimer and AML/OFAC reps re-affirmed at each new offer). The per-deal re-affirmation is critical: business-purpose status is a per-loan fact, not a per-borrower fact.

The Privacy Policy is a notice; Disclosures is a series of substantive risk allocations and warnings (wire-fraud responsibility, sanctions, fair-lending neutrality, sub-processor list). Mixing them risks (a) attracting Reg P amendment freight to non-Privacy substantive disclosures; (b) burying wire-fraud warning where Users do not encounter it at the relevant moment; (c) commingling notice (informational) with disclosure (operational instruction). Disclosures is also referenced at the wire-instruction-exchange UI as just-in-time disclosure.

Aggregate liability cap at greater of $100 or trailing-12-month fees. In v1, no fees are charged, so the cap is the floor $100. The cap is defensible because: (i) the Service is free; (ii) the User’s actual transactional exposure (the loan itself) is between counterparties, not against Hardline; (iii) gross negligence, willful misconduct, fraud, and indemnification carve out (Terms § 13); (iv) the cap is aggregate, not per-incident. The cap is at risk on fee launch: consumer-statute caps may be voided as unconscionable when service is paid; some state regimes (CA Civ. Code § 1668) constrain limitations for the limiter’s own wrongdoing. Indemnification flows one-way from User to Hardline; the asymmetry is appropriate because Hardline does not interpose itself in the loan.

Wire fraud is the single largest tail-risk event for any real-estate-finance marketplace. Structural design: (a) Hardline does not display, store, validate, or transmit wire instructions — the product surface for wire-instruction exchange is deliberately absent; (b) Disclosures § 4 imposes an out-of-band verification duty on the sender; (c) Disclosures § 4 contains an express waiver, subject to the gross-negligence carve-out at Terms § 13. Insurance backstop: cyber + crime policy with social-engineering and wire-fraud sublimits.

Sub-processors (Stripe Identity, Resend, Supabase, Vercel) are bound by DPAs back-to-back with the Privacy Policy. A vendor breach is contractually a Hardline-front-stop event (Hardline answers to the User) with a Hardline-recovery posture against the vendor (governed by the vendor’s DPA and liability cap). Cyber insurance is the practical backstop where vendor caps prove inadequate.

Chosen: Delaware substantive law, Delaware forum, with a narrow California-resident McGill carve-out preserving public-injunctive standing. Alternatives: California across the board (rejected: imports plaintiff-friendly consumer-protection jurisprudence wholesale); Delaware with no carve-out (rejected: McGill v. Citibank (Cal. 2017) renders blanket waiver of public injunctive relief unenforceable as to California residents, risking severability cascades).

Chosen: AAA Consumer Arbitration Rules + Mass Arb Supplementary Rules, paired with a sophistication recital. Alternative AAA Commercial Rules rejected because the Borrower’s entity status is variable (a single-member LLC of a natural-person investor is functionally consumer-like, risking an unconscionability finding under Armendariz). The sophistication recital is the bridge: preserves enforceability against sophisticated Users without over-claiming consumer-ness. Mass Arb rules administer bellwether mechanics that defend against mass-arbitration extortion post-Heckman v. Live Nation.

Chosen: 45 days, exceeding the 30-day industry standard. Foreclosed alternatives: no opt-out (foreclosed by recent procedural-unconscionability jurisprudence); 30 days (vulnerable to challenge as too short for a sophisticated dispute-resolution waiver).

Chosen: greater of $100 or trailing-12-month fees; aggregate not per-incident; gross negligence and indemnification carved out. Defensible because v1 is free. Flagged to revisit on fee launch.

Chosen: bilateral injunctive carve-out for IP infringement. One-way carve-out for Hardline only would be unconscionable under Carmona v. Lincoln Millennium Car Wash. Heckman v. Live Nation (9th Cir. 2024) further reinforced that mutualization is the safest path.

Chosen for role-conditioned representation clarity and regime-modification cadence flexibility. See § 4.2.

Chosen: per-deal re-affirmation of the 5-factor business-purpose certification. One-time-at-signup rejected because business-purpose status is per-loan, not per-borrower. Per-application-but-not-per-listing rejected because the listing is the moment of factual specification.

Chosen: geofence. Licensing is reversible only at high cost; geofence is reversible at the cost of a feature-flag flip plus counsel-approved consent flow. Each state has a documented re-entry path.

The single most important strategic decision. See § 3.2 (CFL Option A). Platform-only chosen with documented flip-triggers.

Chosen: manual toggle. Integrating an e-sign vendor would (a) suggest Hardline involvement in execution and (b) attract vendor-data-flow complexity. Off-platform e-sign is the Lender’s independent choice; Hardline does not need to be in the workflow. The /legal/e-sign consent governs Platform-internal signatures only.

Hardline hosts only pre-closing transactional documents and the Hardline-generated term sheet PDF. Executed loan documents (note, deed of trust, guaranty, security agreement) are exchanged outside Hardline. Aligns with the platform-only, non-transactional posture. Term-sheet PDFs carry the footer: “Generated through Hardline software. Hardline is not a party to this term sheet, not a lender, and not a broker.”

The Company recommends a counsel team composed of: (a) California mortgage / CFL specialist with active DFPI practice; (b) privacy & cybersecurity counsel with depth in CCPA/CPRA, BIPA, and GLBA Safeguards; (c) corporate generalist for entity maintenance and commercial contracting; (d) on-retainer inquiry-letter capability: a small standing engagement to respond to state regulator inquiry letters within required response windows without procuring a fresh engagement.

Pre-launch: counsel review of this memo, sign-off on Part 8 items, privileged launch-readiness certification. Quarterly: lightweight regulatory-development review focused on operating-state regimes and DFPI public actions. Annual: WISP review (per Safeguards § 314.4(i)), Privacy Policy refresh, addenda re-papering review, insurance limits review. Ad hoc: geographic expansion, new revenue stream, new sub-processor, regulator inquiry.

The Company has invested in compliance-by-design rather than compliance-by-document. The legal documents reflect, and are intended to reflect, operational realities the product enforces. Counsel’s review should test both halves — the words and the wiring. This memorandum is offered as the map of how those two halves were intended to fit.