How We Keep Your Data Safe | Neat Capital

How We Keep Your Data Safe


Getting a mortgage requires lots of personal and sensitive data, and we take keeping your data safe very seriously. To accomplish this, we use a three-tiered approach consisting of people, technical processes and physical systems so that your data won’t end up in the wrong hands.

People

The most important step in data protection is making you have the right people carrying out the right procedures. Without this, most other forms of protection are not as resilient.

Hiring

Our hiring policy requires all employees to undergo background checks, and many of our employees are state-licensed professionals. All of our employees receive security training. Most importantly, access to all systems is restricted, and only people that “need to know” will review your data.

Technical Security Training

On the technical front, our developers have undergone extensive technical security training. We regularly review our code for potential vulnerabilities. Additionally, we use modern web development technologies that have built-in protection against the most commonly used exploits.

Technical Processes

We use many different technological safeguards to protect your data. This layered approach is more robust because any would-be bad actor would need to overcome multiple obstacles. You can think of it as a vault, inside a castle, surrounded by a moat, with crocodiles and sharks in the moat.

Encryption

Encryption is a way of scrambling your data so that only trusted parties can read it. All data that moves between computers (a.k.a. “in transit”) is encrypted, whether that is between your browser and our servers, or between our various servers. We use Extended Validation SSL certificates (look for the green bar in your web browser), so you can always verify and trust that you are communicating with our website. Additionally, once the data is stored in a database (a.k.a. “at rest”), all personally identifiable information is stored in an encrypted format.

Code Review and Vulnerability Scanning

We regularly review our code for security vulnerabilities, and keep up to date on the newest technologies and techniques to stay ahead of the attackers. We use automated vulnerability scanners to detect and alert us of any holes in our defenses.

We Never Store Your Credentials


Some of the features of our application require that you provide your credentials to other services, such as your payroll system. We never store your 3rd party credentials on our servers. Additionally, when we log into 3rd party systems on your behalf, we have read-only access, which means we cannot initiate any changes, transfers or withdrawals. We use these features of our application exclusively for data gathering.

Robust Authentication

There are multiple-levels of authentication in place to make sure only the right people can access our systems, including:

  1. Strict user permissions for data access
  2. Multi-factor authentication on all systems that support it, including our own
  3. Password entropy requirements, so there are no easy to guess p@ssw0rds
  1. Hashed & salted passwords with cryptographically secure algorithms
  2. Sign-in attempts tracked and lockout procedures in place to block brute force attacks.
  3. Use of a combination of web development best practices to authenticate every single request to our servers.

Physical Systems

Finally, we have physical security measures in place to prevent data breaches. All of our servers and databases are housed in secure third-party data centers. These data centers are protected with multiple layers of access controls, and are staffed around the clock with guards.

Additionally, the vast majority of our data is electronic, meaning all of the above protections can be utilized. In the rare case where a physical document is required, the documents are stored in locked filling cabinets, and the data is shredded and destroyed as soon as it is no longer needed. Electronic copies of physical documents are retained as required by law and company record retention policies.

Conclusion

Even though it can be stressful getting a mortgage, we hope to prevent added stress by ensuring your financial and personal information is safeguarded. Rest assured, we have put a combination of approaches into place, encompassing people, technical process and physical systems. The safety of your financial and personal data is our top priority.