We Keep Your Data Safe

Learn about our commitment to ensuring your data won't end up in the wrong hands.

The most important step in data protection is making sure you have the right people carrying out the right procedures.

Without this, most other forms of protection are not as resilient.

Hiring Policies

Our hiring policy requires all employees to undergo background checks, and many of our employees are state-licensed professionals. All of our employees receive security training. Most importantly, access to all systems is restricted, and only people the “need to know” will review your data.

Technical Security Training

On the technical front, our developers have undergone extensive technical security training. We regularly review our code for potential vulnerabilities. Additionally, we use modern web development technologies that have built-in protection against the most commonly used exploits.

We use multiple technical safeguards to protect your data.

This layered approach is more robust as any would-be bad actor would need to overcome multiple obstacles. You can think of it as a vault, inside a castle, surrounded by a moat, with crocodiles and sharks in the moat.

Data Encryption

Encryption is a way of scrambling your data so that only trusted parties can read it. We use regularly updated SSL certificates so you can always verify and trust that you are communicating with our website. Once the data is stored in a database, all sensitive information is secured in an encrypted format. 

Vulnerability Scanning

We regularly review our code for security vulnerabilities, and keep up to date on the newest technologies to stay ahead of the attackers. We use automated vulnerability scanners to detect and alert us of any potential gaps in our defenses.

We never store your credentials

Some of the features of our application require that you provide your credentials to other services, such as your payroll system. We never store your third-party credentials on our servers. Additionally, when we log into third-party systems on your behalf, we have read-only access, which means we cannot initiate any changes, transfers or withdrawals. We use these features of our application exclusive for data gathering.

Robust Authentication

There are multiple levels of authentication in place to make sure only the right people can access our systems, including:
permissions
Strict User Permissions

User access and permissions are only granted on a need to know basis. 

mfauth
Two-factor Authentication

For an extra level of protection, we use two factor authentication.

password
Password Entropy

Passwords are hashed and salted and have strict entropy requirements.

algorithm
Encryption

All sensitive data is scrambled with bank-level encryption both at rest and in transit.

lockout
Tracking & Lockouts

Any user with suspicious behavior is automatically locked out of the system.

bestpractices
Development Best Practices

We stay up to date with development best practices, such as OWASP Top 10.

Physical protections to keep your data safe

All our servers and databases are housed in security third-party data centers. These data centers are protected with multiple layers of access controls, and are staffed around the clock with guards.

Additionally, the vast majority of our data is electronic, meaning all of the above protections can be utilized. In the rare cases where a physical document is required, the documents are stored in locked filing cabinets, and the data is shredded and destroyed as soon as it is no longer needed. Electronic copies of physical documents are retained as required by law and company record retention policies.

team_steve
Steve Herschleb
Co-Founder & CTO

The safety of your financial and personal data is our top priority.

Rest assured, we have put a combination of approaches into place, encompassing people, technical processes and physical systems. Even though it can be stressful getting a mortgage, we hope to prevent additional stress by ensuring your financial and personal information is safeguarded.

Still have questions?

Contact us below to speak with an expert about how we protect your sensitive data throughout the loan application process.