Security isn't a bolt-on here — it's how the platform is built. Below is exactly how we safeguard the personal and financial information you share with us.
Your documents and personal & financial information are encrypted at rest with AES-256, and transmitted only over encrypted (HTTPS) connections. We do not accept sensitive documents by email.
Every staff login requires multi-factor authentication. Accounts are individual and role-based, on a least-privilege basis — people can only reach what their role requires.
Access to your documents is logged — who opened what, and when — so every interaction with your information is accountable and reviewable.
We collect only what we need. We don't ask for a Social Security number at initial intake, and request sensitive documents only when they're actually needed to evaluate or fund a deal.
We keep your information only as long as it's needed for your request or to meet legal and recordkeeping obligations — after which it is securely deleted, and any encrypted backups holding it are pruned on our backup retention schedule.
Dedicated, firewalled servers; the database is never exposed to the internet; automatic security patching and brute-force protection. The application has undergone independent security review.
Our controls are designed to meet the control expectations of the GLBA Safeguards Rule (16 CFR Part 314) — encryption, access controls, monitoring, secure development, and disposal — and we maintain a documented information security program. No system can be guaranteed perfectly secure, but we design and operate the platform to protect your information at every step.
For full details on what we collect, how we use it, and your choices, see our Privacy Notice.