Privacy Policy

LendTrace processes borrower documents and metadata that our customers (lenders) submit to the platform. This includes images, PDFs, structured fields extracted from those documents, and audit logs of decisions taken on the platform.

We process this data on behalf of our customers, who are the data controllers for borrower information. We act as a processor under their direction.

We use submitted documents to extract structured fields, run fraud and tampering checks, and generate draft credit memos. We do not use customer data to train models that are shared across customers without explicit, written consent.

Aggregated, de-identified statistics may be used to monitor system performance and improve our extraction quality.

Customer data is stored in the region the customer selects at the time of contracting. We currently support Philippines, Indonesia, Mexico, South Africa, and the United States residency zones.

Cross-region transfers happen only with the customer's written instruction, and only for the purposes of customer-requested processing.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is gated by SSO + hardware MFA for our staff, and scoped per-customer.

We are pursuing SOC 2 Type II and ISO 27001. Our security posture is described in detail under a mutual NDA on request.

End borrowers should contact the lender they applied with for any data subject request — access, rectification, deletion. We pass those requests through to our customers as part of our standard data processing addendum.

Lenders can request export or deletion of their tenant data at any time through their account team.

Questions about this policy can be sent to the email address above. We respond within 30 days, usually much faster.