Privacy Policy
Last updated: March 2026
This Privacy Policy describes how LendFlowPro collects, uses, and protects information in connection with the LendFlowPro mortgage automation platform.
1. Overview
LendFlowPro, Inc. ("LendFlowPro", "we", "us") is committed to protecting the privacy of mortgage professionals and their clients who use our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. We comply with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and applicable state privacy laws.
2. Information We Collect
Account Information: Name, email address, company name, and billing information provided during registration. Loan and Document Data: Mortgage loan files, borrower documents, and related financial information you upload or process through the Service. Usage Data: Log files, IP addresses, browser type, pages visited, and feature usage patterns to operate and improve the Service. Communications: Emails and messages sent through the platform, including Gmail integration data if you connect your email account. We do not collect data beyond what is necessary to operate the Service.
3. How We Use Your Information
We use the information we collect to: provide, maintain, and improve the Service; process loan documents using AI and document processing tools; send transactional communications such as account alerts and billing notices; respond to support requests; comply with legal obligations; and detect and prevent fraud or security incidents. We do not use your loan file data to train AI models or for any purpose other than providing the Service to you.
4. Data Sharing and Disclosure
We do not sell your personal information. We share data only with: (a) service providers who assist in operating the Service under strict confidentiality obligations (including Google Cloud Platform, Stripe for payments, and Supabase for database hosting); (b) law enforcement or regulators when required by law or valid legal process; and (c) a successor entity in the event of a merger or acquisition, with advance notice to you. All subprocessors are contractually bound to protect your data.
5. Borrower Data and GLBA
LendFlowPro processes nonpublic personal information (NPI) about mortgage borrowers on behalf of our customers (loan processors and officers). Under GLBA, we act as a service provider. Our customers are responsible for their own GLBA compliance, including providing appropriate privacy notices to their borrowers. We implement the technical and organizational safeguards required by the GLBA Safeguards Rule, including access controls, encryption, and incident response procedures.
6. Data Storage and Security
All data is stored on Google Cloud Platform in US-based data centers. Data at rest is encrypted with AES-256. Data in transit is protected with TLS 1.3. Access to production data is restricted to authorized personnel on a need-to-know basis, with all access logged and auditable. We maintain a formal information security program and conduct regular security reviews. For more details, see our Security page.
7. Data Retention
We retain your data for as long as your account is active. After account cancellation, data is retained for 30 days to allow for export, then permanently deleted. You can configure custom retention policies within the platform (e.g., 7-year retention to meet RESPA requirements). Backups are purged on a rolling 90-day cycle.
8. Your Rights
Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; object to or restrict certain processing; and receive a copy of your data in a portable format. To exercise these rights, contact us at privacy@lendflowpro.com. We will respond within 30 days.
9. Cookies and Tracking
We use essential cookies to operate the Service (session management, authentication). We do not use advertising cookies or cross-site tracking. We use limited analytics to understand aggregate usage patterns. You can disable non-essential cookies through your browser settings; this will not affect core Service functionality.
10. Third-Party Integrations
If you connect third-party services (such as Gmail or a Loan Origination System), those services' own privacy policies apply to data shared with them. We access only the minimum data required to provide the integration features you enable, and we never store your third-party credentials in plaintext.
11. Children's Privacy
The Service is intended for mortgage professionals and is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, requests, or to report a concern, contact us at privacy@lendflowpro.com or through our contact page at lendflowpro.com/contact.