Skip to main content

Plain Language First

Privacy Policy

Each section opens with a one-line summary. Tap to read the full policy.

Updated May 18, 2026·~8 min full

In one paragraph

We collect what we need to run the platform, never sell your data, share only with the loan officers and vendors that actually help you, encrypt everything at rest and in transit, and let you ask for a copy or deletion anytime. The full text below is the binding version.

01

Introduction

What this policy is, how it applies, and what using the platform means for your data.

Full text

This Privacy Policy describes how TheLoanOfficer (“we,” “our,” or “us”) collects, uses, and protects your information when you use our loan marketplace platform.

By using our platform, you consent to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

02

Information we collect

Personal info you give us (name, contact, financial details, ID) and platform info we record (interactions, device, IP).

Full text

Personal information

  • Name, email address, and contact information
  • Financial information necessary for loan applications
  • Professional credentials and licensing information (for loan officers)
  • Identity verification documents

Usage information

  • Platform interaction data and preferences
  • Communication logs between borrowers and loan officers
  • Search history and listing views
  • Device information and IP addresses
03

Data retention and disposal

Uploaded documents are deleted within 10 minutes of confirmation. Most other data is retained while your account is active or as required by law.

Full text

We retain your information only as long as necessary for the purpose it was collected, or as required by law. Financial documents submitted through the secure upload portal are treated as nonpublic personal information (NPI) under the Gramm-Leach-Bliley Act (GLBA) and handled accordingly.

Financial document upload flow

When you upload documents (W-2s, tax returns, bank statements, etc.) through our secure portal, the following retention schedule applies:

  • In-memory processing — seconds

    File buffers exist only during the upload request and are discarded immediately when the request ends. Nothing is written to a database.

  • Encrypted temporary storage — up to 10 minutes

    While you review AI-extracted data, your files are held in AES-256 encrypted temporary storage (Google Cloud Storage, US region). A countdown timer is shown on screen. Files are deleted immediately when you confirm submission.

  • Safety net deletion — automatic

    If a session is abandoned without confirmation, the staged files expire at the end of the review window and are permanently deleted by an automated cleanup job. No manual action is required.

  • Email delivery — on confirmation

    On confirmation, documents are attached to a TLS-encrypted email sent directly to your loan officer. Temporary storage is deleted immediately after delivery. Once in the loan officer's inbox, their own data retention obligations under GLBA apply.

Retention schedule

Borrower data

  • • Profile information: retained while your account is active; deleted on request, subject to legal requirements
  • • Loan requests: retained while your account is active or as long as the law requires
  • • Messages: retained while your account is active
  • • Uploaded financial documents: deleted within 10 minutes of confirmation
  • • AI-extracted data fields: retained with the loan request record

Loan officer data

  • • Professional credentials: retained while your account is active
  • • Subscription and billing records: retained as required for tax and accounting purposes
  • • Messages: retained while your account is active

Third-party data processors

We use the following processors under executed Data Processing Agreements (DPAs):

  • Google Cloud (Firebase): Cloud infrastructure and temporary file storage. AES-256 encryption at rest, TLS in transit. ISO 27001, SOC 2 Type II certified. GLBA compliance documentation published by Google.
  • Resend: Transactional email delivery. Files transmitted via STARTTLS-encrypted connections between mail servers. SOC 2 Type II certified. Resend retains email content for 1–3 days maximum before purging.

The full internal Data Retention and Disposal Policy is available on request at support@theloanofficer.io.

04

Consent and authorization

What you authorize as a borrower vs a loan officer, and how to withdraw consent at any time.

Full text

Borrower consent

By creating an account and using our platform, borrowers explicitly consent to:

  • Sharing financial information with loan officers
  • Temporary storage of documents for loan processing
  • Communication through our secure messaging system
  • Data processing for loan matching and verification
  • Receiving loan offers and related communications

Loan officer authorization

Loan officers must provide explicit authorization for:

  • Access to borrower information within their subscription tier
  • Professional credential verification and background checks
  • Communication with borrowers through our platform
  • Data processing for loan origination activities
  • Compliance monitoring and audit requirements

Withdrawal of consent

You may withdraw your consent at any time by contacting our support team. However, withdrawing consent may limit your ability to use certain features of our platform. We will process your request within 30 days and ensure all applicable data is properly handled according to your preferences.

05

Data security and protection

TLS in transit, AES-256 at rest, signed expiring document links, server-side access controls, and audit logging.

Full text

Security measures

  • TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Signed, expiring links for document downloads
  • All data writes go through authenticated server-side APIs

Access controls

  • Role-based access permissions enforced server-side
  • Client database writes blocked by security rules
  • Rate limiting on sensitive endpoints
  • Audit logging of admin and security-relevant actions
06

Information sharing and disclosure

Who else sees your data — and a list of what we never share.

Full text

We share information with:

  • Loan officers: Only within their subscription tier and for legitimate business purposes
  • Service providers: Third-party vendors who assist in platform operations (under strict confidentiality agreements)
  • Regulatory authorities: When required by law or to comply with legal obligations
  • Business partners: Only with your explicit consent for specific services

Loan officer matching

Based on your loan details, we surface loan officers who typically work with similar borrowers or loan programs.

You may choose freely who to contact.

We do NOT share:

  • • Personal information with unverified third parties
  • • Financial data for marketing purposes
  • • Contact information with other users without consent
  • • Sensitive documents outside of the loan application process
07

Your rights and choices

Access, correct, delete, or restrict your data — exercise any right at support@theloanofficer.io.

Full text

Access and portability

Request a copy of your personal data in a portable format.

Correction

Update or correct inaccurate personal information.

Deletion

Request deletion of your personal data (subject to legal requirements).

Restriction

Limit how we process your personal information.

08

California privacy rights (CCPA)

Right to know, delete, opt-out of sale (we don't sell), and non-discrimination — email support@theloanofficer.io with subject "CCPA Request".

Full text

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information:

  • Right to know: You may request details about the categories of personal information we collect, the sources, and the purposes for collection.
  • Right to delete: You can request the deletion of your personal information, subject to certain exceptions (e.g., regulatory record-keeping).
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to opt-out: We do not sell your personal information. However, you have the right to direct us not to sell your personal information should our practices change.

To exercise these rights, please contact us at support@theloanofficer.io with the subject line “CCPA Request”.

09

Contact us

Privacy: support@theloanofficer.io.

Full text

If you have any questions about this Privacy Policy or our data practices, please contact us:

10

Policy updates

We post material changes here and update the date — your continued use after counts as acceptance.

Full text

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Your continued use of our platform after any modifications constitutes acceptance of the updated policy.

The plain-language summaries are explanatory only. In any conflict between the summary and the body text, the body text governs.

TheLoanOfficer

Precision connections for loan professionals.A marketplace where borrowers post loan requests and licensed loan officers respond.

© 2026 TheLoanOfficer. All rights reserved.

Compliance Disclaimer: TheLoanOfficer is a connection platform only. We are not a lender, broker, or loan originator. All lender rates and terms are independently provided by licensed professionals. We neither set nor endorse them. Users must verify every detail with their chosen lender.