← Help center
Security & data
How LendPacket protects your borrowers' documents
- Isolation: every firm's data is separated with database-level row security — enforced by the database itself, not just the application, and covered by an automated test suite that runs on every change.
- Documents live in private storage. Nothing is ever public; downloads use signed links that expire in about a minute.
- Borrower links are 192-bit unguessable tokens, stored only as cryptographic fingerprints, scoped per person, expiring and revocable — with optional email-code verification on top.
- Uploads are screened: file types are verified by content (a virus renamed to "statement.pdf" is rejected before it's stored).
- Audit trail: every significant action — uploads, downloads, previews, accepts/rejects, setting changes, exports — is recorded with who/what/when, and exportable as CSV or PDF.
- Encryption in transit (TLS) and at rest, on SOC 2-certified infrastructure (Supabase/AWS).
- Your team: role-based permissions and optional two-factor authentication.
AI review is advisory only — it labels and flags, humans decide. AI output is never represented as underwriting or compliance advice.
More in Security & data