Executive Summary
At LoanOfficerIntelligence, security is not an afterthought—it is the foundation of our platform. We understand that mortgage professionals handle sensitive property data, personal information, and confidential business intelligence. That is why we have built our entire infrastructure on enterprise-grade, SOC 2 Type 2 certified platforms and implement industry-leading security practices at every layer.
Enterprise-Grade Infrastructure
LoanOfficerIntelligence is built on best-in-class, security-certified infrastructure providers. We do not compromise on security by hosting on unproven platforms. Every component of our technology stack has been selected for its proven security track record and compliance certifications.
1. Web Hosting & Application Infrastructure: Vercel
Certifications & Compliance:
- SOC 2 Type 2 Certified
- ISO 27001:2022 Certified
- GDPR Compliant
- CCPA Compliant
Security Features:
- Automatic DDoS protection at the edge
- TLS 1.3 encryption for all data in transit
- Global CDN with automatic failover
- Continuous security monitoring and threat detection
- Infrastructure-as-Code with automated security testing
- Isolated execution environments for maximum security
2. Database & Authentication: Supabase
Certifications & Compliance:
- SOC 2 Type 2 Certified
- HIPAA-Ready Infrastructure
- GDPR Compliant
- ISO 27001 Certified (in progress)
Database Security:
- AES-256 encryption for all data at rest
- TLS 1.3 encryption for all data in transit
- PostgreSQL database with Row-Level Security (RLS) policies
- Automated daily backups with point-in-time recovery
- Database replication across multiple availability zones
- Network isolation and VPC deployment
Authentication & Access Control:
- Industry-standard JWT (JSON Web Tokens) for session management
- Secure password hashing using bcrypt with per-user salts
- Role-based access control (RBAC) at the database level
- Automatic session expiration and refresh token rotation
- Protection against SQL injection, XSS, and CSRF attacks
- Rate limiting to prevent brute-force attacks
3. Payment Processing: Stripe
Certifications & Compliance:
- PCI DSS Level 1 Certified (highest level)
- SOC 1 Type 2 and SOC 2 Type 2 Certified
- ISO 27001 Certified
- GDPR and CCPA Compliant
Payment Security:
- LoanOfficerIntelligence never stores or processes payment card information directly
- All payment data is tokenized and encrypted by Stripe
- PCI DSS compliant payment forms hosted by Stripe
- Advanced fraud detection and prevention
- 3D Secure (3DS) authentication support
- Real-time transaction monitoring and alerting
4. Property Data: ATTOM Data Solutions
Data Provider Security:
- Enterprise-grade data provider trusted by Fortune 500 companies
- Secure API with TLS 1.3 encryption
- Rate limiting and access controls
- Regular security audits and compliance reviews
- Data sourced from official county records and public sources
Application-Level Security
Secure Development Practices
- Security-first development methodology
- Regular security code reviews and static analysis
- Dependency vulnerability scanning with automated updates
- Secure coding standards following OWASP guidelines
- Penetration testing and vulnerability assessments
Data Protection
- All data encrypted in transit using TLS 1.3 (HTTPS only)
- All data encrypted at rest using AES-256
- Sensitive data never logged or exposed in error messages
- Secure session management with automatic timeout
- No storage of sensitive property data beyond necessary caching
Access Controls
- Multi-factor authentication (MFA) available for all accounts
- Strong password requirements enforced
- Account lockout after failed login attempts
- IP-based access monitoring and anomaly detection
- Session isolation - one user cannot access another users data
- Administrative access restricted to authorized personnel only
Monitoring & Incident Response
- 24/7 automated monitoring and alerting
- Real-time error tracking and performance monitoring
- Comprehensive audit logging of all system access
- Incident response plan with defined escalation procedures
- Regular backup and disaster recovery testing
Compliance & Certifications
Current Compliance Status
Built on SOC 2 Type 2 Certified Infrastructure
Our hosting (Vercel) and database (Supabase) providers maintain SOC 2 Type 2 certification.
PCI DSS Compliant Payment Processing
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider.
GDPR & CCPA Compliant
We comply with GDPR and CCPA, providing users with full transparency and control over their personal information.
TLS 1.3 & AES-256 Encryption
All data transmission uses TLS 1.3 and all stored data is encrypted using AES-256.
What We Do Not Store
We believe in data minimization. We only collect and store data that is essential for providing our service. Here is what we explicitly do not store:
Your Rights & Data Control
You have full control over your data:
- Right to Access: Request a copy of all data we hold about you
- Right to Correction: Request correction of any inaccurate data
- Right to Deletion: Request deletion of your account and all associated data
- Right to Export: Request your data in a portable format
- Right to Object: Object to certain types of data processing
To exercise any of these rights, contact us at contact@loanofficerintelligence.com.
Security Contact
If you have questions about our security practices or wish to report a security concern, please contact us:
Email: contact@loanofficerintelligence.com
Company: Casey McGowan Enterprises LLC
Location: California, United States