Privacy Policy

1. Introduction

Lenlo ("we," "us," or "our") operates a mortgage marketplace platform that connects homebuyers ("Borrowers") with licensed loan originators ("Lenders"). This Privacy Policy explains how we collect, use, disclose, and protect your personal and financial information in compliance with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), and applicable state laws.

2. Age Restrictions & Children's Privacy

Our services are intended solely for individuals who are 18 years of age or older. Because a mortgage is a binding legal contract that requires a borrower to be of the age of majority in their jurisdiction, Lenlo is not designed for, marketed to, or intended to be used by minors. When you create a borrower account you are asked to provide your date of birth and to expressly certify that you are at least 18 years old; we block accounts that do not meet this threshold.

Children under 13. In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit personal information from children under the age of 13. If you are under 13, please do not create an account, submit any personal information, or upload any documents through our platform. If we discover that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete that information from our systems as promptly as reasonably practicable.

Individuals between 13 and 17. Minors who are at least 13 but under 18 are likewise not permitted to use this service. If you believe a minor has provided personal information to us in violation of this policy, please contact us at privacy@lenlo.com so we can remove the account and any associated data.

3. Information We Collect

Account Information: Name, email address, phone number, and password (hashed). For Google Sign-In users, we receive your name, email, and profile picture from Google.

Financial Information (Borrowers): Annual income, monthly debts, employment history, credit score range (self-reported), loan amount requested, purchase price, down payment, and property location.

Documents: Pay stubs, W-2 forms, bank statements, tax returns, and government-issued identification. All documents are encrypted with AES-256 encryption at rest.

Lender Information: Company name, NMLS ID, lending criteria, and supported loan types.

Technical Data: IP address, browser type, session duration, and pages visited. This is collected for security, fraud prevention, and platform improvement.

4. How We Use Your Information

We use your information to: operate and improve the platform; calculate your Mortgage Readiness Score (MRS); match you with qualified lenders based on your financial profile; facilitate lender offers and communications; comply with GLBA Safeguards Rule requirements; prevent fraud and maintain platform security; and communicate important account and service updates.

5. Information Sharing (GLBA Disclosure)

With Matched Lenders: When you submit your financial profile, matched lenders on our platform can view your anonymized financial summary (income range, credit score range, loan amount, property state, MRS score). Lenders do not receive your name, contact information, or documents until you accept an offer.

No Selling of Data: We do not sell your personal or financial information to third parties for marketing purposes.

Service Providers: We share data with trusted service providers who help us operate the platform (hosting, encryption, analytics) under strict confidentiality agreements.

Legal Requirements: We may disclose information when required by law, subpoena, or government investigation.

6. Data Security

We implement safeguards consistent with the GLBA Safeguards Rule, including: AES-256 encryption for all uploaded documents; encrypted data transmission via TLS/HTTPS; automatic session expiration after 15 minutes of inactivity; bcrypt password hashing with salt rounds; role-based access controls; and a comprehensive audit trail for all data access.

No system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security of your data.

7. No Hard Credit Pulls

Lenlo does not perform hard credit inquiries. Your credit score range is self-reported and used solely for lender matching. Accepting a lender's offer may result in the lender performing their own credit inquiry as part of their standard underwriting process.

8. Your Rights

Access & Correction: You can view and update your personal and financial information at any time through your account settings and application page.

Deletion: You may request deletion of your account and associated data by contacting us at privacy@lenlo.com. We will process your request within 30 days, subject to legal retention requirements.

Opt-Out: You can opt out of marketing communications through your account notification settings. This does not affect transactional notifications (offer received, document status, etc.).

California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and not be discriminated against for exercising your privacy rights.

9. Data Retention

We retain your account data for as long as your account is active. Financial documents and profile data are retained for 3 years after account closure to comply with regulatory requirements. Audit logs are retained for 7 years. You may request earlier deletion, subject to these legal retention periods.

10. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. We may use analytics tools to understand platform usage patterns in aggregate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a prominent notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy. The version number and effective date at the top of this page will always reflect the current version.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: privacy@lenlo.com
Lenlo, Attn: Privacy Team