LendPacket
← Help center

Security & data

How LendPacket protects your borrowers' documents

  • Isolation: every firm's data is separated with database-level row security — enforced by the database itself, not just the application, and covered by an automated test suite that runs on every change.
  • Documents live in private storage. Nothing is ever public; downloads use signed links that expire in about a minute.
  • Borrower links are 192-bit unguessable tokens, stored only as cryptographic fingerprints, scoped per person, expiring and revocable — with optional email-code verification on top.
  • Uploads are screened: file types are verified by content (a virus renamed to "statement.pdf" is rejected before it's stored).
  • Audit trail: every significant action — uploads, downloads, previews, accepts/rejects, setting changes, exports — is recorded with who/what/when, and exportable as CSV or PDF.
  • Encryption in transit (TLS) and at rest, on SOC 2-certified infrastructure (Supabase/AWS).
  • Your team: role-based permissions and optional two-factor authentication.

AI review is advisory only — it labels and flags, humans decide. AI output is never represented as underwriting or compliance advice.