LendPacket

Security

Bank-grade care for borrower documents

Tax returns, bank statements, and personal financial statements are some of the most sensitive documents a person has. Here's exactly how LendPacket treats them.

Strict tenant isolation

Every lender's data is isolated at the database layer with row-level security — enforced by the database itself on every single query, not just by application code. Your files are yours alone.

Magic links, engineered carefully

Borrower links use long, unguessable tokens (128-bit+), are scoped to a single person's checklist, expire automatically, and can be revoked instantly. An optional email verification step adds a second check. Borrowers never have accounts or passwords to lose.

Documents locked down

Files are encrypted in transit and at rest. Every download uses a short-lived signed URL — there are no public links and no public storage, ever.

A complete audit trail

Every significant action — request, upload, view, download, review, override — is recorded with who did it, what it touched, and when. Answer any “what happened here?” in seconds.

Least-privilege access

Team roles (admin, loan officer, processor, viewer) limit who can do what. Borrower-side parties see only the items assigned to them — a CPA uploading tax returns never sees the borrower's bank statements.

AI that stays in its lane

AI review is advisory. It classifies and flags; it never approves, denies, or makes compliance determinations. A human can always override any AI flag, and every override is logged.

Infrastructure you already trust

LendPacket runs on established, independently audited infrastructure providers: hosting on Vercel, database and storage on Supabase (built on AWS), payments on Stripe, email on Resend, and AI review on Anthropic. Payment card details are handled entirely by Stripe and never touch our servers.

Have a security question or a vendor questionnaire? Email security@lendpacket.com and we'll respond promptly.

Security questions? Ask us anything.

We'd rather over-explain how we protect borrower data than leave you guessing.

14 days of the Team plan. No credit card required.