Data privacy and deletion
What we collect, what we share with subprocessors, and how to delete data.
What we collect
Three buckets:
- Account information: names, emails, phone numbers, NMLS numbers, company info.
- Lead and borrower data: everything you enter or import (names, contact info, financial details, communications history). This is your data; we process it on your behalf.
- Google Workspace data: when a user connects Google, we may store the connected account email, encrypted OAuth tokens, calendar appointment details, and relevant Gmail message or thread data needed to show CRM communication history.
- Usage telemetry: which pages were viewed, which features were used. Anonymized; we use it to improve the product, never to retarget.
We do not sell data. We do not share data across orgs. We do not use your borrower data to train models.
Subprocessors
The third parties we send data to in normal operation:
- DigitalOcean (hosting + managed Postgres).
- Stripe (billing).
- Twilio (SMS, when you connect your Twilio account).
- SendGrid (email, when you connect SendGrid).
- Google (calendar + email, when you connect Google Workspace).
- Anthropic + OpenAI (AI features). We send the minimum necessary context for each AI assistant call; we do not send the entire pipeline.
A complete subprocessor list with purposes is in our Privacy Policy.
Deletion options
Three levels of granularity:
- Per-lead: open a lead, click Delete. The lead and its conversations / attachments are permanently removed.
- Per-org bulk: Settings -> Data -> Delete leads. Filter by date range or stage; bulk delete.
- Whole workspace: cancel your subscription (Help -> Cancelling your subscription). After the 30-day grace period the entire workspace is purged.
- Google disconnect: Settings -> Integrations -> Disconnect Google clears stored Google tokens and stops future Gmail or Calendar access. CRM copies already stored are deleted with the related lead or workspace unless a legal retention exception applies.
If you need a faster purge for compliance reasons (e.g. CCPA / GDPR right-to-be-forgotten), email privacy [at] lendaxiom.com. We process those requests inside 7 days.
What about borrowers who ask to be forgotten
If a borrower contacts you asking to be deleted under CCPA / GDPR / similar, you (the loan officer) own the deletion. Open the lead and click Delete; or email privacy [at] lendaxiom.com if you want us to confirm purge across all subprocessors.