Data privacy and deletion

What we collect

Three buckets:

• Account information: names, emails, phone numbers, NMLS numbers, company info.
• Lead and borrower data: everything you enter or import (names, contact info, financial details, communications history). This is your data; we process it on your behalf.
• Usage telemetry: which pages were viewed, which features were used. Anonymized; we use it to improve the product, never to retarget.

We do not sell data. We do not share data across orgs. We do not use your borrower data to train models.

Subprocessors

The third parties we send data to in normal operation:

• DigitalOcean (hosting + managed Postgres).
• Stripe (billing).
• Twilio (SMS, when you connect your Twilio account).
• SendGrid (email, when you connect SendGrid).
• Google (calendar + email, when you connect Google Workspace).
• Anthropic + OpenAI (AI features). We send the minimum necessary context for each Melanie call; we do not send the entire pipeline.

A complete subprocessor list with purposes is in our Privacy Policy.

Deletion options

Three levels of granularity:

• Per-lead: open a lead, click Delete. The lead and its conversations / attachments are permanently removed.
• Per-org bulk: Settings -> Data -> Delete leads. Filter by date range or stage; bulk delete.
• Whole workspace: cancel your subscription (Help -> Cancelling your subscription). After the 30-day grace period the entire workspace is purged.

If you need a faster purge for compliance reasons (e.g. CCPA / GDPR right-to-be-forgotten), email [email protected]. We process those requests inside 7 days.

What about borrowers who ask to be forgotten

If a borrower contacts you asking to be deleted under CCPA / GDPR / similar, you (the loan officer) own the deletion. Open the lead and click Delete; or email [email protected] if you want us to confirm purge across all subprocessors.