Last updated: May 3, 2026
This Privacy Policy explains how we collect, use, store, and protect information when you use our mortgage CRM platform (the "Service"). We are committed to protecting the privacy of our users and their clients. This policy applies to all users of the Service, including organization administrators, loan officers, and any individuals whose information is stored within the platform.
Account Information:
When your organization creates an account, we collect names, email addresses, phone numbers, NMLS numbers, and company information for each user.
Borrower, Lead, and Client Data:
Your organization enters and manages borrower and prospect data including names, contact information, property details, loan parameters, financial information, military or VA eligibility context, pipeline status, notes, documents, estimates, tasks, and communication history. This data is owned by your organization and processed by us to provide the Service.
Usage Data:
We automatically collect information about how the Service is used, including login times, features accessed, pages viewed, and actions taken. This data is used to improve the Service and is not shared with third parties.
Communications Data:
The Service facilitates SMS, email, and other communications between your organization and consumers. Records of these communications are stored to provide communication history and compliance documentation. This can include message body, delivery status, provider message identifiers, AI draft metadata, call/message timestamps, opt-out state, and related audit events.
Billing, Support, and Security Data:
We store subscription, invoice, payment status, support conversation, action audit, login, session, and security event data needed to operate the CRM, support customers, prevent abuse, and maintain compliance records.
We use the information collected to:
We do not sell personal information to third parties. We may share data only in the following circumstances:
We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, CSRF protection on all authenticated endpoints, rate limiting, input validation, and regular security audits. Multi-tenant data isolation ensures that each organization's data is strictly separated. While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure.
We retain your organization's active product data for as long as your subscription is active. An org admin may request workspace deletion from account settings. The default cancellation window is 30 calendar days. During that window, the workspace remains available and an org admin may cancel the deletion request.
After the cancellation window, customer-of-customer data, credentials, active app configuration, users, messages, leads, lead notes, tasks, pipeline activity, drip queue rows, and similar org-scoped product data are purged from the primary database. Compliance, support, billing, Stripe event, action audit, and selected AI usage evidence may be retained where needed for legal, financial, security, or support records.
Primary database backups may contain deleted data until the backup retention window ages out. Launch policy is that backups are retained for up to 30 days unless a reviewed backup provider runbook states a shorter window. The customer-facing deletion timeline is maintained in `docs/runbooks/CUSTOMER-DATA-DELETION-TIMELINE.md`.
The Service uses artificial intelligence to provide features such as lead scoring, automated text and email responses, mortgage analysis reports, and predictive analytics. AI processing occurs on data provided by your organization. We do not use your organization's data to train AI models used by other organizations. AI-generated content should be reviewed by a licensed professional before being shared with consumers.
The Service includes tools to help your organization comply with the Telephone Consumer Protection Act (TCPA) and Do Not Call (DNC) regulations, including DNC list management, consent tracking, and opt-out processing. Your organization is responsible for obtaining proper consent before sending communications and for maintaining compliance with all applicable communication regulations.
Consumers whose information is stored in the Service may have rights under applicable state and federal privacy laws (such as the California Consumer Privacy Act). Your organization, as the data controller, is responsible for responding to consumer rights requests. We will assist your organization in fulfilling these requests as needed. Consumers should direct privacy inquiries to the organization that collected their information.
Authorized LendAxiom support personnel may access customer workspace data only when needed to provide support, investigate abuse or security issues, troubleshoot provider delivery, process billing or deletion requests, or comply with legal obligations. Support actions are limited by role-based access controls and operational audit logs.
The Service uses essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking. Analytics cookies may be used to understand usage patterns and improve the Service. You can control cookie preferences through your browser settings, but disabling essential cookies may prevent the Service from functioning properly.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
For questions about this Privacy Policy or our data practices, please contact your organization administrator, who can escalate privacy inquiries to our team.