LoanDocs.ai Logo

Security & Compliance

Last updated: 12/3/2025

LoanDocs.ai provides secure AI-powered document analysis for mortgage professionals, underwriters, and lenders. We understand that financial documents contain highly sensitive personal information, and our platform is designed with strong protections, even as we work toward full SOC 2 Type II compliance.

Our Security Principles
  • Security by design
  • Least privilege access
  • Zero data sharing without customer consent
  • Encrypted and isolated storage
  • Transparent policies and audit trails
Infrastructure & Hosting

AWS S3 (Encrypted Storage)

Files stored in AWS S3 with:

  • Server-side encryption (AES-256)
  • Private buckets (no public access)
  • Signed URL time-limited upload + download
  • Per-user namespace separation

Compute

  • Document processing executed within AWS using event-driven Lambdas
  • No long-term storage outside the customer's encrypted S3 folder

Frontend Hosting

  • Hosted on Vercel (SOC 2 Type II certified vendor)
  • Automatic HTTPS with TLS 1.2+
Authentication

Firebase (Google) Authentication

  • SOC 2–compliant identity provider
  • Multi-factor authentication available
  • JWT validation in all backend processes
Application-Level Security
  • Role-based access controls
  • Per-user isolation of documents and results
  • All API requests require validated Firebase tokens
  • Rate limiting / brute-force protection
  • No data used for model training
  • Sentry security monitoring (no PII stored)
Data Retention & Privacy
  • Files stored only to complete the processing workflow
  • By default, users may request permanent deletion at any time
  • Full data deletion occurs within 24 hours of request
Compliance

LoanDocs.ai leverages industry-standard, SOC 2 Type II certified vendors (AWS, Google Cloud/Firebase, Vercel) while working toward SOC 2 independently.

We provide:

  • Security posture summary (this document)
  • Data retention policy
  • Subprocessor list
  • Shared responsibility model
  • Architecture diagrams upon request

Full SOC 2 certification is planned as revenue grows.

Security Contact

For reporting concerns, requesting deletion, or obtaining additional documentation:

security@loandocs.ai

© 2025 LoanDocs.ai. All rights reserved.

Privacy PolicyTerms of ServiceCookie Policy