LoanDocs.ai provides secure AI-powered document analysis for mortgage professionals, underwriters, and lenders. We understand that financial documents contain highly sensitive personal information, and our platform is designed with strong protections, even as we work toward full SOC 2 Type II compliance.
Our Security Principles
Security by design
Least privilege access
Zero data sharing without customer consent
Encrypted and isolated storage
Transparent policies and audit trails
Infrastructure & Hosting
AWS S3 (Encrypted Storage)
Files stored in AWS S3 with:
Server-side encryption (AES-256)
Private buckets (no public access)
Signed URL time-limited upload + download
Per-user namespace separation
Compute
Document processing executed within AWS using event-driven Lambdas
No long-term storage outside the customer's encrypted S3 folder
Frontend Hosting
Hosted on Vercel (SOC 2 Type II certified vendor)
Automatic HTTPS with TLS 1.2+
Authentication
Firebase (Google) Authentication
SOC 2–compliant identity provider
Multi-factor authentication available
JWT validation in all backend processes
Application-Level Security
Role-based access controls
Per-user isolation of documents and results
All API requests require validated Firebase tokens
Rate limiting / brute-force protection
No data used for model training
Sentry security monitoring (no PII stored)
Data Retention & Privacy
Files stored only to complete the processing workflow
By default, users may request permanent deletion at any time
Full data deletion occurs within 24 hours of request
Compliance
LoanDocs.ai leverages industry-standard, SOC 2 Type II certified vendors (AWS, Google Cloud/Firebase, Vercel) while working toward SOC 2 independently.
We provide:
Security posture summary (this document)
Data retention policy
Subprocessor list
Shared responsibility model
Architecture diagrams upon request
Full SOC 2 certification is planned as revenue grows.