Enterprise-grade security for private lending

1. Infrastructure

The Lend Engine platform runs entirely on Amazon Web Services (AWS), hosted in the us-east-1 (N. Virginia) region. Our infrastructure is designed with no single point of failure:

• Multi-Availability Zone (multi-AZ) deployment across independent AWS data centers ensures high availability even during individual facility incidents.
• Managed relational databases run with automated failover — if the primary instance fails, a standby replica promotes in under two minutes.
• Application servers are deployed behind load balancers with auto-scaling to handle traffic spikes without degradation.
• Daily automated backups with point-in-time recovery, retained for 35 days.
• All storage and compute resources remain within the continental United States.

2. Data Encryption

All data is encrypted at every layer of the stack:

• In transit — all connections between clients and the Platform use TLS 1.2 or higher. Older protocol versions are rejected. HTTP requests are permanently redirected to HTTPS.
• At rest — all stored data, including databases, backups, and file storage, is encrypted using AES-256. Encryption is enforced at the storage layer and cannot be bypassed.
• Per-tenant encryption keys — each lender organization is assigned a separate encryption key managed in AWS Key Management Service (KMS). A compromise of one key cannot expose another tenant's data.
• Secrets management — application secrets, API keys, and credentials are stored exclusively in AWS Secrets Manager and are never embedded in code or configuration files.

3. Tenant Isolation

Multi-tenancy is one of the highest-risk areas in any SaaS platform. We address it through hard isolation:

• Each lender organization is provisioned a dedicated database instance. There are no shared tables, no shared schemas, and no shared connection pools between tenants.
• Data is never commingled — it is physically impossible for a query issued by one tenant to access another tenant's records.
• Tenant identifiers are validated at the API layer on every request, independent of database-layer isolation, providing defense in depth.
• Borrower portal traffic is similarly scoped to the originating lender's tenant context; borrowers cannot access data belonging to other lender organizations.

4. Access Controls

Access to the Platform and to customer data is tightly controlled at every level:

• Multi-factor authentication (MFA) — required for all lender accounts on the Platform. MFA cannot be disabled.
• Role-based permissions — within each lender organization, administrators can assign granular roles (e.g., loan officer, underwriter, administrator) that limit which features and records each user can access.
• Least-privilege internal access — Lend Engine employees do not have standing access to customer databases. Any access required for support or debugging is temporary, logged, and must be approved through our access management workflow.
• Audit trails — all login events, permission changes, and data access are logged with timestamps and user identifiers.

5. Compliance Program

Lend Engine operates an active SOC 2 Type II compliance program. This means we have implemented the administrative controls, technical safeguards, and monitoring processes required for SOC 2 Type II, and are on the path to formal third-party audit and certification. We are not yet SOC 2 Type II certified and will communicate when certification is achieved.

Additional compliance considerations:

• HMDA awareness — the Platform is designed to support lenders subject to Home Mortgage Disclosure Act (HMDA) reporting obligations, with audit trails on all loan decisions to support regulatory data requests.
• Fair lending — AI underwriting outputs are designed to be explainable and auditable, supporting lenders' fair lending compliance programs.
• Data residency — all customer data remains in the United States in compliance with our standard data processing terms.

6. Vulnerability Management

We take a proactive approach to identifying and remediating security vulnerabilities:

• Penetration testing — regular penetration tests are conducted by independent third-party security firms. Findings are triaged and remediated on a priority basis.
• Dependency scanning — all third-party dependencies are continuously scanned for known CVEs using automated tooling integrated into our CI/CD pipeline.
• Patch SLA — critical CVEs are patched and deployed within 24 hours of disclosure. High-severity vulnerabilities are addressed within 7 days.
• Responsible disclosure — we operate a responsible disclosure program. Security researchers who identify valid vulnerabilities are acknowledged and, where appropriate, recognized in our security acknowledgments.

7. Incident Response

In the event of a confirmed security incident affecting customer data, Lend Engine commits to the following:

• 24-hour notification SLA — we will notify affected customers within 24 hours of confirming any breach that affects their data, consistent with our obligations under applicable data protection law.
• Incident scope and impact — initial notifications will include what data was affected, the nature of the incident, and the steps we are taking to contain and remediate.
• Post-incident review — all significant incidents receive a root cause analysis, and we share relevant findings with affected customers.
• Security updates — we publish material security updates to our status page at lendengine.ai/status.

Responsible Disclosure