Security & Trust

‍Last updated July 6, 2026

Our approach

LoanLight is built with security as a core requirement. We apply least-privilege access, encryption, continuous monitoring, and a controlled development process to protect customer and borrower data across our platform.

Data protection

  • Encryption in transit. All data transmitted between customers and LoanLight is encrypted using TLS 1.2 or higher.

  • Encryption at rest. Data stored in our production environment is encrypted at rest using industry-standard, managed encryption.

  • Data handling. LoanLight processes borrower information solely to provide the service, in accordance with our customer agreements. We act as a data processor on behalf of our lender customers.

Infrastructure

LoanLight runs on Amazon Web Services (AWS). Our production environment is deployed across multiple availability zones for resilience, and we rely on AWS's audited physical and environmental controls for the underlying infrastructure.

Access control

Access to production systems and data is granted on a least-privilege, role-based basis through individual accounts, with multi-factor authentication required. Access is reviewed periodically and removed promptly when no longer required.

Secure development

Changes to our platform follow a controlled process: all code changes are peer-reviewed and pass automated testing before reaching production, with direct changes to production blocked. This provides an auditable record of every change.

Monitoring and incident response

We monitor our systems and infrastructure for security and operational events, with alerting to our engineering team. We maintain an incident response process to identify, respond to, and learn from any security incidents.

Vendors and subprocessors

We carefully evaluate the third-party providers that support our platform. Providers that may process customer data are subject to contractual data-protection and confidentiality obligations, and we review their security posture.

Independent testing

LoanLight's external environment is subject to independent penetration testing annually. 

Compliance

LoanLight is undergoing a SOC 2 examination. A report is in progress.

Contact

Security questions or reports: security@loanlight.com.

Lighting the way to modern, AI-driven underwriting. Let's chat!