LoanLensBrokers

Privacy Policy

Last Updated: 28 March 2026

1. Introduction

This Privacy Policy describes how LoanLens ("we", "our", or "us") collects, uses, stores, and protects personal information when you use our loan simulation and document management platform (the "Service").

We are committed to protecting your privacy and complying with applicable Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Account Information

We may collect:

  • Name
  • Email address
  • Business name
  • Login credentials

2.2 Borrower and Client Information

Users may input borrower/client data, including:

  • Names
  • Loan details
  • Financial inputs
  • Notes and scenarios

This information is stored solely to enable functionality of the Service.

We do not use borrower information for marketing.

2.3 Uploaded Documents (Document Portal)

When a broker creates a document portal for their client, and the client uploads files through it, we collect:

  • Uploaded files such as payslips, bank statements, tax returns, identification documents, and other financial records
  • File metadata including the original file name, file size, and file type
  • Client name and email as provided by the broker when creating the portal

How uploaded documents are handled:

  • All files are encrypted with AES-256-GCM before being stored. Each portal has a unique encryption key.
  • Only the broker who created the portal can download and decrypt the files. LoanLens staff cannot access the content of uploaded documents.
  • Uploaded files are stored on servers in Australia (Cloudflare R2, Asia-Pacific region).
  • All uploaded files are automatically and permanently deleted after 30 days from the date the portal was created. This cannot be extended.
  • When files are deleted, the encryption key is also destroyed so that any residual data can never be recovered.
  • Portal metadata (client name, item labels, file names) is anonymised after the 30-day retention period.

2.4 Usage Data

We may collect:

  • IP address
  • Device and browser information
  • Usage behaviour
  • Log data

On the public document upload page (accessed by clients without an account), we collect only essential technical data required to operate the service. We do not run behavioural analytics or session recording on the document upload page.

2.5 Cookies

We use cookies to:

  • maintain sessions
  • improve usability

Authenticated pages may also use analytics cookies to improve the Service. The public document upload page does not use analytics cookies.

3. How We Use Information

We use information to:

  • operate the platform
  • generate loan simulations
  • securely transfer documents between clients and brokers
  • store user data
  • improve the Service
  • ensure security

4. No Sale of Personal Data

We do not sell, rent, or trade personal information.

5. Aggregated and Anonymised Data

We may use data in aggregated and anonymised form for:

  • analytics
  • product improvement
  • industry insights

This data:

  • cannot identify individuals
  • contains no personal identifiers

We reserve the right to use, publish, or sell aggregated anonymised data only.

6. Data Sharing

We may share data with:

  • Cloudflare — file storage (R2, Australia region)
  • Neon — database hosting (Sydney, Australia)
  • Vercel — application hosting (global CDN with origin in Australia)
  • Resend — transactional email delivery
  • Statsig — product analytics (authenticated pages only)
  • Stripe — payment processing

All providers must:

  • comply with confidentiality obligations
  • use data only for service delivery

7. Data Security

We implement:

  • AES-256-GCM encryption for uploaded documents (at rest)
  • HTTPS encryption (in transit)
  • Per-portal encryption keys with envelope encryption
  • Secure cloud infrastructure hosted in Australia
  • Access controls and ownership verification
  • Automatic 30-day file deletion with encryption key destruction
  • Monitoring systems

However, no system is completely secure. If we become aware of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals in accordance with the Notifiable Data Breaches scheme.

8. Data Retention

  • Uploaded documents: Automatically and permanently deleted 30 days after the portal is created. Encryption keys are destroyed at the same time.
  • Portal metadata: Client names, email addresses, and file names associated with expired portals are anonymised after the retention period.
  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Usage data: Retained in anonymised form for analytics purposes.

9. Your Rights (Australia)

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal obligations)

If you uploaded documents through a portal and need to access, correct, or delete your information, you can:

  1. Contact your broker directly
  2. Email us at privacy@loanlens.app

We will respond to access and correction requests within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Overseas Data Transfers

Your data is primarily stored and processed in Australia:

  • Database: Sydney, Australia (Neon PostgreSQL, ap-southeast-2)
  • Uploaded documents: Australia (Cloudflare R2, Asia-Pacific region)
  • Application hosting: Vercel (global CDN with Sydney origin)

Some service providers may process data outside Australia:

  • Statsig (analytics, authenticated pages only): United States
  • Resend (email delivery): United States
  • Stripe (payment processing): United States

Where data is transferred overseas, we take reasonable steps to ensure the recipient complies with the Australian Privacy Principles or is subject to substantially similar privacy protections.

11. Third-Party Services

We are not responsible for third-party privacy practices. We recommend reviewing the privacy policies of any third-party services you interact with.

12. Changes to Policy

We may update this policy from time to time. We will notify users of material changes via email or a prominent notice on the Service.

Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact

LoanLens Email: privacy@loanlens.app General support: support@loanlens.app

Terms of ServicePrivacy PolicyDisclaimerBack to LoanLens