Data privacy
LoanPro's customer information measures to stay compliant with data privacy laws.
LoanPro takes data privacy very seriously and has implemented features to keep your information secure. Not only do these features protect your customer’s personal information, but they also keep your company in line with current lending laws and regulations.
Lending laws are in place at the state, federal, and international level, so the specific regulations an individual lender will have to follow depend on what state or country they operate within. Every lender should carefully research and follow the regulations governing them. Violating these laws will leave you liable to lawsuits, fines, and other penalties. Read more about lender laws in our compliance overview.
CCPA/PIPEDA and GDPR compliance
CCPA or California Consumer Privacy Act is intended to protect privacy rights for residents of the state of California, United States. This act allows customers to know what information data companies have regarding them. It gives them the right to consent or deny their information being sold or disclosed, the right to request all the information, and the right to have companies delete all the information they have regarding the customer.
PIPEDA or Personal Information Protection and Electronic Documents Act is a law that was passed in Canada and is very similar to the CCPA.
GDPR or General Data Protection Regulation is a law passed by the European Union (EU) to protect the data of citizens within the EU. Even if your company does not directly operate in the EU, this regulation applies to any organization that collects data from companies or individuals within the EU.
This regulation requires compliance for these seven principles:
- Lawfulness, fairness, and transparency.
- Purpose limitation.
- Data minimization.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality (security).
- Accountability.
This law keeps companies accountable and transparent with the data they collect, and ensures that data is thoroughly secured throughout their processes according to industry standards. Similarly to CCPA/PIPEDA, this law also gives customers the right to know what of their data you have, what their data is being used for, the right to request a copy of their data, and to request their data be deleted.
LoanPro has designed features with CCPA/PIPEDA and GDPR regulations in mind, ensuring our clients have the necessary tools to maintain compliance,
Sale of information
Inside of the customer manager and within an individual customer. There is a yes/no option regarding the sale/transfer of personal information. This button is defaulted to "Yes" for anyone over 16, and defaulted "No" for anyone 15 or younger. You can edit a customer to toggle whether selling and transferring personal information is allowed.
Navigate to Users > Customer Manager, and then select a specific customer. This will open the "Contact and Personal" information page.
Click edit and scroll down to the dropdown menu under ‘Sale/Transfer Personal Information’ and select either “Yes" or “No”. Be sure to click the ‘Save’ button at the top right of the page.
Export of information
If a customer makes a request for all the information your company has regarding them or for their information to be deleted, this can be accomplished by navigating inside of an account to Customer > Primary Customer > Customer Tools > CCPA/PIPEDA.
To export personal identifiable information, select the ‘Make Request’ button to the right of Export Personal Identifiable Information.
To open a section select to the right of the section name. Check the box of any variable you would like to export. To select all information available select ‘click here’. Once you have selected all of the information you would like to export, click ‘Export’.
Once the information is exported, a PDF file will be opened containing all exported information. This information can then be sent to the customer.
Deleting information
If a customer requests that their personal information be deleted from your company records, in LoanPro navigate inside the account to Customer > Primary Customer > Customer Tools > CCPA/PIPEDA.
To delete personal identifiable information, select the ‘Make Request’ button to the right of ‘Delete Personal Identifiable Information’.
To delete personal identifiable information, select the button to the right of ‘Delete Personal Identifiable Information’.
A window will open and allow you to start the Delete Personal Identifiable Information walkthrough. Make sure to read the important warnings in the first window of the walkthrough. Once this walkthrough is completed, the information requested to be deleted cannot be recovered. The information is completely removed from LoanPro to comply with the CCPA and PIPEDA.
To continue with the walkthrough, select ‘Yes’.
To open a section, click the arrow on the right. Check the box of any variable you would like to delete. To select all available information select 'click here'. Once you have selected all of the information you would like to delete, click ‘Next’.
You will then be asked to Confirm and Validate the personal identifiable information was deleted. Make sure to read each list item carefully before checking it off.
Once you have checked off each list item select ‘Next’. The last step of the walkthrough will ask you to authenticate your credentials before proceeding. To continue deleting, enter your LoanPro login credentials and click ‘Submit’. Once the request has been sent, you will see a green message saying ‘Request has been submitted’.
All information that was selected to be deleted will now be erased from the system. Any place where the information was previously recorded will either be set to Null, the default value, 0, or marked with XXXXXXX.
For more information on data security and customer privacy regulations read our Privacy Policy.
PCI DSS and security measures
Payment Card Information (PCI) Data Security Standards (DSS) were created to protect consumers and their card information. Now, any company that stores, processes, or transmits card data must follow PCI compliance standards. LoanPro has made it easy to follow these standards with Secure Payments. Secure Payments was developed to take payments and be PCI compliant so that the LoanPro loan management system (LMS) is not subject to inconvenient rules. Secure Payments helps you protect your consumers while keeping LMS efficient.
PCI standards
PCI compliance is broken down into twelve requirements across six categories:
Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Stored Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
Secure Payments’ security measures
Secure Payments follows all PCI requirements. When you use Secure Payments to store, process, or transmit data you can rest assured that you will be PCI compliant. Secure Payments has the following features to make compliance easier for you:
- Automatic log-out after five minutes
- Password expiration after 90 days
- Frequent API token changes
- Field validations: ensures credit/debit card data is not being stored in unintended fields (also in place in LoanPro LMS)
LoanPro was built with PCI compliance in mind. Each lender using LoanPro gets an account with Secure Payments, our PCI-compliant system for storing card and payment profile data processors. But, as we allow companies to choose their own issuers, it is up to our lenders to make sure information taken from a customer’s card is only accepted and saved through Secure Payments, and is not saved elsewhere along the card’s Authorization Path.
User access
Another way LoanPro ensures data is kept secure is through User Access. You will have many Agent Users, but not all of them need, or should, have access to all of the data your company has stored in LMS. To keep sensitive data secure, you can set the user’s role, and dictate what an Agent User can or cannot access. You can create different Roles for any specialty that uses LoanPro.
Here's a breakdown of the available tools you can use to grant and restrict access.
| Tool | Description |
| User Role-based Access | If you want to restrict access to specific areas of the software, the place to look is at user roles. A role lets you define what a user can see within the software, by setting user roles, you can restrict access to tabs in the software, or in some cases, restrict whether the user can view certain buttons. Once a role is created with our role-based access controls, it must be assigned to the Agent User in order to restrict that user's access. |
| Agent Walkthrough Role-Based Access | Standard roles can be assigned to Walkthroughs. These roles are no different than standard roles until they are assigned to a walkthrough, at which time they define the access a user will have when in a walkthrough. If a role is created and intended for use with a walkthrough, it is best to use the word walkthrough somewhere in the name of the role. Access granted by a walkthrough role supersedes access granted by an assigned agent role. This will ensure that a user can access all the needed areas in order to fulfill the purpose of a walkthrough. |
| Agent Walkthrough Groups | Walkthrough groups grant the user access to a specific group of walkthroughs. When creating a walkthrough group, you can choose exactly which walkthroughs members of the group will see when they use Agent Walkthroughs. |
| Search Restrictions (see below) | Search Restrictions are used to limit the accounts returned by a user search. You can set up a search restriction using the same set of filters that are used when searching for loans. This means that loans can move in and out of the allowed search results based on whether they fall within the parameters that define the restriction. |
| Restriction Groups (see below) | Restriction Groups or Frozen Resources let you restrict actions that a user is allowed to perform when inside a loan. |
| IP-Based Access | IP-Based Access lets you specify IP addresses from which the software can or can't be accessed. |
| Loan Views | Loan Views can be created that will show only selected data on the summary page for a loan account. |
Search restrictions
Search Restrictions limit agent users' access to accounts that are part of specific groups. Loans that are filtered out by the restrictions will also be restricted from the user's view in reporting tools. These restrictions are created at a company level and assigned to specific agent users. For example, if you want to allow members of your investment team to see only the accounts in specific portfolios, you can set a Search Restriction that will only allow them access to accounts in those portfolios.
To set Search Restrictions, you'll need to create a set of restriction parameters. Then, you'll need to assign the users the configuration you create.
Creating a search restriction
To create a Search Restriction, navigate to Settings > Company > Access > Search Restrictions.
Here, you'll be able to create, edit, and delete your Search Restrictions. To create a new set of restrictions, click the 'Add' button in the top corner.
When creating a new set of Search Restrictions, begin by giving the configuration a name. Next, select which search settings you'd like to grant access to. You can do this by clicking the categories to expand the available options. Click the checkbox located on the right, then click 'Configure Restrictions' to display the options available for the category.
The selected options will be viewable by those assigned to this restriction group. In the animated example above, only accounts that are between 0-30 days old will be viewable. All unselected options will be hidden from the user.
Creating source tracking search restrictions
If you use LoanPro's Source Tracking Manager to assign agent users to specific brick-and-mortar stores, you may want them to have access to their own store and cash drawers but not other locations. Search Restrictions on Source Tracking will limit the sources they see within the Source Tracking manager.
To view your Source Tracking Search Restrictions, navigate to Settings > Company > Access > Search Restrictions and click the 'Source Tracking' tab at the top of the page. This brings up a list of all the restrictions you've created. Each entry includes an ID, a name, and options to edit or delete it.
Click the 'Add' button in the top right corner to create a new restriction.
Next, create a name to help you keep track of the restriction, and select the companies you want the users with this restriction to see. Similar to Search Restrictions, the selected Source Tracking will be viewable while the unselected ones will not. Click ‘Save’ to save the search restriction.
Assigning search restrictions
After creating a Search Restriction configuration, you will need to assign it to your personnel. You can assign Search Restrictions to an agent user by navigating to Users > Agent Users inside your company account. Next, select the user who will be assigned the search restriction and click 'Edit' in the top right corner.
You can choose any of the search restriction groups and Source Tracking search restrictions you've created. For Source Tracking, you can also select "Affiliated Source Tracking Only" and select which companies the user will be associated with. Once you've selected your restrictions, click 'Save'. The agent user will now have a restricted view of specific accounts and sources.
Restriction groups
Restriction groups determine specific levels of access that an agent user has to groups of accounts. Restriction groups are different from search restrictions, but they work together to control agent user account access. Here is a breakdown of restriction groups:
- Restriction groups control the permission level within an account. While search restrictions control the search results on the Account Manager, restriction groups control the permissions a user has, if any, within a loan account.
- Restriction groups are based on rules. If a loan account qualifies for the rule (rule evaluates to TRUE), then the permission level granted to that restriction group will apply.
- Restriction groups are created at the company level. Agent users can be associated with none, one, or any number of restriction groups.
Here we will explain restriction groups, but also tools such as role-based access, shortcuts, and dashboard views also control how your personnel interact with accounts and the software.
Creating a restriction group
To create a restriction group, start by navigating to Settings > Company > Access > Restriction Groups inside your company’s account. Here, you can view, edit, and delete restriction groups settings.
To create a new restriction group, click 'Add'.
The top portion of this page is where you can enter the basic information about the restriction group. The bottom section is where you enter the rules that actually define account access permissions for the group.
The options in the top section include the following:
| Option | Description |
| Name | This is the name of the restriction group and should distinguish it from others in your settings. |
| Active | This toggle switch lets you choose whether this restriction group is active and can be assigned to agent users in your company. |
| Description | This is the description of the restriction group. |
The bottom section lets you define a rule, choose a level of access, and add an error message for the following account areas. Here are the available options:
Restricted resources
| Option | Description | Permission Settings |
| Loan | Applies to the entire loan account. |
|
| Loan Settings | Applies to the loan settings section of an account. |
|
| Loan Setup |
Applies to the loan setup section of an account. |
|
| Collateral Tracking | Applies to the loan setup section of an account. |
|
| Insurance Tracking | Applies to the insurance section of an account. |
|
| Escrow Transactions | Applies to the transactions section inside an individual escrow bucket. |
|
| Escrow Adjustments | Applies to the adjustments section inside an individual escrow bucket. |
|
| Escrow Settings | Applies to the settings section inside an individual escrow bucket. |
|
| Payment | Applies to the payments section of an account. |
|
| AutoPay | Applies to the AutoPays section of an account. |
|
| Charge | Applies to the charge section of an account. |
|
| Advancement | Applies to the advancement section of an account. |
|
| Credit | Applies to the credit section of the setup tools of an account. |
|
| Configurable Payment Schedule | Applies to the payment schedule tool in an account. |
|
| APD Adjustment | Applies to the APD Adjustment section of the setup tools of an account. |
|
| DPD Adjustment | Applies to the DPD Adjustment section of the setup tools of an account. |
|
| Loan Modification | Applies to the loan modification tool in the loan setup section of an account. |
|
| Suspend/Resume Interest | Applies to the suspend/resume interest section of the setup tools of an account. |
|
| Change Due Date | Applies to the change due date section of the setup tools of an account. |
|
| Document | Applies to the documents section of an account. |
|
| Note | Applies to the notes section of an account. |
|
| Checklist | Applies to the checklist section of an account. |
|
| Custom Field | Applies to the custom fields section of the setup tools of an account. |
|
| Loan Link | Applies to the loan links section of an account. |
|
| Disbursement | Applies to the estimated disbursements section of an individual escrow bucket. |
|
| Curtailment Dates | Applies to the curtailment date section of the setup tools of an account. |
|
| Escrow Calculator | Applies to the escrow calculator section of the setup tools of an account. |
|
| Enhanced Funding | Applies to the funding section of the setup tools of an account. |
|
| Promise | Applies to the Promises section of an account. |
|
To define a rule for a section, click 'Empty' in the Rule column for that section. Enter the rule that will determine whether access restrictions are applied to the section. Validate the rule and click 'Save'.
Choose the restriction option from the drop-down in the Access column. Click 'Empty' in the Error Message column and enter the error message users should see when they meet your chosen restrictions.
Once you have made all the changes needed to any of the sections that should be restricted by this group, click 'Save'.
Assigning restriction groups
Since restriction groups define a level of access for a specific set of accounts, you can assign more than one group to an agent user. To do this, navigate to ‘Profile & Access’ inside an agent user account.
Was this article helpful?