Privacy Policy

Sync Wave Analytics ("we", "us", "our") operates the Loanly platform. This Privacy Policy describes how we collect, use, store, and protect information when you use our Service. We are committed to protecting the privacy and security of your data, particularly given the sensitive nature of financial information.

Account Information: Name, email address, phone number, job title, and organization details provided during registration.

Loan Data: Borrower information, loan applications, financial documents, underwriting data, and related records submitted through the Service. This data is owned by you and your institution.

Usage Data: Log data including IP addresses, browser type, pages visited, actions taken, and timestamps. This helps us improve the Service and ensure security.

Device Information: Device type, operating system, and browser version for compatibility and security purposes.

We use collected information to: (a) provide and maintain the Service; (b) authenticate users and enforce access controls; (c) process and display loan pipeline data; (d) generate reports and analytics for your institution; (e) send service-related notifications; (f) improve and optimize the Service; (g) comply with legal obligations; (h) detect and prevent fraud or abuse.

All data is stored in encrypted databases hosted on Neon (PostgreSQL) with TLS encryption in transit. Documents are stored in Appwrite Storage with encryption at rest and antivirus scanning. We implement role-based access controls, session management, and audit logging. We follow industry-standard security practices including regular security reviews and monitoring.

We do not sell, rent, or trade your personal information or Customer Data. We may share information only: (a) with service providers who assist in operating the Service (database hosting, file storage) under strict data processing agreements; (b) if required by law, regulation, or legal process; (c) to protect our rights, property, or safety; (d) with your explicit consent.

We retain Customer Data for the duration of your subscription plus 30 days to allow for data export. Usage logs are retained for up to 12 months. Upon account termination, you may request complete deletion of your data. We will process deletion requests within 30 business days.

Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to or restrict processing; (e) receive your data in a portable format; (f) withdraw consent. To exercise these rights, contact us at privacy@loanly.dev.

We recognize the sensitive nature of financial data processed through Loanly. We implement additional safeguards for financial information including: encrypted storage for sensitive fields (SSN, EIN), immutable audit trails for all data access and modifications, role-based access ensuring users only see data relevant to their function, and session timeouts after 8 hours of inactivity.

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking. Analytics cookies may be used to understand Service usage patterns, and you can opt out of these through your browser settings.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will take steps to delete it promptly.

Your data may be processed in the United States where our servers are located. By using the Service, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place for any international data transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this policy indicates when it was last revised.