Security at LoanHQ
Last updated: May 25, 2026
Lenders trust LoanHQ with their loan books, and borrowers trust the lenders that use us. This page summarises the controls we put in place to honour both.
1. Encryption
All traffic between your browser and LoanHQ uses TLS 1.2 or higher. Data is encrypted at rest using AES-256 in our managed cloud environments.
Backups are encrypted with separate keys and stored in geographically distinct regions.
2. Access control
Internal access to production systems is restricted to a small group of engineers, gated by single sign-on, multi-factor authentication, and just-in-time elevation for sensitive actions.
Lender accounts support role-based access control out of the box. Lenders configure who in their team can view, write, or approve what.
3. Application security
Code changes go through peer review and automated security checks before reaching production. We perform regular dependency vulnerability scans and patch critical issues on an expedited schedule.
We engage external testers for periodic penetration tests and publish a summary of the results to customers on request.
4. Operational security
We maintain documented incident response runbooks and rehearse them quarterly. Production access is logged centrally; anomalies trigger automated alerts.
Vendors with access to production data are reviewed annually against our security questionnaire.
5. Compliance + certifications
Our platform aligns with widely-adopted security frameworks. Certifications and audit reports are available to customers under NDA.
Where customers operate in regulated environments — banking, fintech, microfinance — we will support their own audit and regulator interactions with documentation and SME time.
6. Reporting a vulnerability
If you believe you have found a security vulnerability in LoanHQ, please email security@loanhq.app with details. We will acknowledge within one business day and work with you to validate and address the report.
We do not pursue legal action against security researchers who act in good faith and follow our reporting guidelines.
Questions about this document? Email legal@loanhq.app.