We Work Hard to Keep Your Data Safe.
The Safety of Your Financial and Personal Data is Our Top Priority.
It’s stressful enough to secure home financing, so we hope to prevent additional stress by ensuring your financial and personal information is safeguarded. That’s why we have put a combination of approaches into place, including the right people, leading-edge technical processes and robust physical systems that safeguard your data and personal information.
Strict user permissions
User access and permissions are only granted on a need to know basis.
Two-factor authentication
For an extra level of protection, we use two factor authentication.
Password entropy
Passwords are hashed and salted and have strict entropy requirements.
Encryption
All sensitive data is scrambled with bank-level encryption both at rest and in transit.
Tracking & lockouts
Any user with suspicious behavior is automatically locked out of the system.
Development best practices
We stay up to date with development best practices, such as OWASP Top 10.
“At Neat, we know that multiple technical safeguards can go a long way in protecting your personal information. You can think of our layered approach as a vault, inside a castle, surrounded by a moat, with crocodiles and sharks in the moat.” - Steve Herschleb, CTO
We Use Multiple Technical Safeguards to Protect Your Data.
Bank-Level Data Encryption
We use 128-bit encryption technology to protect your username, password and other personal account information when you're using our site or apps. Encryption is a way of scrambling your data so that only trusted parties can read it. We use regularly updated SSL certificates so you can always verify and trust that you are communicating with our website. Once the data is stored in a database, all sensitive information is secured in an encrypted format.
Note: You'll know your information is encrypted when the neatloans.com page you're on starts with "https://" and you see a lock symbol in your web browser.
Safeguarding Your Credentials
Even though our online mortgage application may require you to provide your credentials to other services, such as your payroll system, we never store your third-party credentials on our servers. When Neat logs into third-party systems on your behalf, we have read-only access, which means we cannot initiate any changes, transfers or withdrawals. We use these features in our mortgage application exclusively for data gathering.
Third-Party Data Centers
All our servers and databases are housed in security third-party data centers. These data centers are protected with multiple layers of access controls, and are staffed around the clock with guards. Additionally, the vast majority of our data is electronic, meaning all of the above protections can be utilized. In the rare cases where a physical document is required, the documents are stored in locked filing cabinets, and the data is shredded and destroyed as soon as it is no longer needed. Electronic copies of physical documents are only retained for as long as it may be required by law and our company record retention policies–once they are no longer needed, the information is purged.
Vulnerability Scanning
We regularly review our code for security vulnerabilities, and we keep up to date on the newest technologies to stay ahead of the attackers. We use automated vulnerability scanners to detect and alert us of any potential gaps in our defenses.
Hiring Policies & Technical Security Training
Our corporate code of conduct outlines the integrity and ethical standards we expect from our employees. The code includes specific guidelines about how we expect employees to protect confidential information (including your account and personal information), as well as guidelines to limit our employees access to your confidential information. Most importantly, access to all systems is restricted, and only people who “need to know” will review your data, and all of our home loan advisors are state-licensed professionals.
Additionally, our hiring policy requires all employees to undergo a background check and receive formal security training upon gaining employment at Neat. On the technical front, our developers have undergone extensive technical security training. We use modern web development technologies that have built-in protection against the most commonly used exploits, and we regularly review our code for potential vulnerabilities.
Security Certifications
We have implemented a comprehensive set of security measures and practices to keep your sensitive data safe. We are very proud to have successfully completed the Service Organization Control (SOC) 2 Type 1 compliance certification, which is a key auditing standard developed by the American Institute of Certified Public Accountants. Having achieved this milestone indicates that external auditors have independently verified that we have internal controls and processes in place around security and availability. This provides our customers comfort that we keep their data secure and our service is reliable.