How we protect your data & platform.

1. Scope and our role

This Security Policy describes the security practices The Lenders Network applies to the systems and information we control in connection with:

• Our public websites, forms, and loan comparison tools.
• Back‑end systems used to route leads to lenders and track campaign performance.
• Internal administrative tools and data stores that support our business.

It does not describe the security controls of independent lenders, brokers, or other partners. When your information is sent to those companies, they become responsible for securing it under their own policies and legal obligations.

For how and when we share information with partners, see the “How we share your information” section of our Privacy Policy.

2. Our security objectives

We design our security program with three core objectives in mind:

• Confidentiality — protecting information from unauthorized access.
• Integrity — reducing the risk of unauthorized or accidental changes to data.
• Availability — keeping our platform reasonably available and resilient.

We use a risk‑based approach: not every system gets the same controls, but systems that handle more sensitive data or play a critical role in our comparison platform are protected with stronger safeguards.

3. Data in transit and at rest

To reduce the risk of unauthorized access while data is moving or stored, we use measures that typically include:

3.1 Data in transit

• Using HTTPS/TLS for web traffic between your browser and our sites, where supported.
• Encrypting connections between certain internal services and databases, where appropriate.
• Monitoring for misconfigurations or certificates that need to be renewed.

3.2 Data at rest

• Storing data in environments that support industry‑standard encryption at rest.
• Applying logical separation of environments (for example, separating production from testing).
• Implementing backup strategies to help protect against data loss and support recovery.

Encryption is one important layer of security, but it does not remove the need for access controls, monitoring, secure development practices, and user vigilance.

4. Access controls and internal practices

We limit access to systems and data based on job responsibilities and operational needs. Our approach typically includes:

• Role‑based access to production systems and data, restricted to personnel who need it.
• Authentication requirements, which may include strong passwords and multi‑factor authentication where appropriate.
• Regular reviews of active accounts and permissions, especially when roles change.
• Separation of duties in key processes where practical.

Staff with access to sensitive systems are expected to follow security and privacy guidelines, including proper handling of user information and reporting suspicious activity.

5. Infrastructure, vendors, and third‑party services

The Lenders Network relies on hosting providers, cloud platforms, and third‑party services to operate our comparison site and internal tools. We aim to work with reputable providers that maintain their own security programs.

Our vendor management efforts typically include:

• Selecting providers that publish security and compliance information appropriate to their services.
• Using contracts that include data protection and security terms where reasonable.
• Limiting the data shared with a vendor to what is needed for their function.

Even with careful selection, no third‑party provider is risk‑free. Our use of a particular vendor does not mean we are endorsing every aspect of their operations or that they are immune to incidents.

6. Secure development and change management

We work to reduce security risks introduced by changes to our platform by:

• Using version control and change‑tracking for code and configuration.
• Applying testing and review processes before major changes go live.
• Monitoring production systems for anomalies that might indicate issues.

Not every change is reviewed at the same level of depth, but higher‑risk changes (for example, those that affect authentication, data flows, or key infrastructure) receive more scrutiny.

7. Incident detection and response

We monitor our systems for unusual activity that may suggest security issues, such as:

• Suspicious login attempts or access patterns.
• Unexpected spikes in traffic, errors, or resource usage.
• Alerts from infrastructure providers or security tools.

When we become aware of a potential incident, our general goals are to:

• Contain and investigate the issue.
• Assess impact on systems and data.
• Coordinate remediation steps (such as rotating credentials, patching, or hardening configurations).
• Notify affected users or authorities where required by law or contract.

Our incident response processes are designed to be reasonable and risk‑based, but they cannot guarantee that every incident will be detected or remedied instantly.

8. Your role in keeping your information secure

Security is a shared responsibility. You can help protect your information when using The Lenders Network by:

• Using up‑to‑date browsers and operating systems.
• Keeping your devices protected with passcodes and, where appropriate, security software.
• Being cautious about links or attachments in emails or texts that claim to be from us or from lenders.
• Checking that you are on the correct website domain before entering sensitive details.
• Contacting us if you notice suspicious activity or communications that do not seem legitimate.

If you re‑use the same email or phone number across multiple services, a compromise elsewhere can affect your interactions here. We cannot secure systems or accounts that we do not control.

9. Limitations, residual risk, and no guarantee

We take reasonable steps to safeguard the information we control, but:

• No website, app, or online service can be completely secure.
• Threats, attack methods, and vulnerabilities change over time.
• Vendors, ISPs, and other third parties can experience outages or security events beyond our direct control.

Accordingly, The Lenders Network cannot and does not:

• Guarantee that unauthorized access, disclosure, or loss of data will never occur.
• Promise uninterrupted or error‑free operation of our comparison tools.
• Accept responsibility for security failures solely attributable to third‑party systems or your own devices.

These limitations should be read together with the disclaimers and limitation‑of‑liability sections in our Terms of Use.

10. How security relates to privacy and data retention

Security, privacy, and data retention are related but not identical:

• Security focuses on protecting data from unauthorized access, use, or alteration.
• Privacy focuses on what information we collect, why we collect it, and how we share and use it.
• Retention focuses on how long we keep data and when we delete or de‑identify it.

We may retain certain information for business, legal, or security reasons even after it is no longer actively used, for example to investigate fraud, maintain logs, or comply with record‑keeping obligations.

For more about what we collect and how long we keep it, see our Privacy Policy.

11. Changes to this Security Policy

We may update this Security Policy from time to time to reflect:

• Changes in our systems, vendors, or technology.
• Updates to legal or regulatory expectations.
• Adjustments in our security program over time.

When we make material changes, we will update the “Last updated” date at the top and may provide additional notice where required by law. Your continued use of our services after an update takes effect indicates that you acknowledge the updated Security Policy, to the extent permitted by law.

12. How to contact us about security

If you have questions about this Security Policy or believe you’ve encountered a security issue involving The Lenders Network, you can contact us at:

Email
support@thelendersnetwork.com

Mail
The Lenders Network
3131 McKinney Ave, Suite 668
Dallas, TX 75204

Phone
(214) 501‑5382

If you are reporting a potential vulnerability or security incident, please include as much relevant, non‑sensitive detail as you can (for example, URLs, error messages, and timestamps) so we can investigate. Do not send passwords or full credit card numbers in your report.