Privacy Policy
Last Updated: January 2026
1. Introduction
Fintor, Inc. ("Fintor," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our AI–powered mortgage automation platform (the "Service") and our website at www.fintor.com.
Fintor provides AI agents that assist mortgage lenders with loan processing, document verification, compliance checks, and borrower communication. Our Service is designed for business customers ("Customers") including retail and wholesale mortgage lenders.
Important: When we process data on behalf of our Customers as a service provider, our Customers' privacy policies govern that processing. This Privacy Policy applies to information we collect directly from you and information we process as a data controller.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, company name, job title, and other information you provide when creating an account or contacting us.
- Payment Information: Billing address and payment details (processed by our payment processor; we do not store full payment card numbers).
- Communications: Information you provide when contacting support, requesting demos, or communicating with us.
2.2 Information Collected Automatically
- Usage Data: Information about how you interact with our Service, including features used, actions taken, timestamps, and performance metrics.
- Device Information: Browser type, operating system, device identifiers, and IP address.
- Cookies and Similar Technologies: We use cookies and similar technologies as described in our Cookie Policy.
2.3 Customer Data
Our Customers may upload loan files, borrower information, and other documents to the Service ("Customer Data"). We process Customer Data solely on behalf of our Customers as a service provider. Our use of Customer Data is governed by our Customer agreements, including our Data Processing Addendum.
3. How We Use Information
We use the information we collect for the following purposes:
- Provide and Improve the Service: To operate, maintain, and improve our AI agents and platform functionality.
- Customer Support: To respond to inquiries, provide technical support, and resolve issues.
- Communications: To send service–related notices, updates, and promotional materials (with your consent where required).
- Security and Compliance: To detect and prevent fraud, enforce our terms, and comply with legal obligations.
- Analytics: To analyze usage patterns and improve user experience (using aggregated, anonymized data).
4. AI and Data Processing
4.1 No Training on Customer Data
Fintor does not use Customer Data or Content to train our AI models. Our AI agents process data to provide the Service, but this data is not used for model training or improvement.
4.2 Subprocessor Commitments
Our AI subprocessors are contractually prohibited from training models on Customer Data and from retaining or logging Customer Data beyond what is necessary to process requests.
4.3 Human–in–the–Loop
Our Service is designed for human oversight. AI agent actions are logged and auditable. Customer personnel maintain control over final decisions.
4.4 Data Minimization
We collect and process only the data necessary to provide the Service. Customer Data is processed ephemerally where possible and deleted in accordance with configured retention policies.
5. How We Share Information
We may share information in the following circumstances:
- Service Providers: With vendors who assist us in providing the Service (cloud hosting, payment processing, analytics). These providers are bound by confidentiality obligations.
- AI Subprocessors: With AI infrastructure providers who process data to power our AI agents, subject to strict contractual protections.
- Legal Requirements: When required by law, legal process, or government request. We will notify you where legally permitted.
- Business Transfers: In connection with a merger, acquisition, or sale of assets. You will be notified of any change in ownership.
- With Consent: With your explicit consent for purposes not described in this Privacy Policy.
We do not sell your personal information.
6. Data Security
We implement industry–standard security measures to protect your information, including:
- Encryption: Data is encrypted at rest and in transit using AES–256 and TLS 1.2+.
- Access Controls: Role–based access controls, multi–factor authentication, and audit logging.
- Infrastructure Security: SOC 2 Type II certified cloud infrastructure with regular penetration testing.
- Incident Response: We maintain an incident response plan and will notify affected customers of security incidents as required by law and our agreements.
7. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
- Account Information: Retained while your account is active and for a reasonable period thereafter.
- Customer Data: Retained according to Customer–configured retention settings and deleted within 30 days of account termination.
- Usage Logs: Retained for up to 12 months for security and operational purposes.
8. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Portability: Request a copy of your data in a portable format.
- Opt–Out: Opt out of marketing communications at any time.
To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.
9. California Privacy Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: The categories and specific pieces of personal information collected, used, and disclosed.
- Right to Delete: Request deletion of personal information, with certain exceptions.
- Right to Opt–Out: We do not sell personal information. We do not use personal information for cross–context behavioral advertising.
- Non–Discrimination: We will not discriminate against you for exercising your privacy rights.
10. Mortgage Industry Compliance
Given the nature of our Service, we maintain compliance with applicable mortgage industry privacy requirements:
- GLBA Compliance: We implement appropriate safeguards to protect nonpublic personal information as required by the Gramm–Leach–Bliley Act.
- Safeguards Rule: We maintain a comprehensive information security program as required by the FTC Safeguards Rule.
- Service Provider Status: When processing data on behalf of our Customers, we act as a service provider and comply with all applicable service provider obligations.
11. International Data Transfers
Our Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses where required.
12. Children’s Privacy
Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
14. Contact us
If you have questions about this Privacy Policy or our privacy practices, please contact us: