LendMatrix

FeaturesIntegrationsPricingSecurityBlogAboutContact
Sign InContact Sales

Security Policy

Last Updated: January 22, 2025

At LendMatrix, security is our top priority. We implement industry-leading security measures to protect your data and ensure the integrity of our platform.

Encryption Everywhere

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) to ensure maximum protection.

Multi-Tenant Isolation

Strict data isolation ensures your organization's data is completely separate from other tenants.

Secure Infrastructure

Hosted on enterprise-grade infrastructure with 99.9% uptime SLA and automatic failover.

24/7 Monitoring

Continuous security monitoring and automated threat detection to identify and prevent attacks.

1. Data Encryption

1.1 Encryption in Transit

All data transmitted between your browser and our servers is protected using:

  • TLS 1.2 or higher: Industry-standard transport layer security
  • HTTPS only: All connections are encrypted; HTTP is automatically redirected to HTTPS
  • Perfect Forward Secrecy: Session keys cannot be compromised even if long-term keys are leaked
  • Certificate validation: Valid SSL/TLS certificates from trusted certificate authorities

1.2 Encryption at Rest

All data stored in our databases and file systems is encrypted:

  • AES-256 encryption: Military-grade encryption for all stored data
  • Database encryption: PostgreSQL data is encrypted at the storage level
  • File encryption: Uploaded documents are encrypted before storage
  • Backup encryption: All backups are encrypted using the same standards

1.3 Password Security

  • Passwords are hashed using bcrypt with per-user salts
  • We never store passwords in plain text or reversible encryption
  • Password reset tokens are single-use and time-limited (1 hour expiration)
  • Minimum password requirements enforced (8+ characters, complexity rules)

2. Access Control and Authentication

2.1 User Authentication

  • JWT tokens: Secure token-based authentication with expiration
  • Session management: Automatic session timeout after inactivity
  • Email verification: Required for all new account registrations
  • Two-factor authentication (2FA): Available for enhanced account security (roadmap)

2.2 Role-Based Access Control (RBAC)

LendMatrix implements granular role-based permissions:

  • 7 user roles: ADMIN, MANAGER, UNDERWRITER, SALES_REP, ISO, SYNDICATOR, MERCHANT
  • Principle of least privilege: Users only access data necessary for their role
  • Data scoping: Merchants see only their data; ISOs see only their deals
  • Permission inheritance: Admins and Managers have broader access; regular users have restricted access

2.3 Multi-Tenant Isolation

Every organization's data is strictly isolated:

  • Unique tenant IDs prevent cross-tenant data access
  • All database queries automatically scoped by tenant
  • No shared resources between tenants (except infrastructure)
  • Tenant administrators cannot access other tenants' data

3. Infrastructure Security

3.1 Hosting and Deployment

LendMatrix is hosted on Render.com with enterprise-grade security:

  • Infrastructure hosted in secure, SOC 2 compliant data centers
  • Geographic redundancy for disaster recovery
  • DDoS protection and web application firewall (WAF)
  • Network isolation and private networking
  • 99.9% uptime SLA with automatic failover

3.2 Database Security

  • PostgreSQL with encryption at rest
  • Automated daily backups with 30-day retention
  • Point-in-time recovery capabilities
  • Restricted database access (no direct public access)
  • Parameterized queries to prevent SQL injection

3.3 Application Security

  • Regular security updates and dependency patching
  • Input validation and sanitization on all user inputs
  • Protection against common vulnerabilities (XSS, CSRF, injection attacks)
  • Secure coding practices and code reviews
  • Rate limiting to prevent abuse and DDoS attacks

4. Security Monitoring and Logging

4.1 Security Monitoring

  • 24/7 automated monitoring for security threats
  • Intrusion detection and prevention systems
  • Real-time alerts for suspicious activity
  • Regular security scans and vulnerability assessments

4.2 Audit Logging

Comprehensive audit trails for security and compliance:

  • User authentication events (logins, logouts, failed attempts)
  • Account changes (email changes, password resets, role updates)
  • Data access and modifications
  • Administrative actions (user management, settings changes)
  • Logs retained for 1 year for security analysis
  • IP address and user agent tracking for security investigations

4.3 Incident Response

In the event of a security incident:

  • Immediate investigation and containment
  • Affected customers notified within 72 hours
  • Root cause analysis and remediation
  • Post-incident review and security improvements

5. Data Backup and Disaster Recovery

5.1 Backup Strategy

  • Automated daily backups: Full database backups every 24 hours
  • Continuous backups: Transaction logs backed up every 5 minutes
  • Geographic redundancy: Backups stored in multiple regions
  • Encrypted backups: All backups encrypted with AES-256
  • 30-day retention: Point-in-time recovery up to 30 days

5.2 Disaster Recovery

  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 5 minutes
  • Automated failover to backup infrastructure
  • Regular disaster recovery testing
  • Documented recovery procedures

6. Employee Access and Training

6.1 Access Policies

  • Employees have access only to data necessary for their job functions
  • Production data access requires approval and is logged
  • No employee has unrestricted access to customer data
  • Access credentials are unique per employee (no shared accounts)
  • Access is immediately revoked upon employee departure

6.2 Security Training

  • All employees receive security awareness training
  • Regular updates on security best practices
  • Phishing and social engineering awareness
  • Secure coding practices for engineering team

7. Compliance and Certifications

7.1 Current Status

  • GDPR Ready: Platform supports GDPR compliance requirements
  • CCPA Compliant: Data privacy controls for California users
  • Security Best Practices: Following OWASP Top 10 and industry standards

7.2 Security Roadmap

We are committed to continuous security improvements:

  • SOC 2 Type II: Audit in progress (expected completion 2025)
  • Penetration Testing: Annual third-party security assessments
  • Bug Bounty Program: Planned for 2025
  • ISO 27001: Long-term certification goal

8. Responsible Disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Email security details to: contact@lendmatrix.ai with subject "Security Vulnerability"
  • Provide detailed description of the vulnerability and steps to reproduce
  • Allow us reasonable time to address the issue before public disclosure
  • We will acknowledge receipt within 48 hours and provide updates on remediation

We appreciate the security community's efforts in keeping LendMatrix secure for all users.

9. Security Questions

For security-related questions or concerns:

Email: contact@lendmatrix.ai

Subject Line: Security Inquiry

Commitment to Security

Security is not a one-time effort but an ongoing commitment. We continuously improve our security posture through regular audits, employee training, and adoption of best practices. Your trust is our most valuable asset, and we take our responsibility to protect your data seriously.

LendMatrix

The modern MCA platform built for scale. Automate your workflow, track performance in real-time, and grow your portfolio with confidence.

Product

FeaturesPricingIntegrationsSecurity

Company

AboutBlogContactSupport

Legal

Privacy PolicyTerms of ServiceSecurityCookiesCompliance

© 2025 LendMatrix. All rights reserved.

Bank-level encryption

99.9% uptime

GDPR ready

contact@lendmatrix.ai