Security at LendingIQ

LendingIQ is built for regulated and security-conscious organizations. We implement administrative, technical, and organizational controls designed to protect the confidentiality, integrity, and availability of data processed through our Services. Security is a shared responsibility: customers configure access, integrations, and data flows according to their policies.

• Encryption in transit using industry-standard TLS for data transmitted over public networks.
• Encryption at rest for stored data where supported by our infrastructure and product design.
• Logical separation of customer environments and access boundaries consistent with enterprise SaaS practice.

• Role-based access and least-privilege principles for LendingIQ personnel accessing production systems.
• Strong authentication options for customer accounts; support for SSO may be available per plan or agreement.
• Logging of administrative and security-relevant events for investigation and audit support.

• Hosting on reputable cloud providers with physically secured data centers and resilient networking.
• Patching, configuration management, and change control aligned with operational risk management.
• Backups and disaster recovery procedures designed to support business continuity objectives; RPO/RTO may vary by service tier.

• Secure development practices including code review, dependency management, and testing appropriate to risk.
• Separation of development, staging, and production environments.
• Vendor and subprocessor due diligence for critical services.

• Monitoring for anomalies, abuse, and security events affecting the Services.
• Documented incident response procedures, including assessment, containment, remediation, and customer notification where required by contract or law.

We design and operate controls with reference to widely recognized frameworks. Formal audit reports, penetration test summaries, or detailed questionnaires may be available to customers under NDA as part of enterprise procurement. Availability depends on program maturity and your agreement—contact us for the current package.

In a shared responsibility model, customers typically should:

• Manage user provisioning, deprovisioning, and permissioning within their organization.
• Protect API keys, credentials, and integration secrets.
• Classify data appropriately and ensure lawful basis and notices for any personal or regulated data sent to the Services.
• Keep connected systems (identity providers, LOS/LMS, etc.) patched and configured securely.

If you believe you have found a security vulnerability in our Services, please report it to ashish.kaushik@lendingiq.ai with a clear description, steps to reproduce, and your contact information. We ask that you do not perform testing that degrades production services or accesses others' data. We will work with you to investigate and remediate valid issues in good faith.

Security questions or requests for documentation: ashish.kaushik@lendingiq.ai

LendingIQ — 3rd Floor, 732, Chinmaya Mission Hospital Rd, Indira Nagar 1st Stage, Stage 1, Indiranagar, Bengaluru, Karnataka 560038, India