Privacy Policy

Information We Collect

1. Account Information

When you register for an account, we collect:

• Name: First and last name for personalization
• Username: Your unique identifier on our platform
• Email Address: For account recovery, password resets, and service notifications
• Phone Number: Optional, for additional contact methods
• Location: Optional state or region, used to connect you with local professionals
• Password: Stored securely using industry-standard encryption (bcrypt hashing). We never store your password in plain text.

2. Conversation Data

To provide our AI-powered mortgage and real estate assistance, we collect and store:

• Chat Messages: Your questions and our AI-generated responses, linked to your account
• Conversation History: Complete chat history for continuity across sessions
• Timestamps: When each message was sent
• Query Logs: We log the first 500 characters of each question along with response metadata for service improvement and abuse prevention

3. Document Uploads

If you upload documents for analysis, we process:

• File Types: PDF, TXT, PNG, JPG, and JPEG files (up to 12 MB)
• Extracted Text: Text extracted from uploaded documents is stored temporarily in your session and sent to our AI provider for analysis. Document contents are not permanently stored after your session ends.

4. Mortgage Calculator Tools

LoanSpace.ai provides several mortgage calculator tools, including an Affordability Calculator, Amortization Schedule, Rent vs. Buy Comparison, Debt-to-Income Calculator, Closing Costs Estimator, Refinance Calculator, and Property Cost Lookup. These tools process your inputs (such as income, loan amounts, interest rates, and property values) entirely within your browser. We do not store, transmit, or log any of the financial figures you enter into these calculators.

5. Lead Capture Forms ("Connect with a Lender")

Several pages on our site include a "Connect with a Lender" form where you may voluntarily provide:

• Full Name: To identify you to a mortgage professional
• Email Address: So the professional can contact you
• State: To match you with a licensed professional in your area
• Phone Number: Optional, for additional contact

This information is stored in our database and shared with one vetted mortgage professional in your area. We also record the page source (e.g., which calculator you were using), your IP address, and browser user agent for fraud prevention. Submitting a lead form constitutes your consent to be contacted by a mortgage professional.

6. Mortgage Readiness Funnel

Our homepage includes an interactive questionnaire ("How Ready Are You?") that asks about your loan goals, property details, credit range, finances, and timeline. We collect your responses, generate a readiness score, and store all answers along with a session identifier. If you provide your contact information after viewing your score, it is stored as a lead record (see section 5 above). We track which steps you view and which options you select for analytics purposes.

7. Usage and Technical Data

We automatically collect certain information when you use our service:

• IP Address: Used for rate limiting, security, and fraud prevention. IP addresses are stored in hashed form for analytics and in plain form in server logs.
• Session Information: A unique session identifier, login times, and session duration
• Question Counts: The number of questions asked per day (used to enforce usage limits for non-registered users)

8. Location Data

We may infer your approximate location (state level) from information you provide during conversations. This is used to connect you with local mortgage and real estate professionals and to recommend relevant homebuyer programs. We do not collect precise GPS or geolocation data.

9. Information from Non-Registered Users

If you use LoanSpace.ai without creating an account, we still collect limited data including your IP address (hashed), session identifier, question text, and interaction data. Non-registered users are limited to 5 questions per day.

10. Mobile App Data

If you use the LoanSpace.ai iOS app, we may collect the following additional information:

• Push Notification Tokens: When you grant notification permissions, your device's push notification token is sent to and stored on our server so we can deliver notifications about your mortgage journey. You can revoke this permission at any time in your device's Settings.
• Biometric Authentication: If you enable Face ID or Touch ID sign-in, your login credentials are stored securely in your device's Keychain (Apple's on-device secure enclave). These credentials never leave your device and are not transmitted to our servers. We do not collect or store any biometric data (fingerprints, facial scans, etc.).
• Engagement Tracking: The app tracks lightweight engagement counts locally on your device (using localStorage) to determine when to prompt for an App Store review. This data is not sent to our servers.

How We Use Your Information

We use the collected information for the following purposes:

• AI-Powered Assistance: Your conversation history and uploaded documents are sent to our AI provider (Google Gemini) to generate relevant mortgage and real estate guidance. See "Third-Party Services" below for details.
• Professional Referrals: When you ask for a recommendation, we use your location to match you with sponsored mortgage lenders or real estate agents in your area. We track which recommendations are shown and whether you interact with them (see "Sponsor Recommendations" below).
• Lead Referrals: If you express interest in connecting with a mortgage professional — whether through our AI chat, the "Connect with a Lender" forms on our calculator pages, or the Find a Lender page — we collect your name, email, state, and optional phone number and share this information with one vetted mortgage professional so they can contact you.
• Mortgage Readiness Assessment: Your funnel questionnaire responses are used to generate a personalized readiness score and recommendations. We analyze aggregate funnel data (step completion rates, popular goals) to improve the user experience.
• Account Management: To maintain your account, authenticate your identity, and enable features like password reset
• Service Improvement: To analyze usage patterns, monitor performance, and improve our AI responses
• Security and Abuse Prevention: To detect fraud, enforce rate limits, and prevent bot activity
• Communications: To send password reset emails and, where applicable, lead referral confirmations

Sponsor Recommendations and Lead Referrals

LoanSpace.ai partners with mortgage lenders and real estate agents ("sponsors") and may recommend them to you based on your location and needs. You should be aware of the following:

Recommendation Tracking

When we show you a sponsor recommendation, we log the following for analytics purposes: the sponsor shown, your location (state level), whether you are a registered user, a session identifier, and the general topic of your question. We also track whether you click on a sponsor's phone number, email, or website link.

Lead Referrals

If you indicate interest in being connected with a recommended professional, we may ask for your name, email address, and phone number. This information, along with a summary of your conversation, is sent directly to the sponsored professional via email so they can follow up with you. These referrals are a core part of how LoanSpace.ai operates and generates revenue.

Third-Party Services

LoanSpace.ai uses the following third-party services to operate. Your data may be processed by these providers in accordance with their own privacy policies:

• Google Gemini (AI Processing): Your conversation history, location, uploaded document text, and related context are sent to Google's Gemini API to generate AI responses. Google's privacy practices govern how this data is handled on their end.
• Microsoft Graph (Email): We use Microsoft's Graph API to send transactional emails, including password reset links and lead referral emails to sponsors. Your email address and, in the case of lead referrals, your name, phone number, and a conversation summary are transmitted through this service.
• Cloudflare Turnstile (Bot Prevention): We use Cloudflare's Turnstile service during account registration to verify that you are a real person. This may involve Cloudflare collecting technical data about your browser and interaction.
• Google Ads (Conversion Tracking): We use Google Ads conversion tracking (gtag.js) across our site to measure the effectiveness of our advertising campaigns. This may involve Google placing cookies on your browser and collecting data about your visit, including pages viewed and actions taken. Google's advertising privacy policy governs how this data is used.
• Google Sign-In (OAuth): If you choose to sign in with Google, we receive your name, email address, and profile picture from Google to create or authenticate your account. We do not receive your Google password. Google's privacy policy governs how your data is handled on their end.
• Apple Push Notification Service (APNs): If you use our iOS app and enable push notifications, your device token is routed through Apple's Push Notification Service to deliver notifications. Apple's privacy policy governs their handling of this data.
• Freddie Mac (Mortgage Rates): We display current mortgage rate data sourced from Freddie Mac's Primary Mortgage Market Survey. No personal data is shared with Freddie Mac.
• Hosting and Infrastructure: Our application and database are hosted on cloud infrastructure providers that may process your data as part of providing hosting services.

Data Security

We implement the following security measures to protect your information:

• Password Encryption: All passwords are hashed using bcrypt before storage
• Secure Connections: HTTPS encryption for all data transmission
• Database Security: PostgreSQL with access controls and parameterized queries to prevent injection
• Session Management: HTTP-only, secure cookies with a 2-hour session timeout
• Two-Factor Authentication: Optional MFA available for admin accounts using time-based one-time passwords (TOTP)
• Bot Prevention: CAPTCHA verification and rate limiting to prevent automated abuse
• Biometric Security (iOS App): Login credentials for biometric sign-in are stored in Apple's Keychain, protected by the device's Secure Enclave hardware. Credentials are never transmitted or stored on our servers.

Data Sharing

We share your data in the following circumstances:

• Sponsored Professionals: If you opt in to a lead referral, your name, contact information, and a conversation summary are shared with the recommended mortgage lender or real estate agent
• AI Processing: Conversation data and document contents are sent to Google Gemini for generating responses
• Email Services: Email addresses are processed through Microsoft Graph for sending password resets and lead referral emails
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger or acquisition, with prior notice to affected users

Data Retention

We retain your information as follows:

• Account Data: Retained while your account is active
• Conversation History: Stored indefinitely unless you delete individual conversations or your account
• Query Logs: Question usage logs and recommendation logs are retained indefinitely for analytics and service improvement
• Lead Records: Information shared with sponsors is retained in our records and cannot be recalled once sent
• Session Data: Temporary session data expires after 2 hours of inactivity
• Uploaded Documents: Document content is held in your session only and is cleared when your session ends or you log out
• Push Notification Tokens: Device tokens are retained while your account is active or until you disable notifications. Tokens are automatically replaced when your device generates a new one.

Account Deletion

You may delete your account at any time from your Account Settings. When you delete your account:

• Your user profile and login credentials are permanently deleted
• Your conversation history is permanently deleted
• Anonymized usage logs (question counts, recommendation analytics) may be retained for aggregate reporting but will no longer be linked to your identity
• Lead referral records that have already been sent to sponsors cannot be recalled

Your Rights and Choices

You have the following rights regarding your personal information:

• Access: View your account information and conversation history at any time through the application
• Correction: Update your account information through Account Settings
• Deletion: Delete your account and associated conversations permanently
• Opt-Out of Referrals: You can decline lead referrals during conversation. We will not share your contact information with sponsors unless you agree.

To exercise any of these rights or to request additional information about your data, please contact us at the address below.

Children's Privacy

LoanSpace.ai is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of LoanSpace.ai after changes are posted constitutes acceptance of the updated policy.