About LenderIQ
LenderIQ Ltd ("LenderIQ", "we", "us", "our") operates the LenderIQ platform, a pre-underwriting and deal standardisation platform for the UK specialist property finance market.
The Platform enables the structured collection of deal and borrower data, applies algorithmic analysis and stress testing to that data, produces standardised Outputs, and facilitates the sharing of deal information between Brokers and Lenders.
LenderIQ is a technology platform only. It does not verify data submitted to it, does not assess the reasonableness of that data, does not provide financial advice, does not act as a lender, broker, intermediary, or introducer, and does not make credit or lending decisions. All Outputs are generated algorithmically from user-supplied data and are not independently verified or guaranteed. LenderIQ has no obligation to identify errors, inconsistencies, or omissions in any data submitted to the Platform.
This Privacy Policy sets out how LenderIQ collects, uses, stores, and shares personal data in the course of operating the Platform, and the rights available to individuals whose data is processed.
Our role as controller & processor
LenderIQ's role under UK data protection legislation — including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 — depends on the category of data being processed.
LenderIQ is the data controller in respect of:
- Account registration data for Broker and Lender users (including name, email address, and company details).
- Billing and payment information associated with Subscriptions.
- Technical and usage data generated through interaction with the Platform.
For this data, LenderIQ determines the purposes and means of processing and is responsible for ensuring that processing is lawful.
LenderIQ acts as a data processor in respect of personal data relating to Borrowers and other individuals whose data is submitted to the Platform by Brokers or Lenders in connection with deal activity. In these cases:
- the relevant Broker or Lender is the data controller.
- LenderIQ processes that data only on the instructions of the relevant Broker or Lender and for the purpose of operating the Platform's deal workflow.
- Brokers and Lenders are independently responsible for ensuring they have a lawful basis for submitting personal data to the Platform, for providing appropriate privacy notices to Borrowers and other data subjects, and for their own compliance with UK GDPR and all other applicable data protection legislation.
Where LenderIQ acts as a data processor, the processing of personal data is governed by applicable data processing terms. A Data Processing Addendum is available to organisational customers upon request.
Data we collect
LenderIQ collects only the data necessary to operate the Platform and provide its services. The categories of data collected are set out below.
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, company name, job title, account credentials | Provided by the User on registration |
| Billing data | Billing contact details, payment method tokens, subscription history | Provided by the User; processed via third-party payment provider |
| Deal data | Property address and type, loan amount, loan-to-value, loan term, exit strategy, deal structure | Submitted by Brokers or Borrowers via the Platform |
| Borrower financial & property data | Income or revenue information, asset details, development cost estimates, GDV, SDLT inputs, financial projections | Submitted by Borrowers via Broker-initiated flows, or directly by Brokers |
| Uploaded documents | Schedules of works, valuations, planning documents, or other deal-related files uploaded by Users | Uploaded by Brokers or Borrowers |
| Technical & usage data | IP address, browser type, device information, session activity, feature usage logs | Collected automatically when a User accesses the Platform |
| Communications data | Operational messages exchanged between Users via the Platform's messaging functionality | Generated by Users within the Platform |
LenderIQ does not collect special category personal data as defined by UK GDPR (such as health data, biometric data, or criminal records information) as part of its standard Platform operation. Where a User or Borrower incidentally includes such data in a document upload or free-text field, LenderIQ processes it solely as part of the deal workflow and does not use it for any other purpose. Users must not upload special category personal data unless strictly necessary and lawful, and remain solely responsible for doing so.
How we use data
LenderIQ uses personal data only for the purposes set out below. All use is strictly limited to what is necessary to operate the Platform and fulfil our obligations to Users.
- Providing access to the Platform and managing User accounts.
- Processing deal data submitted by Brokers and Borrowers to generate Outputs.
- Enabling Brokers to prepare and submit deal information to Lenders within the Platform workflow.
- Enabling Lenders to review deal information submitted to them.
- Facilitating operational messaging between Users in connection with deals.
- Monitoring Platform performance, diagnosing technical issues, and maintaining security.
- Analysing aggregated and anonymised usage patterns to improve Platform functionality. LenderIQ does not use individual deal or borrower data for this purpose in a form that identifies any individual.
- Processing Subscription payments and managing billing cycles.
- Communicating with Users about their accounts, Subscriptions, or changes to the Platform, this Privacy Policy or the Terms of Service.
- Detecting and preventing unauthorised access, misuse, or fraudulent activity on the Platform.
- Complying with legal obligations where required.
LenderIQ does not sell personal data. LenderIQ does not rent or licence personal data to third parties for commercial purposes, use Borrower data for independent marketing or profiling, use personal data for any purpose unconnected with operating the Platform, or use personal data to make decisions that produce legal or similarly significant effects on individuals.
Lawful bases for processing
Where LenderIQ acts as a data controller, processing is carried out on one or more of the following lawful bases under UK GDPR Article 6.
| Processing purpose | Lawful basis |
|---|---|
| Account registration and management | Performance of a contract (Article 6(1)(b)) |
| Subscription billing and payment processing | Performance of a contract (Article 6(1)(b)) |
| Operating and maintaining the Platform | Performance of a contract; legitimate interests (Article 6(1)(b) and (f)) |
| Security monitoring and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
| Service communications (account, policy, platform notices) | Legitimate interests; performance of a contract (Article 6(1)(b) and (f)) |
Where LenderIQ acts as a data processor in respect of deal and borrower data, processing is carried out on the documented instructions of the relevant Broker or Lender acting as data controller, who is responsible for identifying and maintaining a lawful basis for that processing.
Data sharing
Deal data submitted by a Broker is shared with Lenders only where the Broker has actively directed the deal to those Lenders within the Platform. Data is not shared with any Lender who has not been designated to receive it by the submitting Broker. LenderIQ does not independently determine which Lenders receive deal data. LenderIQ does not determine the suitability of any Lender for a particular deal and does not control or influence any decision by a Broker to share data with a Lender.
LenderIQ uses third-party infrastructure and service providers to operate the Platform, including cloud hosting, payment processing, and email delivery services. Such providers access personal data only to the extent necessary to perform their contracted services for LenderIQ and are bound by appropriate data processing and confidentiality obligations. LenderIQ does not permit such providers to use personal data for their own purposes.
LenderIQ may disclose personal data where required to do so by applicable law, court order, or regulatory authority. LenderIQ will use reasonable endeavours to notify the affected User of any such requirement, to the extent permitted by law.
In the event of a merger, acquisition, or sale of all or substantially all of LenderIQ's business or assets, personal data held by LenderIQ may be transferred to the acquiring entity. LenderIQ will notify affected Users of any such transfer and ensure that appropriate data protection obligations are maintained.
LenderIQ does not sell personal data, licence data to third parties for commercial gain, or distribute deal or borrower data outside the Platform workflow described in this section. No commercial arrangement affects the routing or distribution of data within the Platform.
AML, KYC & identity verification
LenderIQ does not perform identity verification, anti-money laundering (AML) checks, know your customer (KYC) procedures, or any other regulatory compliance verification in respect of any User, Borrower, or other individual whose data is processed on the Platform.
These obligations sit entirely with Brokers and Lenders. Brokers are responsible for conducting all AML, KYC, and client due diligence checks required under applicable law and their own regulatory permissions before submitting any deal or borrower data to the Platform. Lenders are similarly responsible for conducting all necessary checks in respect of counterparties before making any lending decision.
LenderIQ accepts no responsibility for any failure by a Broker or Lender to comply with their AML, KYC, or related regulatory obligations. The presence of data on the Platform does not imply that any identity, compliance, or creditworthiness check has been performed.
Platform outputs
Outputs generated by the Platform — including deal scores, stress test results, lender matching results, and commentary — are produced algorithmically from data entered by Users. LenderIQ does not independently verify the data on which Outputs are based, does not assess the reasonableness of that data, and does not guarantee the accuracy, completeness, or suitability of any Output for any purpose.
Outputs do not constitute financial advice, a credit assessment, a lending recommendation, or a representation of creditworthiness. Where personal data is used in the generation of an Output, that processing is carried out solely to fulfil the Platform's operational function as described in this Privacy Policy.
LenderIQ does not use personal data to make automated decisions with legal or similarly significant effects on individuals within the meaning of UK GDPR Article 22. Outputs are tools to assist professional Users in their own assessment processes and are not binding determinations of any kind.
Outputs may change over time as underlying data, models, assumptions, or lender criteria are updated, and LenderIQ has no obligation to notify Users of such changes.
Messaging
Where the Platform includes messaging functionality between Users, messages and any personal data contained within them are processed for the sole purpose of enabling operational communication between Brokers and Lenders in connection with deal activity.
- Messages are not part of any formal underwriting record and do not constitute regulated communications.
- LenderIQ does not guarantee the permanent retention of messages. Message data may be subject to the data retention practices described in Section 10.
- LenderIQ does not monitor message content for commercial, marketing, or profiling purposes.
- Users are solely responsible for any reliance they place on message content and for the personal data they choose to include in messages.
LenderIQ accepts no liability for any reliance placed on messages exchanged via the Platform.
Data retention
Where LenderIQ acts as data controller, personal data is retained for as long as necessary to fulfil the purposes for which it was collected, subject to any longer retention period required by applicable law or legitimate business necessity. In general:
- Account data is retained for the duration of the active Subscription and for a reasonable period thereafter to address any post-termination queries or disputes.
- Billing records are retained for the period required under applicable tax and accounting legislation.
- Technical and usage logs are retained for a limited period for security and diagnostic purposes and are then deleted or anonymised.
LenderIQ may archive or delete deal and borrower data in accordance with its internal data management policies. LenderIQ does not guarantee the permanent availability of deal data on the Platform. Brokers and Lenders are solely responsible for maintaining their own records and complying with their own data retention obligations under applicable law. Reliance on the Platform as the sole repository for deal or borrower records is not recommended. LenderIQ shall not be liable for any loss of data resulting from archiving, deletion, or retention practices carried out in accordance with this policy.
Lenders who receive deal data via the Platform are responsible for their own data retention and deletion practices in respect of that data. Lenders must delete or appropriately anonymise deal data when it is no longer required for their legitimate business purposes, in accordance with UK GDPR and any other applicable obligations.
Security
LenderIQ implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Role-based access controls limiting data access to authorised personnel and systems.
- Encryption of data in transit using industry-standard protocols.
- Secure cloud infrastructure maintained in accordance with recognised security standards.
- Monitoring and logging of access to sensitive data and systems.
LenderIQ does not warrant that the Platform is entirely free from security vulnerabilities or that unauthorised access can be entirely prevented. Users are responsible for maintaining the security of their own account credentials and must notify LenderIQ promptly if they become aware of any actual or suspected unauthorised access to their account. Users acknowledge that transmission of data over the internet is not completely secure and that LenderIQ cannot guarantee the security of data transmitted to the Platform.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, LenderIQ will notify the Information Commissioner's Office (ICO) and, where required, affected individuals in accordance with its obligations under UK GDPR.
International transfers
LenderIQ primarily stores and processes personal data within the United Kingdom. Where data is transferred to or processed by infrastructure providers located outside the UK, LenderIQ ensures that appropriate safeguards are in place in accordance with UK GDPR requirements for international data transfers, including reliance on adequacy decisions, standard contractual clauses, or other approved transfer mechanisms as applicable.
LenderIQ takes reasonable steps to ensure that any such transfers are subject to appropriate safeguards in accordance with applicable UK data protection legislation.
Your rights
Where LenderIQ acts as a data controller in respect of your personal data, you have the following rights under UK GDPR. These rights are subject to certain conditions and exemptions as set out in applicable legislation.
To exercise any of these rights, please contact LenderIQ using the details in Section 16. LenderIQ will respond to all valid requests within one calendar month of receipt, or notify you if an extension is required.
Where LenderIQ acts as a data processor in respect of deal or borrower data controlled by a Broker or Lender, rights requests relating to that data should be directed to the relevant Broker or Lender in the first instance, as they are the data controller for that data. LenderIQ will assist Brokers and Lenders in responding to such requests as required under applicable data processing terms.
Complaints
If you have a concern about the way LenderIQ has handled your personal data, please contact us in the first instance using the details in Section 16. We will investigate your concern and respond within a reasonable timeframe.
If you are not satisfied with our response, or if you consider that LenderIQ has processed your personal data unlawfully, you have the right to lodge a complaint with the UK supervisory authority:
Changes to this policy
LenderIQ may update this Privacy Policy from time to time to reflect changes in the Platform, applicable law, or our data handling practices. Where changes are material and where reasonably practicable, LenderIQ will provide no fewer than 14 days' notice by email to the address associated with your account, or by prominent notice within the Platform, before the changes take effect.
The effective date at the top of this policy indicates when it was last updated. Continued use of the Platform after the effective date of any update constitutes acceptance of the revised policy.
Contact
For all data protection enquiries, rights requests, or complaints, please contact LenderIQ at: