How LenderIQ protects deal data, controls access, and defines the boundaries of the platform.
LenderIQ is built for specialist property finance workflows where deal data is sensitive. We apply industry-standard controls across authentication, storage and platform access. Security is treated as an ongoing operational responsibility — not a one-time certification claim. New organisations can evaluate the platform before subscribing — request guided trial access.
Deal data is accessible only to authenticated users within the relevant organisation. Borrower intake links are tokenised and scoped to individual deals. Privileged platform access is limited to defined administrative functions.
Brokers see deals they originate or are assigned to within their firm. Lenders see deals submitted to them or uploaded to their pipeline. Borrowers see only their own intake portal. Cross-organisation visibility occurs only where a deal is explicitly shared through the Deal Journey workflow.
User roles — broker, lender, borrower and admin — determine portal access and available actions. Permissions are enforced server-side on each request, not only in the interface.
Material deal actions — status changes, document uploads, submissions and key edits — are logged with timestamps and actor identity. Audit trail export is available on selected plans. Logs support internal compliance review; they do not constitute an independent audit.
Traffic to lenderiq.co.uk is served over TLS (HTTPS). Database connections and third-party API calls use encrypted transport. Session handling uses our authentication provider's secure cookie model.
The Platform runs on managed cloud infrastructure. Application hosting and database services are selected for reliability and security posture. Personal data is primarily stored and processed within the United Kingdom. Subprocessor detail is set out in our Privacy Policy.
Retention periods vary by data type, role and plan. Active account data is retained for the duration of the subscription. Deal records may be archived or deleted in accordance with our data management policies. See the Privacy Policy for the full retention position.
We target high availability but do not guarantee uninterrupted access. Scheduled maintenance is communicated where practicable. The Terms of Service set out the platform availability position and exclusion of liability for downtime.
LenderIQ processes personal data under UK GDPR. We act as data controller for account and billing data, and as data processor for deal data submitted by Brokers and Lenders. Our Privacy Policy and Terms of Service define roles, lawful bases and user obligations.