Proficient Home Finance
Powered by AnnieMac Home Mortgage

Trust Center

Security & Privacy

Mortgage and HELOC applications contain some of the most sensitive data you'll ever share online. Here's exactly how we protect it — and the regulators, auditors, and standards we answer to.

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest. Every uploaded pay stub, W-2, ID, and bank statement is encrypted the moment it leaves your device and remains encrypted on our servers.

Strict access controls

Role-based access on every record. Loan officers see only the files for clients assigned to them. All admin access is gated by single sign-on and multi-factor authentication.

SOC 2 Type II infrastructure

Hosted on SOC 2 Type II audited cloud infrastructure with isolated databases, automatic backups, and 24/7 intrusion monitoring. We never store data on local devices.

No selling. No ad tracking.

We do not sell your personal information. We don't run third-party ad pixels on application pages, and we never share your data with marketing partners without your written consent.

Compliant by design

Built to meet GLBA Safeguards Rule, RESPA, TILA, ECOA, and the SAFE Act. Annual independent penetration tests and quarterly vulnerability scans on every production system.

Active fraud monitoring

Identity verification on every application, device-fingerprinting on suspicious sessions, and automatic flagging of unusual document patterns to protect you from wire fraud and impersonation.

Licensed, Audited & Trusted

NMLS Licensed
Equal Housing Lender
BBB A+ Accredited Business
FHA Approved Lender
VA Loan Specialist
SOC 2 Type II Certified

NMLS #338923 · Equal Housing Lender · BBB A+ Accredited · FHA & VA Approved Lender · SOC 2 Type II audited cloud infrastructure.

What's protected when you apply

A typical mortgage or HELOC file contains 40+ data points and a stack of supporting documents. Every category below is treated as restricted personal financial information under GLBA.

Identity & contact

  • Full legal name
  • Date of birth
  • SSN (last 4 stored, full only during credit pull)
  • Government-issued ID
  • Address history

Income & employment

  • Employer & job title
  • Pay stubs and W-2s
  • Tax returns
  • Self-employment K-1s
  • The Work Number verifications

Assets & liabilities

  • Bank statements (linked via Plaid or uploaded)
  • Investment & retirement accounts
  • Existing mortgages and HELOCs
  • Monthly debt obligations

Property & credit

  • Property address & valuation
  • Credit reports from all three bureaus
  • Title and lien information
  • Homeowners insurance

How we keep it safe — end to end

  1. 1

    At submission

    Application data and document uploads travel over TLS 1.2+ from your browser directly to our encrypted application servers. Sensitive fields like SSN are masked in the UI and tokenized server-side.

  2. 2

    At rest

    Files land in an isolated, AES-256-encrypted storage bucket with object-level access policies. Database columns containing PII are individually encrypted using keys managed in a hardware security module.

  3. 3

    In processing

    Only the licensed loan officer and processor assigned to your file can view it. Every read, write, and document download is logged with user, IP, and timestamp — retained for seven years for audit.

  4. 4

    With investors and partners

    When your loan is delivered to an investor, GSE, or servicer, transfers happen over secure SFTP or encrypted APIs covered by signed data-protection agreements. Disclosures (RESPA Affiliated Business and GLBA Privacy Notice) are provided up front.

  5. 5

    At end of life

    We retain loan records for the period required by federal and state law (typically 7 years after the loan closes or is denied), then securely destroy electronic copies and shred any physical material.

Your rights

Under GLBA, FCRA, and state laws like the CCPA, you have specific, enforceable rights over the information we hold about you. We honor them all — see our Privacy Policy for the full text and how to exercise each one.

  • Access a copy of your file
  • Correct inaccurate information
  • Request deletion (subject to retention rules)
  • Opt out of information sharing where allowed
  • Receive our annual GLBA Privacy Notice
  • Dispute credit-report items via the bureaus

Report a security concern

Spotted a vulnerability, a phishing email impersonating us, or anything that looks off about your account? Tell us right away — we triage every report.

security@proficienthome.comOr contact our support team →