User access and permissions are only granted on a need to know basis.
For an extra level of protection, we use two factor authentication.
Passwords are hashed and salted and have strict entropy requirements.
All sensitive data is scrambled with bank-level encryption both at rest and in transit.
Any user with suspicious behavior is automatically locked out of the system.
We stay up to date with development best practices, such as OWASP Top 10.
We use 128-bit encryption technology to protect your username, password and other personal account information when you're using our site or apps. Encryption is a way of scrambling your data so that only trusted parties can read it. We use regularly updated SSL certificates so you can always verify and trust that you are communicating with our website. Once the data is stored in a database, all sensitive information is secured in an encrypted format.
Note: You'll know your information is encrypted when the neatloans.com page you're on starts with "https://" and you see a lock symbol in your web browser.
Even though our online mortgage application may require you to provide your credentials to other services, such as your payroll system, we never store your third-party credentials on our servers. When Neat logs into third-party systems on your behalf, we have read-only access, which means we cannot initiate any changes, transfers or withdrawals. We use these features in our mortgage application exclusively for data gathering.
All our servers and databases are housed in security third-party data centers. These data centers are protected with multiple layers of access controls, and are staffed around the clock with guards. Additionally, the vast majority of our data is electronic, meaning all of the above protections can be utilized. In the rare cases where a physical document is required, the documents are stored in locked filing cabinets, and the data is shredded and destroyed as soon as it is no longer needed. Electronic copies of physical documents are only retained for as long as it may be required by law and our company record retention policies–once they are no longer needed, the information is purged.
We regularly review our code for security vulnerabilities, and we keep up to date on the newest technologies to stay ahead of the attackers. We use automated vulnerability scanners to detect and alert us of any potential gaps in our defenses.
Our corporate code of conduct outlines the integrity and ethical standards we expect from our employees. The code includes specific guidelines about how we expect employees to protect confidential information (including your account and personal information), as well as guidelines to limit our employees access to your confidential information. Most importantly, access to all systems is restricted, and only people who “need to know” will review your data, and all of our home loan advisors are state-licensed professionals.
Additionally, our hiring policy requires all employees to undergo a background check and receive formal security training upon gaining employment at Neat. On the technical front, our developers have undergone extensive technical security training. We use modern web development technologies that have built-in protection against the most commonly used exploits, and we regularly review our code for potential vulnerabilities.
We have implemented a comprehensive set of security measures and practices to keep your sensitive data safe. We are very proud to have successfully completed the Service Organization Control (SOC) 2 Type 1 compliance certification, which is a key auditing standard developed by the American Institute of Certified Public Accountants. Having achieved this milestone indicates that external auditors have independently verified that we have internal controls and processes in place around security and availability. This provides our customers comfort that we keep their data secure and our service is reliable.