Security & data protection.
How we protect the information you share when you apply for capital or onboard as a lender.
Encryption
All borrower data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Bank account and routing numbers are stored using application-layer encryption with keys held in a hardened secrets vault — never in plaintext.
Access controls
Access to borrower records is role-based and audited. Only authorized personnel with a legitimate underwriting or servicing need can view a file. Every read and write is logged.
Authentication
All operator accounts require strong passwords with leaked-credential protection. Administrative access requires multi-factor authentication. Inactive sessions terminate automatically.
Vendor management
We share data with lender partners and document-processing vendors only when required to advance a deal. All vendors are bound by written confidentiality and data-protection terms.
Infrastructure
Our systems run on hardened cloud infrastructure with continuous monitoring, automated patching, and isolated environments for production data. Backups are encrypted and tested.
Incident response
We maintain a written incident-response plan. If a security event occurs that materially affects your information, we will notify affected parties promptly in line with applicable law.
Reporting a vulnerability
Responsible disclosure is welcome. Email security@summitprivatecredit.com with reproduction steps; we acknowledge within two business days.