Privacy Policy.

Introduction & Scope

Lendmire, LLC (“Lendmire,” “we,” “us,” or “our”) is a multi-state licensed mortgage broker headquartered in Boone, North Carolina.

We help consumers locate suitable mortgage products from third-party lenders.

This Privacy Policy explains how we collect, use, disclose, protect, and retain Personal Information (“PI”) across all channels — website, mobile, phone, email, SMS/MMS, social media, advertising, electronic signatures/records, and in-person communications — nationwide. A condensed “Notice at Collection” with links to this Policy and the CPRA matrix appears on the first page where we request PI.

Continued use of our services indicates acceptance of this Policy.

Key Definitions

Personal Information (“PI”)

Information that identifies, relates to, describes, or could reasonably be linked to an individual.

Non-Public Personal Information (“NPI”)

Consumer financial information protected under the Gramm-Leach-Bliley Act (GLBA).

Sensitive Personal Information (“SPI”)

SSN, driver-license/ID number, precise geolocation, financial-account credentials, biometric identifiers, and similar data governed by state privacy laws.

Sale

Disclosure of PI for monetary or other valuable consideration as defined by applicable state law.

Sharing / Targeted Advertising

Cross-context behavioral advertising or disclosure for targeted ads as defined by applicable state law (even if no monetary exchange).

Profiling

Automated processing of PI to evaluate personal aspects (e.g., economic situation, interests) for marketing or similar purposes.

Consumer / Customer

An individual who inquires about or applies for services; a “customer” is one who establishes an ongoing relationship with us.

Information We Collect

• Identifiers — name, postal address, email, phone, date of birth, SSN, driver-license or government-ID.
• Financial & Loan-Application Data — income, employment, credit reports, bank statements, assets, liabilities, property addresses, loan terms sought.
• Biometric & Identity-Verification Data — selfie/liveness checks or facial templates captured by trusted vendors for KYC; collected only with written consent and destroyed per law.
• Technical & Usage Data — IP address, device IDs, browser/OS, cookies, pixels, clickstream.
• Approximate Geolocation & Analytics — derived from IP/device.
• Third-Party Data — credit-bureau data, verification services, public records, referral partners.
• Communication Records — call recordings (with notice), voicemail, email, SMS/MMS, chat logs, e-signature audit trails, consent histories.

We collect SPI only when required for mortgage processing or fraud prevention and never for unrelated purposes. We do not knowingly sell or share PI of minors under 16.

Sources of Information

• Directly from you — forms, uploads, calls, texts, and electronic signatures (E-SIGN Act).
• Automatically — cookies, pixels, device analytics.
• Identity-Verification Vendors — selfie/ID match tools, fraud databases.
• Third Parties — credit bureaus, referral partners, government agencies.

How We Use Information

• Mortgage Brokerage Services: evaluate eligibility, submit applications to lenders, obtain credit approvals, provide loan-status updates.
• Identity, Fraud & Security: KYC checks, sanctions screening, cybersecurity monitoring, regulatory reporting.
• Marketing (with Consent): email newsletters, SMS alerts, retargeted ads, referral campaigns.
• Compliance & Legal: GLBA, FCRA (Adverse-Action Notices), ECOA, TCPA, CAN-SPAM, state privacy laws.
• Operations & Improvement: analytics, site performance, quality assurance, staff training.

Communications, Marketing & Consent

6.1 SMS/Text Messaging Program

Opt-in by checkbox or keyword; messages may be sent via autodialer. Frequency varies. Standard message & data rates may apply. Text STOP to opt-out; HELP for help. No purchase required. Carriers are not liable for delayed/undelivered messages.

6.2 Email Marketing & CAN-SPAM

All commercial emails include clear sender ID, truthful subject lines, our postal address, and a functional unsubscribe link (active ≥ 30 days) or email [email protected].

6.3 Telephone Calls & Telemarketing

Calls are made only with prior express written consent (TCPA/TSR). When recording in two-party consent states, we provide notice at the start of the call. Pre-screened credit offers: opt-out nationwide at 1-888-5-OPT-OUT (1-888-567-8688). Join our internal Do-Not-Call list via any method in Contact; consents are retained for ≥ 4 years.

6.4 Electronic Signatures & Records (E-SIGN)

You may receive disclosures and sign electronically. Withdraw E-SIGN consent or request paper copies anytime (see Contact). Withdrawal won’t affect prior actions.

Compliance Framework

We follow GLBA (Privacy/Safeguards/Pretexting), FTC Safeguards Rule, FCRA/Reg V, ECOA/Reg B, E-SIGN, TCPA/TSR, CAN-SPAM, COPPA, MAP Rule (Reg N), biometric laws (IL BIPA, TX CUBI), and state privacy statutes (including CA CPRA, CO CPA, CT DPA, DE PDPA, TX DPSA, UT UCPA, VA VCDPA, NV, VT, and others as enacted), and other applicable state security and privacy requirements where relevant, including the New York SHIELD Act.

Your Privacy Rights

Depending on your state, you may:

• Access and obtain a copy of your PI;
• Correct inaccurate PI;
• Delete PI (subject to legal exceptions);
• Opt-out of: (a) sale of PI, (b) sharing for cross-context behavioral advertising (targeted advertising), and (c) profiling in furtherance of decisions for marketing/ads;
• Limit use and disclosure of SPI;
• Port your data to another provider;
• Withdraw consent for marketing or profiling where processing is based on consent.

We will not discriminate against you for exercising your rights.

8.1 Authorized Agents

Agents may submit requests with notarized authorization or a valid power-of-attorney. We verify the agent and your identity before acting.

8.2 Appeals

If we deny your request, email [email protected] with “Appeal” in the subject. We respond within 45 days; unresolved appeals may be escalated to your state Attorney General.

How to Exercise Rights: Email [email protected], call (828) 256-2183, or mail us (see Contact).

Information Sharing & Disclosures

Disclosures occur only as permitted/required:

• Service Providers & Vendors: credit bureaus, CRM, cloud/analytics (SOC-2 Type II; breach notice duty).
• Lenders & Investors: underwriting/closing partners.
• Regulators/Law Enforcement: audits, subpoenas, fraud prevention.
• Corporate Transactions: merger/acquisition with notice.

GLBA Notices: We provide an initial privacy notice at relationship start and an annual privacy notice thereafter when required by Regulation P.

Third-Party Websites & Links

External sites follow their own policies; Lendmire is not responsible for their practices.

When you click third-party links, those providers may independently collect information via cookies, pixels, or other tracking technologies. We do not control those third-party practices, and their collection is governed by their privacy policies.

Vendor Oversight & International Transfers

Vendors must sign DPAs with GLBA-level safeguards, provide annual audits, notify breaches, and use Standard Contractual Clauses (SCCs) or similar for offshore processing. Where required by state law, residents may request a list of foreign jurisdictions and safeguards used.

Security Measures

• AES-256 encryption at rest; TLS 1.2+ in transit
• MFA, least-privilege, role-based access
• 24/7 SOC, log monitoring
• Annual pen-tests; quarterly vulnerability scans
• Employee background checks & training
• Board-level review of risk assessments
• Incident Response Plan & 50-state breach-notification matrix

Our safeguards program is designed to meet or exceed GLBA, the FTC Safeguards Rule, and applicable state standards, including Massachusetts 201 CMR 17.00, where relevant.

Data Retention & Secure Disposal

Mortgage records: ≥ 5 years post-closing (RESPA/state law). Biometric templates: destroyed when purpose fulfilled or ≤ 3 years after last interaction (e.g., IL BIPA). Consents & audit logs: ≥ 4 years post-opt-out (TCPA safe harbor). Business records: as needed or per legal hold.

Data-Minimization & Deletion: In addition to the schedules above, we retain PI only for as long as reasonably necessary and proportionate to the purposes described, and we delete or anonymize PI when no longer needed unless a legal hold applies.

Secure destruction follows NIST SP 800-88 methods.

Automated Decision-Making & Profiling

Automated tools may expedite eligibility review; a human underwriter reviews final credit decisions. You may request manual reconsideration. You may also opt-out of profiling used for targeted advertising (see §8).

Cookies, Pixels & Global Privacy Control

We use essential, analytics, and advertising cookies. Our banner enables granular opt-in/opt-out for targeted ads and profiling. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a valid opt-out in states that recognize such signals. We retain cookie-consent choices for at least 12 months and propagate your opt-out selection to downstream advertising partners through industry-standard mechanisms.

Children & Minors

Services are for adults 18+. We do not knowingly collect, sell, or share PI of anyone under 16.

Arbitration & Governing Law

Except where prohibited or restricted by state law, disputes are resolved by binding arbitration in Boone, NC (AAA rules). If applicable state law limits or invalidates mandatory arbitration for consumer contracts, this clause will not apply and your state-specific rights and forum will govern. North Carolina law governs to the extent not preempted by federal or applicable state law.

Non-Discrimination & Financial Incentives

We do not offer financial-incentive or loyalty programs tied to PI. We will not discriminate against you for exercising privacy rights.

State-Specific Disclosures & Future Updates

Rights vary by state. We maintain a continuously updated State Disclosures & Licensing page showing where we operate as a broker and the states where we are licensed as a lender. We review this Policy at least annually and update it as laws change. Material changes will be posted with a new “Last Updated” date and, where required, additional notice.

CPRA / Multi-State Categories Matrix

The following summaries list typical categories of Personal Information, why we use them, who we disclose them to, whether they are sold/shared, and typical retention periods.

Version: 2026-04-29  ·  © 2022–2026 Lendmire, LLC. All rights reserved.