Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

When you use BpsHawk, we collect the following types of information:

  • Account information: When you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
  • Client data: Loan officers enter client mortgage details including credit scores, property values, loan balances, property types, occupancy status, and state information. This data is entered voluntarily and stored to provide the service.
  • Usage data: We store your application preferences in your browser's local storage.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the BpsHawk platform
  • Calculate LLPA-adjusted mortgage rates based on the client data you enter
  • Authenticate your identity and manage your account
  • Enforce role-based access so loan officers only see their own clients
  • Send notifications when rate changes affect your clients

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase. We implement the following security measures:

  • Row Level Security (RLS): Database-level policies ensure that loan officers can only access their own client records. Admin users have broader access for platform management.
  • Encryption: All data is encrypted in transit using TLS/SSL. Data at rest is encrypted by our database provider.
  • Authentication: We use Supabase Auth with Google OAuth, which handles token management and session security.

4. Data Sharing

We do not sell, rent, or trade your personal information or client data to third parties. Your data may be processed by the following service providers solely to operate the platform:

  • Supabase: Database hosting, authentication, and real-time data infrastructure
  • Google: OAuth authentication provider
  • Vercel: Application hosting and deployment

We may disclose information if required by law or to protect the rights, safety, or property of BpsHawk or its users.

5. Data Retention

Your account data and client records are retained for as long as your account is active. If you wish to delete your account and all associated data, you may request deletion by contacting us. Upon account deletion, all your client records and personal data will be permanently removed from our systems.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your client data

7. Cookies and Local Storage

BpsHawk does not use tracking cookies or third-party analytics. We store your preferences in your browser's local storage. Authentication session tokens are managed by Supabase and stored as secure HTTP-only cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify users through the application. Your continued use of BpsHawk after any changes indicates your acceptance of the updated policy.