Privacy Policy

Last updated: March 24, 2026

1. Information We Collect

When you use BpsHawk, we collect the following types of information:

  • Account information: When you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
  • Client mortgage data: Loan officers enter client mortgage details including credit scores (400–900 range), mortgage balances, property values, current interest rates, loan types and terms, property types, occupancy status, state, loan-to-value ratios, LO compensation rates, fixed closing costs, high-balance indicators, and LLPA waiver status. This data is entered voluntarily and stored to provide the service.
  • Financial modeling parameters: For loan scenario analysis, loan officers may enter additional parameters such as marginal tax rates, expected appreciation rates, investment return rates, and mortgage insurance rates.
  • Audit and change history: When client records are modified, we store a history of changes including the previous and updated values, the email address of the user who made the change, and a timestamp. When loan type conversions occur, we store a complete snapshot of the client record before and after the conversion.
  • Notification and alert data: Loan officers may create custom alerts and reminders associated with specific clients. These records may include client names, reminder messages, and scheduled dates.
  • Local storage data: We store your application preferences (such as theme selection and tutorial completion status) in your browser's local storage. This data does not leave your device.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the BpsHawk platform
  • Calculate LLPA-adjusted mortgage rates based on the client data you enter
  • Authenticate your identity and manage your account
  • Enforce role-based access so loan officers only see their own clients
  • Send notifications when rate changes affect your clients
  • Maintain audit trails of data changes for accuracy and accountability
  • Monitor and resolve application errors to ensure platform reliability

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase. We implement the following security measures:

  • Row Level Security (RLS): Database-level policies ensure that loan officers can only access their own client records. Admin users have broader access for platform management.
  • Encryption: All data is encrypted in transit using TLS/SSL. Data at rest is encrypted by our database provider.
  • Authentication: We use Supabase Auth with Google OAuth, which handles token management and session security.

4. Nonpublic Personal Information (NPI)

BpsHawk processes nonpublic personal information (NPI) as defined by the Gramm-Leach-Bliley Act (GLBA). This includes client financial data such as credit scores, mortgage balances, and property values that loan officers enter into the platform.

  • BpsHawk operates as a service provider and data processor, not as a financial institution. Your employing brokerage or lending institution is the financial institution responsible for GLBA compliance with respect to your borrowers.
  • NPI is used solely to provide the pricing calculation and client management features of the platform.
  • NPI is not shared with non-affiliated third parties except the service providers listed in Section 5, which process data solely to operate the platform.
  • We maintain administrative, technical, and physical safeguards to protect NPI, including row-level database security, encryption in transit and at rest, and OAuth-based authentication.
  • NPI is never sold or shared for marketing, advertising, or any purpose unrelated to platform operation.

Loan officers and their employing brokerages remain responsible for their own GLBA privacy notices and compliance obligations to their borrowers and clients.

5. Data Sharing

We do not sell, rent, or trade your personal information or client data to third parties. Your data may be processed by the following service providers solely to operate the platform:

  • Supabase: Database hosting, authentication, and real-time data infrastructure
  • Google: OAuth authentication provider
  • Vercel: Application hosting and deployment
  • Sentry: Error monitoring and performance tracking. When application errors occur, Sentry may receive your email address and user identifier to help diagnose issues. Sentry does not receive client mortgage data in normal operation.

We may disclose information if required by law or to protect the rights, safety, or property of BpsHawk or its users.

6. Data Retention

Your account data and client records are retained for as long as your account is active. If you wish to delete your account and all associated data, you may request deletion by contacting us. Upon account deletion, all your client records and personal data will be permanently removed from our systems.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your client data

To exercise any of these rights, contact us at the email address listed in Section 13.

8. Cookies and Local Storage

BpsHawk does not use tracking cookies or third-party analytics. We store your preferences in your browser's local storage. Authentication session tokens are managed by Supabase and stored as secure HTTP-only cookies.

9. Children's Privacy

BpsHawk is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

10. Geographic Scope

BpsHawk is a United States-only service designed for mortgage professionals operating under U.S. federal and state lending regulations. All data is processed and stored in the United States.

11. Breach Notification

In the event of a data breach affecting nonpublic personal information, BpsHawk will notify affected users within a reasonable timeframe consistent with applicable state and federal breach notification laws. Notification will be sent via the email address associated with your account.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify users through the application. Your continued use of BpsHawk after any changes indicates your acceptance of the updated policy.

13. Contact Information

For privacy inquiries, data access requests, or questions about this policy, contact us at danielfernandez9371@gmail.com.