LO Radar
Book a demo
Legal

Privacy policy.

Last updated: June 7, 2026

LO Radar is a software product of TechStack LLC ("we," "us," "LO Radar"), built for individual mortgage loan officers. We take privacy seriously because the data you bring us — your past-client book — is the most sensitive asset in your business. This policy explains what we collect, what we do with it, and what we never do with it.

1. What we collect

We collect two categories of data:

(a) Account data — your name, email, mortgage license number, NMLS ID (optional), employer, billing address, and payment method. This is collected when you sign up and is used to operate your account.

(b) Past-client data you import — CSV exports from your LOS (Encompass, Calyx, Surefire, Jungo, MeridianLink, LendingPad, etc.) containing your past borrowers' names, contact information, loan terms (rate, original balance, term, ARM type and reset date, property address), and loan history. You control which fields are imported and you can delete the entire dataset at any time.

We do not collect: Social Security Numbers, credit reports, government ID images, bank account numbers, or any data classified as "non-public personal information" under the Gramm-Leach-Bliley Act (GLBA). We do not need that data and we will reject any import attempt that contains it.

2. How we use it

Past-client data is used exclusively to:

  • Run refinance, ARM-reset, anniversary, HELOC, cash-out, second-home, and credit-improvement analysis against current market data
  • Rank your past borrowers daily by projected annual savings if they refinanced today
  • Generate outreach drafts in your voice, with RESPA / TILA / TCPA compliance posture annotated inline
  • Provide attribution reporting on which alerts led to closed loans

We do not resell, share, or aggregate your past-client data with any third party. We do not use it to enrich a shared dataset. We do not use it to market to your past clients on our own behalf. Your book is your book.

3. The "we draft, you send" principle

LO Radar generates outreach drafts. LO Radar does not send messages on your behalf. Every email or text suggestion is presented for your review and is sent from your own email address, CRM, or phone — not from us. This is intentional and architectural:

  • It preserves your borrower's contact-consent record with you, the originating LO
  • It keeps TCPA liability cleanly under your existing consent framework
  • It prevents the appearance of a third-party broker under RESPA Section 8

If you ever want a "send for me" workflow, talk to us first — there is a legally clean way to do it but it requires explicit, written, per-borrower consent and we will not enable it without confirming you have that consent.

4. Compliance posture

LO Radar's data handling is built around four regulatory frameworks loan officers operate under:

  • GLBA (Gramm-Leach-Bliley Act) — we treat all past-client information as non-public personal information and apply appropriate safeguards (encryption in transit, encryption at rest, access logging, least-privilege internal access)
  • RESPA (Real Estate Settlement Procedures Act) — we do not provide settlement services, do not accept referrals for fees, and do not act as a kickback conduit between LOs and other settlement providers
  • TILA (Truth in Lending Act) — every rate or APR figure surfaced by LO Radar carries the calculation basis and date so you can verify before quoting
  • TCPA (Telephone Consumer Protection Act) — because we do not send messages, TCPA consent obligations remain entirely under your existing process; we surface compliance flags so you can confirm consent status before each outreach
  • HPPA (Homebuyers Privacy Protection Act, effective March 4, 2026) — we operate on data you already legally possess as the originating LO; we do not purchase, broker, or aggregate trigger-lead data from credit bureaus or other third-party sources

5. Data storage and security

Past-client data is stored encrypted at rest (AES-256) on infrastructure hosted in the United States. All transmission is over TLS 1.2 or higher. Database backups are encrypted, retained for 30 days, and stored in a separate region. Internal access is restricted to a minimal engineering team via SSO with mandatory two-factor authentication.

We log every access to your data. You can request the access log for your account at any time by emailing hello@techstackllc.info.

6. Data retention and deletion

We keep your past-client data for as long as your account is active. If you cancel, you have 30 days to export everything before we delete it. After 30 days post-cancellation, your past-client data is permanently deleted from production systems within 7 days and from backups within 60 days (the backup retention window).

You can also delete specific past-client records at any time via the LO Radar interface, or delete your entire account via Settings → Account → Delete account.

7. Third-party processors

We use a minimal set of third-party processors to operate LO Radar. Each has a Data Processing Agreement (DPA) with us:

  • Hostinger (United States) — application hosting and infrastructure
  • Supabase (United States, AWS) — primary database
  • Stripe (United States) — payment processing (no past-client data shared; account billing data only)
  • Resend (United States) — transactional email to you (account notifications); no past-client outreach is sent through us
  • Google Cloud (GA4) — anonymized site analytics on this marketing site only; no LO Radar app or past-client data is shared

We do not use any analytics or advertising pixels inside the signed-in LO Radar application.

8. Your rights

You have the right to:

  • Access all data we hold about you and about the past-client records you've imported
  • Export everything in machine-readable form (CSV)
  • Correct any inaccuracies
  • Delete your account and all associated data
  • Request a copy of the internal access log for your data
  • Object to or restrict specific uses

To exercise any of these rights, email hello@techstackllc.info. We respond within 7 business days.

9. Changes to this policy

If we materially change this policy, we will notify active account holders by email at least 14 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Questions about this policy or about how your data is handled: hello@techstackllc.info.

TechStack LLC
Austin, Texas, USA