User access and permissions are only granted on a need to know basis.
For an extra level of protection, we use two factor authentication.
Passwords are hashed and salted and have strict entropy requirements.
All sensitive data is scrambled with bank-level 256-bit encryption both at rest and in transit.
Any user with suspicious behavior is automatically locked out of the system.
We stay up to date with development best practices, such as OWASP Top 10.
We are proud to have successfully completed the Service Organization Control (SOC) 2 Type 1 compliance certification, which is a key auditing standard developed by the American Institute of Certified Public Accountants. This means that external auditors have independently verified that we have internal controls and processes in place around security and availability. This provides our clients comfort that we keep their data secure and our service is reliable.
Even though our online mortgage applications may require your borrowers to provide credentials to other services, such as a payroll system, we never store your borrowers third-party credentials on our servers. When Neat logs into third-party systems on your borrowers behalf, we have read-only access, which means we cannot initiate any changes, transfers or withdrawals. We use these features in our mortgage applications exclusively for data gathering.
All our servers and databases are housed in secure state-of-the-art data centers. These data centers are protected with multiple layers of access controls, and are staffed around the clock with guards.
We regularly review our code for security vulnerabilities, and we keep up to date on the newest technologies to stay ahead of attackers. We use automated vulnerability scanners to detect and alert us of any potential gaps in our defenses.
Our hiring policy requires all employees to undergo a background check and receive formal security training upon gaining employment at Neat. On the technical front, our developers have undergone extensive security training. We use modern web development technologies that have built-in protection against the most commonly used exploits, and we regularly review our code for potential vulnerabilities.
We use 128-bit encryption technology to protect your username, password and other personal account information when you're using our site or apps. We use regularly updated SSL certificates so you can always verify and trust that you are communicating with our website. Once the data is stored in a database, all sensitive information is secured in an encrypted format.
Note: You'll know your information is encrypted when the neatlabs.com page you're on starts with "https://" and you see a lock symbol in your web browser.