Privacy Policy
Pilot-ready privacy summary for MortgageMate brokerage workflows. This page should be reviewed by legal counsel before broad commercial launch.
What we collect
MortgageMate collects account information for brokerage users, application workflow data, applicant and mortgage-file details entered by brokers, uploaded documents, generated documents, Compliance Check outputs, Red Flags, compliance notes, audit events, and support requests.
Applicant information is file data managed by the brokerage. Applicants do not need a MortgageMate platform account for the pilot workflow.
How we use the data
We use the data to operate the broker workflow: document upload, OCR/extraction, broker review, form generation, e-signature routing, compliance review, audit history, support, and product reliability monitoring.
AI-assisted outputs are advisory workflow aids. Brokers and compliance users remain responsible for reviewing extracted fields, generated summaries, Red Flags, and documents before relying on them.
Where data is processed
Production deployments must use Canadian-resident storage and AI/OCR services for client financial data. Azure Blob Storage and Azure AI Foundry resources should be provisioned in a Canadian region before real pilot data is accepted.
The production database must also satisfy the brokerage's Canadian data-residency requirements. If Supabase is used, the production project/plan must be confirmed as Canada-resident before storing real client financial data.
Service providers
MortgageMate may use Supabase for authentication and database services, Azure Blob Storage for files, Azure AI Foundry for OCR and AI-assisted reasoning, Dropbox Sign for e-signature, Resend for transactional email, Upstash Redis for rate limiting, Vercel for hosting, and PostHog for product analytics and session replay.
PostHog must be configured with PII masking for production pilot use, and demo traffic should not be mixed into production analytics.
Retention and deletion
Raw upload retention is configurable by operators. Generated documents, audit logs, Compliance Checks, and compliance notes may need to be retained for brokerage compliance and examination obligations.
Deletion, export, and correction requests should be sent through the support channel so the brokerage and MortgageMate operator can determine the appropriate compliance-safe action.
Security and access
MortgageMate uses role-based access controls. Brokers see their own files, Compliance Officers see files for their brokerage, and administrative access is restricted to operational support.
Do not upload files unless you are authorized by the brokerage to process them in MortgageMate.
Questions or access requests? Use the support form.