Data Security & Information Protection Statement

Overview

Low Rate Co is committed to protecting the confidentiality, integrity, and availability of consumer information. We recognize that consumers trust us with sensitive personal and financial information and we take that responsibility seriously.

This Data Security & Information Protection Statement describes the safeguards and controls we maintain to protect information entrusted to us.

Information We Protect

Low Rate Co may collect and process information including:

• Personal identifying information
• Contact information
• Employment information
• Income information
• Asset information
• Mortgage application information
• Property information
• Consumer communications

Regulatory Compliance

Our information security program is designed to support compliance with applicable laws and regulations, including:

• Gramm-Leach-Bliley Act (GLBA)
• FTC Safeguards Rule
• Fair Credit Reporting Act (FCRA)
• State privacy laws
• Applicable mortgage industry requirements

Security Controls

Low Rate Co utilizes administrative, technical, and physical safeguards designed to protect consumer information, including:

• Encryption of sensitive data in transit
• Encryption of sensitive data at rest
• Multi-factor authentication where appropriate
• Role-based access controls
• Secure network architecture
• Audit logging and monitoring
• Employee access restrictions
• Vendor security reviews

Employee Training

Employees receive periodic training regarding:

• Data security responsibilities
• Privacy requirements
• Fraud prevention
• Social engineering awareness
• Incident reporting procedures

Vendor Management

Third-party service providers that access consumer information are subject to due diligence reviews and contractual obligations designed to protect information and maintain compliance with applicable laws.

Artificial Intelligence Security

Low Rate Co utilizes artificial intelligence technologies, including Cindie, to assist with customer service and operational functions. AI systems are subject to security, privacy, compliance, and governance controls designed to:

• Protect consumer information
• Limit unauthorized access
• Monitor system activity
• Support regulatory compliance

Incident Response

Low Rate Co maintains procedures designed to identify, investigate, contain, and remediate security incidents. If a material security event occurs, Low Rate Co will evaluate notification obligations under applicable laws and regulations.

Record Retention

Consumer records and communications are retained in accordance with applicable legal, regulatory, and business requirements.

Continuous Improvement

Low Rate Co regularly evaluates and enhances its information security program to address evolving threats, regulatory requirements, and technology changes.

Contact Information

Questions regarding information security may be directed to: