Back to Home

Privacy Policy

Your privacy is important to us.

Last Updated: May 1, 2026

We collect only what we need  ·  We never sell your data  ·  You stay in control

Introduction

This Privacy Policy describes how Leendi collects, uses, and protects your personal information when you use our lending management platform. We are committed to protecting your privacy and ensuring the security of your personal data.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Account information (name, email address, phone number)
  • Financial information (loan details, payment history, transaction records)
  • Authentication credentials (encrypted passwords)
  • Profile information (role, permissions, preferences)

Automatically Collected Information

When you access our services, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, actions taken)
  • Session information (login timestamps, access logs)

How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our lending management services
  • To process and track loans, payments, and financial transactions
  • To authenticate users and maintain account security
  • To communicate with you about your account and services
  • To generate reports and analytics for business operations
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations and regulatory requirements

Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All sensitive data is encrypted in transit and at rest
  • Authentication: JWT-based authentication with secure HTTP-only cookies
  • Password Security: Passwords are hashed using bcrypt algorithm
  • Access Control: Role-based permissions system restricts data access
  • Audit Trails: All data modifications are logged with user and timestamp
  • Soft Delete: Data is never permanently removed, ensuring recoverability

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • Service Providers: With trusted third-party services under strict confidentiality agreements

Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data we hold
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain types of data processing
  • Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, please contact us through the information provided below.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication and security (HTTP-only cookies for JWT tokens)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our services

Most web browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of our services.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal, regulatory, tax, and accounting obligations
  • Resolve disputes and enforce our agreements
  • Maintain audit trails and business records

When data is no longer needed, we employ soft deletion practices, marking records as deleted while preserving data integrity and audit trails. This ensures compliance with financial regulations and enables data recovery if needed.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify you of significant changes through email or in-app notifications
  • Your continued use of our services after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Questions About Your Privacy?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, we're here to help. We aim to respond to all privacy-related inquiries within 30 business days.

Contact Us

You can also submit a data deletion request at any time.