themortgagellm^™

Privacy Policy

Effective date: 17 May 2026

This Privacy Policy (“Policy”) describes how Santhiar Group, Inc (“Santhiar,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with The Mortgage LLM platform at themortgagellm.com (the “Platform”). Capitalized terms not defined here have the meanings given in the Terms of Use.

1. Summary

• We collect minimal information. Operating the Platform requires only the information described below; we do not ask for Social Security numbers, dates of birth, financial-account numbers, or other sensitive personal identifiers from users.
• We do not sell personal information.
• The Platform is not a record-keeping or consumer-data system. The underlying mortgage data comes from public regulatory disclosures (HMDA, GSE loan-level files, GNMA monthly loan-level files). We do not maintain, and the Platform is not designed to maintain, individually-identifiable consumer credit records.
• Hosting: All Platform infrastructure is hosted on Google Cloud Platform in US regions.

2. Information We Collect

2.1 Information from sign-in

If you sign in to the Platform with a Google account or a Microsoft account, we receive the following from your identity provider:

• A stable provider-specific user identifier (Google “sub” claim, or Microsoft “oid”/“sub” claim);
• Your email address;
• Your display name;
• Where provided by your identity provider: your account avatar URL and the hosted-domain or tenant identifier (e.g., your Google Workspace domain or Microsoft Entra tenant ID).

We do not receive your password. We do not have access to your Google or Microsoft inbox, calendar, contacts, or any other account content beyond the basic profile information listed above.

2.2 Information you submit

We log information you submit to the Platform, including:

• Natural-language questions you ask the Chat Interface;
• The structured loan-feature payloads you submit to the Scoring Model APIs;
• Any feedback or correspondence you send us.

Submissions are stored in Google BigQuery in US regions. Anonymous chat query logs are retained for 60 days for operational telemetry; scoring API payloads may be retained longer for service-quality analysis (see Section 5).

Please do not submit non-public personal information about identifiable consumers (for example, a borrower’s full name together with Social Security number, account number, or similar identifiers) to the Platform. The Platform is designed for statistical and informational analysis. If you need to score a specific loan, you can do so using the public-record loan features without including identifying borrower data.

2.3 Chat history for signed-in users

When you are signed in, the Platform additionally persists your chat conversations server-side so you can reopen and continue prior threads. Specifically, for each turn (question and answer pair) in a signed-in chat we store:

• Your question text;
• The Platform’s full response payload — the generated SQL (when applicable), the data-row summary text, the underlying result rows, follow-up suggestions, and any score or eligibility verdict returned;
• The timestamp of the turn;
• A conversation identifier (a random UUID), a turn index, and your stable provider-issued user identifier (the “sub” / “oid” claim referenced in Section 2.1) for row-level access control.

For each conversation we also store an auto-generated short title (4 to 6 words, derived from your first question) plus create / rename / delete event timestamps. These records are readable only by your signed-in account — the Platform enforces row-level filtering on every read so other accounts cannot see your conversations. We do not persist any chat history for anonymous sessions; those conversations live only in your browser tab for the duration of the session.

Signed-in chat history is retained indefinitely by default. You can delete individual conversations from the Platform (soft delete — the record is hidden from your view but the underlying row is preserved server-side), or request a hard delete that removes the rows from our database; see Section 7.

2.4 Information collected automatically

When you use the Platform we automatically collect:

• IP address and approximate geographic location;
• User agent (browser, operating system) and device characteristics;
• Timestamps and the URLs / API endpoints you accessed;
• Rate-limit counters keyed to your IP address (anonymous users) or signed-in user identifier;
• Basic server logs maintained by Google Cloud Platform.

2.5 Cookies and local storage

The Platform uses browser local storage to remember your sign-in state (an authentication token issued by Google or Microsoft) so you don’t have to sign in on every page. The Platform does not use third-party advertising cookies or third-party analytics tracking pixels.

3. How We Use Information

We use the information described above to:

• Operate the Platform — verify your identity on sign-in, route your queries, return scoring results, and apply tier-based rate limits and access controls;
• Maintain operational telemetry, debug errors, and monitor for abuse, fraud, or violation of the Terms of Use;
• Compute aggregated, de-identified statistics that inform Platform improvement, including refinement of the Scoring Models, documentation, and benchmark tables;
• Communicate with you about service-related matters (e.g., outages, security incidents, or material changes to these Policies);
• Comply with applicable law and respond to lawful requests from governmental or regulatory bodies.

We do not use your Submissions to train third-party large language models. Anthropic, the LLM provider for the Chat Interface, processes your questions to generate responses under its own data-handling terms; Anthropic does not retain customer inputs for model training under its API agreement (see Section 4).

4. How We Share Information

We do not sell personal information. We share information only as follows:

• Service providers. Google Cloud Platform (infrastructure, BigQuery storage, Cloud Run hosting), Anthropic (LLM API processing of natural-language queries), Google Identity Services (Google sign-in), and Microsoft (Microsoft Entra sign-in). Each provider acts under contractual confidentiality and security obligations.
• Aggregated or de-identified data. We may share aggregated statistics that do not identify any individual user (for example, anonymized usage trends published as part of this product’s research output).
• Legal compliance. We may disclose information to comply with applicable law, lawful regulatory or court orders, or to protect the rights, property, or safety of Santhiar, the Platform’s users, or the public.
• Business transfers. If Santhiar is involved in a merger, acquisition, financing, or sale of assets, information may be transferred to the relevant counterparty subject to the same obligations of this Policy.

5. Data Retention

• Sign-in profile records (uid, email, name, avatar URL, tenant or hosted-domain): retained for the lifetime of your account, until you request deletion.
• Anonymous chat query logs: 60-day rolling retention, after which records expire automatically from BigQuery.
• Signed-in chat history (Section 2.3): retained indefinitely by default so you can reopen prior conversations. You may soft-delete individual conversations from within the Platform (the conversation is hidden from your view but the underlying rows are preserved server-side), or request a hard delete via the contact in Section 7 to have the rows purged from the database.
• Scoring API payloads: retained for up to 12 months for service-quality analysis and model improvement, then purged or aggregated.
• Operational telemetry (Cloud Run access logs, rate-limit state): retained per Google Cloud Platform defaults (typically 30-90 days).
• Aggregated, de-identified statistics: retained indefinitely.

6. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect the information we collect. These include: HTTPS-only transport between your browser and the Platform; encryption at rest in BigQuery and Cloud Storage; restricted access through Google Cloud IAM and short-lived service-account credentials; and the use of Google Identity and Microsoft Entra for sign-in (we never see or store your password). No security control is perfect; we cannot guarantee absolute security.

7. Your Rights and Choices

Subject to applicable law, you may:

• Access the personal information we hold about you, including your saved chat history;
• Correct inaccurate personal information;
• Delete your account, your profile record, and your saved chat conversations — either individually (soft-delete from within the Platform) or in full (hard delete via written request);
• Object to certain processing activities;
• Export a copy of your personal information, including your chat history, in a portable format.

To exercise any of these rights, contact us at privacy@themortgagellm.com. We will respond within a reasonable period and within timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before fulfilling a request.

8. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising), and the right not to be discriminated against for exercising these rights. To exercise these rights, contact us at the address in Section 7.

9. Children’s Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it.

10. International Users

The Platform is operated from the United States and stores information on Google Cloud Platform in US regions. If you access the Platform from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States and may be subject to US law and lawful access requests by US authorities. Where required by applicable law (for example, the EU GDPR), we rely on standard contractual clauses or comparable safeguards to support such transfers.

11. Third-Party Links

The Platform may link to third-party websites (for example, primary regulatory sources like the CFPB or FFIEC). We are not responsible for the privacy practices of those websites. Please review their privacy policies separately.

12. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy at this URL and update the “Effective date” above. Material changes will be communicated to signed-in users via the email address on file. Your continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the updated Policy.

13. Contact

Privacy questions, complaints, or requests can be directed to privacy@themortgagellm.com.

This Policy was last updated on the Effective date shown above and works in conjunction with the Terms of Use.