Security & Compliance at Gizmo

We protect borrower data with industry-standard security, encryption, and operational safeguards — designed for the requirements of modern mortgage lending.

Your data is protected at every layer of the platform, from infrastructure to access controls. This page outlines the security measures we use today and our long-term commitment to compliance.

Contact Sales Learn More

Platform Security

Encryption

Data in transit: TLS 1.2+
Data at rest: AES-256
Secrets management: environment variables + managed secret store

Hosting & Infrastructure

Hosted on modern cloud infrastructure with built-in physical and network security
We use Vercel infrastructure, which maintains SOC2, ISO 27001, and more.

Application Security

Authentication

SSO + MFA enforced through Clerk
JWT-based service authentication
Role-based access controls (RBAC)
Least-privilege internal tooling

Data Isolation

Multi-tenant logical separation
Strict org boundary checks on all database reads/writes

Audit Logging

Critical actions logged (login, data access, outbound calls, credit pulls, etc.)
Internal access logged

Network & API Security

Enforced HTTPS

CORS restricted to your own domains

Rate-limiting + abuse protection on all APIs

Every webhook verified cryptographically

Operational Security

Internal Policies

Device encryption required
Auto-lock + strong password policies
No customer data stored locally
Access tokens rotate regularly

Vendor Risk Management

All third-party processors evaluated for SOC2/ISO
Contracts + BAAs where appropriate