North Lending
← Back home

Privacy Policy

Effective date: 2026-01-01

1. What we collect

When you use the platform we collect: account details (name, email, phone), business profile (legal name, Business Number (BN), NAICS code, address, revenue, time in business), owner identity (date of birth, last three digits of your Social Insurance Number (SIN) where required, ownership percentage), uploaded documents (bank statements, tax returns, IDs), bank-account data via Plaid (with your consent), soft credit inquiry results, device and request metadata (IP, user agent), and any messages you exchange with us in the portal.

2. How we use it

To run identity verification, match you with lenders, present offers, facilitate e-signature and funding, send transactional notifications, prevent fraud, comply with legal obligations, and improve the platform. We do not sell your information.

3. Who we share it with

  • Lenders matched to your application — only the data they need to underwrite.
  • Service providers acting on our behalf (Plaid, our credit bureau, KYC vendor, e-sign provider, OCR vendor, email vendor, cloud infrastructure).
  • Legal and regulatory authorities when required by law.

4. How we protect it

Sensitive fields (SIN, date of birth, bank access tokens) are encrypted at rest with AES-256-GCM. Access is restricted by role; sessions are JWT-signed and stored in HttpOnly cookies; passwords are hashed with bcrypt; webhook deliveries and inbound provider callbacks are HMAC-signed; all traffic to and from the platform uses TLS.

5. Your rights

We handle your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (including Quebec's Law 25). You have the right to access and correct your information, to withdraw consent, and to lodge a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy regulator. Contact us at the address below to exercise these rights.

6. Retention

We keep application and transaction data for as long as required to service your loan and to meet legal obligations (typically up to seven years after your most recent funded transaction). Drafts that are not submitted are auto-closed after fourteen days of inactivity.

7. Children

The platform is not intended for anyone under 18.

8. Changes

Material changes to this policy are posted here with an updated effective date and, where applicable, communicated by email.

9. Contact

Privacy requests: privacy@northlending.ca.