Get to know us more. Join our newsletter.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy




Last updated: December 2025

Autyn, Inc. ("Autyn," "we," "our," or "us") provides an AI-powered platform that assists
mortgage professionals with document processing, loan analysis, workflow automation, and
related services ("Services"). This Privacy Policy explains how we collect, use, store, disclose,
and protect information when you access or use the Services.
By using the Services, you agree to the practices described in this Privacy Policy. If you do not
agree, you may not use the Services.

1. Information We Collect
Autyn collects information directly from Users, from borrowers whose data is submitted through
the Platform, and from integrated third-party systems (e.g., LOS, POS, CRM).
We collect the following categories of information:

1.1 Information You Provide Directly
● Business and registration information
● User profile information (name, email, role, license number)
● Account credentials
● Support communications and feedback
● Documents uploaded to the Platform

1.2 Borrower Information (NPI)
When Users upload borrower data, Autyn may process:

● Government-issued identification
● Loan applications (1003, MISMO, or other formats)
● Employment and income documents (paystubs, W-2s, 1099s, tax returns)
● Bank statements, asset records, account balances
● Property documents and appraisal data
● Credit reports (if submitted by the User)
● Letters of explanation, supporting documentation, and loan conditions
● Any additional documents uploaded by Users
This data is regulated under the Gramm-Leach-Bliley Act (GLBA), and Autyn implements
controls consistent with GLBA requirements.

1.3 Automatically Collected Information
We collect certain information automatically, such as:
● IP address
● Device type, operating system, and browser
● Usage logs and activity within the Platform
● Access timestamps
● Diagnostic and performance data

1.4 Information from Integrations
If you connect Autyn to a third-party system (e.g., Arive, Encompass APIs, Optimal Blue, CRM,
Zapier), we may receive:
● Loan records
● Status updates
● Borrower data
● Pricing or eligibility information
● Document packages
● Workflow triggers or webhook events

Your authorization is required to connect any integration.

2. How We Use Information
Autyn uses collected information to:
● Provide, operate, and maintain the Services
● Process uploaded documents and generate AI-powered insights
● Perform income, asset, identity, and liability verification
● Enable loan officers and processors to manage workflows
● Improve AI and machine learning models with anonymized data only
● Detect fraud, anomalies, and inconsistencies
● Provide user support and troubleshooting
● Secure the Platform and enforce our Terms of Service
● Analyze performance and usage trends
Autyn does not sell personal information or borrower data.

3. AI, Machine Learning, and Model Training
Autyn uses AI to extract, classify, analyze, and summarize documents.
We may use anonymized or aggregated data solely to:
● Improve model accuracy
● Enhance product performance and reliability
● Detect fraud patterns
● Ensure quality and safety of the system
We do not use identifiable borrower data for external model training or for any purpose unrelated
to the Services.
All anonymization removes names, dates, tax IDs, SSNs, account numbers, and any other
identifying fields. Users may opt out of anonymized data use for model training by contacting
support.

4. Legal Basis for Processing (if applicable)
For Users or borrowers located in certain jurisdictions, our legal bases may include:
● Performance of a contract
● Compliance with legal obligations
● Legitimate business interests (e.g., improving services)
● Consent provided by the User or borrower

5. How We Share Information
Autyn may share information only in the following circumstances:
5.1 With Your Authorized Parties
● Your brokerage or employer
● Connected LOS/POS/CRM systems
● Other users on your team (as configured by your admin)

5.2 With Service Providers
We use trusted vendors to support:
● Cloud hosting (e.g., AWS)
● AI document processing
● Data storage and backup
● Authentication and security
● Error tracking
● Email or communication services
● Payment processing (if applicable)
All vendors are contractually obligated to protect data according to GLBA-consistent standards
and undergo annual security assessments.

5.3 For Legal or Compliance Purposes
We may disclose information if required by law or if we believe it is necessary to:
● Respond to subpoenas or legal processes
● Prevent fraud or security breaches
● Protect the rights, property, or safety of Autyn, Users, or borrowers

5.4 Business Transfers
In the event of a merger, acquisition, financing, or asset sale, information may be transferred as
part of the transaction. Users will receive 60 days advance notice of any such transfer affecting
borrower data.

6. Data Security
Autyn uses administrative, technical, and physical safeguards to protect data, including:
● Encryption at rest and in transit using AES-256 and TLS 1.3 standards
● Access controls and role-based permissions
● Multi-tenant isolation
● Continuous monitoring with 24/7 security operations center
● Audit logging with immutable log storage
● Secure credential storage
● Vendor security reviews conducted annually
● Regular penetration testing and vulnerability assessments
● Employee security training and background checks
● Incident response procedures with defined escalation protocols
Autyn maintains cyber liability insurance and follows industry-standard security frameworks
including NIST Cybersecurity Framework.
Despite these efforts, no system can be guaranteed 100% secure.
Users are responsible for maintaining the confidentiality of their account credentials.

7. Data Breach Notification
In the event of a data breach affecting borrower information, Autyn will:
● Notify affected Users within 72 hours of discovery
● Provide details about the nature and scope of the breach
● Outline steps taken to contain and remediate the incident
● Offer credit monitoring services if Social Security numbers were compromised
● Assist with regulatory notifications as required by applicable laws

8. Data Retention
Autyn retains information according to the following schedule:
● Borrower documents: Retained for 3 years after loan closing or abandonment, unless
User requests extended
● retentionUser account data: Retained for 7 years after account closure for compliance
purposes
● System logs: Retained for 2 years for security and troubleshooting
● Anonymized analytics data: Retained indefinitely for product improvement
Users may request immediate deletion of specific borrower files or early account closure, subject
to legal retention requirements. Deletion requests are processed within 30 days.

9. Your Choices & Rights
Depending on your jurisdiction, you may have rights such as:
● Access to your personal information
● Correction or updates
● Request deletion (where legally permitted)
● Restrict or object to processing
● Export your data in machine-readable format
● Audit access logs for your account

● Receive detailed reports on data processing activities
Enterprise customers may request on-site compliance audits with 30 days notice.
Requests may be subject to verification and legal constraints. We respond to data subject requests
within 30 days.
Borrowers should contact the brokerage or lender directly regarding their loan-related data.

10. Data Minimization and Purpose Limitation
Autyn follows data minimization principles by:
● Collecting only data necessary for mortgage processing and AI analysis
● Automatically purging temporary processing files within 24 hours
● Limiting data access to employees with legitimate business needs
● Regularly reviewing data collection practices to eliminate unnecessary data points

11. Third-Party Links & Services
The Platform may include links or integrations with third-party services. Autyn is not responsible
for their privacy practices.
Please review their privacy policies independently.

12. International Users
Autyn is operated in the United States. If you access the Services from outside the U.S., your
information may be transferred to and processed in the U.S. under appropriate data transfer
mechanisms including Standard Contractual Clauses where required.

13. Compliance and Auditing
Autyn undergoes regular compliance assessments including:

● Annual GLBA compliance reviews
● Third-party security audits
● Vendor risk assessments
● Internal data governance audits
Compliance reports are available to enterprise customers upon request.

14. Changes to This Privacy Policy
Autyn may update this Privacy Policy from time to time. Updated versions will be posted with a
revised "Last Updated" date. Material changes affecting data processing will be communicated
via email with 30 days advance notice.
Continued use of the Services constitutes acceptance of the updated policy.

15. Contact Us
If you have questions, requests, or concerns regarding this Privacy Policy, you may contact us at:
Autyn, Inc.
5900 Balcones Drive, Suite 100
Austin, Texas 78731
info@autyn.ai