Loan Document Upload Privacy Notice
Owner: Privacy. Last updated: 2026-05-30
This notice explains how 44Finance handles documents that users voluntarily upload to improve lender-data accuracy. Raw files are private, not indexed, not published and not used as primary source evidence without human review.
Documents and metadata accepted
The upload workflow accepts PDF, JPG, PNG, WEBP and TXT files such as loan contracts, personal offers, rejection reasons, payment schedules and payout-speed evidence. Metadata may include lender name, amount range, document type, rejection reason, payout timing and a short user summary.
Accidental personal data
Users are asked to remove unnecessary personal data before upload, including national identifiers, account numbers, addresses, phone numbers and third-party names. If unnecessary personal data remains, the file is kept only in private review storage and must be redacted or deleted before any extraction or aggregate use.
Consent and AI-assisted extraction
The form requires separate consent for private storage/review and for future AI-assisted extraction. AI-assisted extraction is only allowed after redaction/anonymisation and manual workflow review. Raw documents are never published.
Retention table
| Data | Purpose | Retention |
|---|---|---|
| Raw uploaded file | Private review, redaction and verification | Up to 180 days by default, then aggregate or delete |
| Redacted working copy | Manual review and optional AI-assisted extraction | Kept only while verification is active |
| Aggregate metadata | Lender intelligence, mismatch patterns and public aggregate insights | Retained without personal identifiers |
| Security logs | Abuse prevention, integrity and deletion audit | Up to 90 days unless needed for investigation |
Deletion requests
To request deletion of an uploaded file or related metadata, contact [email protected] with the submission ID if available. We aim to respond within 30 days and delete raw files where no overriding legal or security reason requires retention.
Security and access
Uploads are stored outside public routes, with restricted filesystem permissions, consent version metadata, retention deadlines and review status. Reviewer access should remain need-to-know and raw upload paths must never be exposed in public pages, sitemaps or exports.