Privacy Policy
Last updated June 2026
This Privacy Policy explains how Smart Chic Systems, Inc. ("we," "us") collects, uses, and protects information in connection with whereborrowersleave.com and the Borrower Experience Review ("Services").
1. Information We Collect
- Information you give us. Your name, institution, work email, phone number, engagement selection, sandbox availability, and any notes you submit through our forms.
- Engagement access. If you purchase a full walkthrough, the sandbox or test-environment credentials you provide so we can review your application.
- Payment information. Payments are handled by Stripe. We receive confirmation of your purchase but do not collect or store your full card number.
- Usage information. Basic, non-identifying information your browser sends when you visit the site.
2. How We Use Information
- To deliver the Services, including conducting the review and producing your Signal Report and video.
- To contact you about your engagement, including if a payment or checkout issue interrupts your purchase.
- To process payment through Stripe.
- To meet legal, accounting, and security obligations.
We do not sell your personal information.
3. Sandbox Credentials and Recordings
We treat access to your systems as a stewardship responsibility:
- Transmission is encrypted through a secure channel (Virtru). Credentials never travel through standard email.
- Storage is in a role-restricted vault (1Password), accessible only to the analyst assigned to your engagement and only for the duration of the walkthrough. We keep an access log for every entry.
- Destruction happens within 24 hours of completing the walkthrough. The vault entry is deleted and the analyst's access is revoked. You receive written confirmation.
- Recordings are private, unlisted, and password-protected, with downloads disabled, organized by client project and not accessible to analysts on other engagements.
4. How We Share Information
We share information only with service providers who help us operate, and only as needed:
- Stripe for payment processing.
- Virtru for secure credential transmission and 1Password for secure storage.
- Form and email providers used to receive and respond to your inquiry.
All client engagements are delivered by US-based practitioners. We may disclose information if required by law.
5. Data Retention
We keep engagement records and contact information for as long as needed to deliver the Services and meet legal and accounting requirements. Sandbox credentials are destroyed within 24 hours of the walkthrough as described above.
6. Security
We use encryption, access controls, and role-restricted storage to protect information. No method of transmission or storage is completely secure, but we limit access to what is necessary and remove sensitive credentials promptly.
7. Your Choices
You may ask us to access, correct, or delete the personal information you have provided by emailing the address below. We will respond consistent with applicable law.
8. Cookies and Analytics
If we use cookies or analytics in the future, we will update this policy to describe them and your choices.
9. Children
The Services are intended for business use by financial institutions and are not directed to children under 13. We do not knowingly collect information from children.
10. Changes to This Policy
We may update this policy from time to time. The "Last updated" date above reflects the current version.
11. Contact
Questions about this policy or your information: [email protected]. Smart Chic Systems, Inc., Waco, Texas.