Data Privacy & Security

Last Modified: April 12, 2026

At GlassBox Verification Services, LLC, we understand that commercial lending requires absolute trust. As the secure infrastructure layer connecting referring institutions with capital providers, safeguarding your proprietary business data, trade secrets, and borrower Personally Identifiable Information (PII) is our foundational priority.

We have engineered the GlassBox Platform to exceed the strict regulatory requirements of modern financial institutions, credit unions, and non-depository lenders.

Our Compliance Posture

GlassBox enables your institution to originate and route commercial loans safely, ensuring a compliant, auditable paper trail for every transaction.

• GLBA & Regulation P: We maintain strict physical, electronic, and procedural safeguards to protect Nonpublic Personal Information (NPI) in accordance with the Gramm-Leach-Bliley Act.

• NCUA Third-Party Risk Management: For our credit union partners, GlassBox acts as a vetted, compliant vendor channel, eliminating the risks associated with loan officers sending sensitive tax returns or financials over unencrypted email.

• ECOA (Regulation B) Auditability: Our platform standardizes the referral process, protecting institutions from fair lending violations by maintaining a transparent, regulator-friendly record of deal routing.

Enterprise-Grade Data Security

We do not compromise on the security of the Dedicated Lender Deal Rooms or the AI verification engine.

• Encryption: All data is encrypted in transit using TLS 1.2+ protocols and encrypted at rest using AES-256 encryption.

• Access Controls: Deal rooms are strictly siloed. Lenders only have access to the specific commercial loan files routed directly to them by the referring institution.

• AI Data Isolation: Our AI verification tools are used strictly for document parsing, data formatting, and SOP compliance checks. We do not use your proprietary borrower data to train external public AI models.

Data Processing & Roles

GlassBox operates strictly as a Software-as-a-Service (SaaS) infrastructure provider. We are the secure pipeline.

• For Referring Institutions (Credit Unions/Community Banks): We act as your Data Processor. We process data strictly according to your routing instructions to help you serve your members.

• For Capital Providers (Lenders/SBLCs): Upon receiving a routed deal into your systems for underwriting, you act as an Independent Data Controller, fully responsible for the compliance and security of the data under your own underwriting protocols.

📄 Lender Agreements & DPA Download

To facilitate secure, frictionless lender-to-lender deal routing, we require all Capital Partners and SBLCs receiving deal flow through GlassBox to agree to our standard data handling terms. This ensures our referring institutions that their members' data is protected downstream.

If you are a lending partner joining the GlassBox network, please download our pre-signed Data Sharing & Confidentiality Agreement below.

[🔗 Download the Pre-Signed GlassBox Lender DPA (PDF) Here]

Instructions for Lenders: Please download the PDF, counter-sign the agreement, and upload it directly into your GlassBox Lender Dashboard during your onboarding process, or email it to legal@glassboxverified.com

Additional Legal Resources

For full details on our data collection, platform usage rules, and consumer privacy practices, please review our comprehensive legal policies:

• [Link to Privacy Policy]

• [Link to Terms of Use]

Security Questions?

If your compliance or IT risk team requires a vendor security questionnaire or additional documentation, please contact our security team at legal@glassboxverified.com or call us at 623-377-4529.