Data security and privacy
Upstart implements robust privacy and security standards, so Upstart-powered lenders can have confidence that their customer data will be used appropriately, safeguarded, and kept private.
Not just any data belongs in an underwriting engine. All data leveraged by Upstart underwriting models is provided directly by the consumer, by a consumer reporting agency, or collected from the consumer’s interactions with Upstart. This ensures transparency regarding the factors that went into the credit decision, allowing the consumer to challenge and correct any inaccuracies.
Privacy and security
Upstart is committed to safeguarding consumer data and sharing it only as necessary or as directed by the consumer. Upstart’s dedicated team of security and privacy professionals develops rigorous internal controls and oversight and routinely engages with third-party auditors to review our program and challenge our defenses. Third-party program assessors and auditors include:
We offer multi-factor authentication as an option for all customers and mandate it for any individuals who may view customer data—including employees and partners.
We encrypt all customer data, including modern standards for encryption of all data in transit, ensuring it cannot be viewed by anyone between the customer’s computer and our services.
We implement web application and network firewalls throughout our product and corporate networks to defend the servers and customer data from unauthorized access.