The Mortgage Office Privacy Policy

Title V of the Gramm-Leach-Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic information about you with a non-affiliated third party unless the institution provides you with a notice of its privacy policy and practices, such as the type of information that it collects about you and the categories of personal information or entities to whom it may be disclosed. Although TMO is not considered a “financial institution”, it may be considered an “affiliate” of a “financial institution”. In compliance with the GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of our company.

The California Consumer Privacy Act (CCPA) provides consumers with specific rights regarding their personal information. Although TMO does not believe it is subject to the CCPA, it is important that you understand your rights under the CCPA. Under the CCPA you have the right to request that companies subject to the CCPA disclose certain information to you about their collection and use of your personal information over the past 12 months. Once a company receives and confirms your verifiable consumer request, that company will disclose to you:

• The categories of personal information collected about you
• The categories of sources for the personal information collected about you
• Their business or commercial purpose for collection or selling that personal information
• The categories of third parties with whom they share that personal information
• The specific pieces of personal information collected about you
• If they sold or disclosed your personal information for a business purpose

What information is collected?

TMO may collect information from you because we have a legal reason (allowed by law or under contract) to collect the information, or because you have consented for us to do so for a specific purpose.

Personal Information

As a loan origination and loan servicing software provider, we may receive, process or store certain information, including personal information, from Data Subjects. Data collection may include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. TMO also collects Personal Information about you when you choose to provide such information to us. For example, you may provide us with Personal Information when you submit an online form, apply for a job, communicate with us by e-mail, or access client-specific content. This information may include your name; business or personal contact information, such as your address, email address or phone number; and any information that you provide as part of our website, products and services (collectively, “Personal Information”).

Data Collected Automatically

We automatically collect certain information about your use of our website and products and services. This information may include, for example, your IP address, your browser type and version, your device identifier, information about your computer and operating system, the length of your visit and the pages that you viewed on our website or products and services. We use cookies and similar technologies to collect this information. We also use cookies and similar technologies for other purposes such as to ensure authorized access to client-specific content, and to track client access to such content. Cookies are pieces of data stored on a user’s hard drive that contain information about a user. Please note that you may be able to view and delete these cookies using the features of your browser; however, deleting cookies may prevent you from being able to use the full functionality of the website.

Our website, products and services also automatically create logs regarding your activity on our website. These logs may identify the features that you use, the actions that you take, and the information that you access. We generally use this information in statistical and aggregate formats to assess the effectiveness of our Website and products and services and to better understand your priorities and interests.

Information Collected by Third Parties

We may permit third parties to use cookies or other technology to collect information about your online and products and services usage activities across our website, products and services and other websites and products and services over time for non-advertising purposes such as to help us analyze how visitors use our website, products and services.

Third-Party Service Integration and Data Protection

Our application may integrate with third-party services and platforms to provide you with enhanced functionality and features. When you choose to connect your account with third-party services, we may access, collect, and process certain information from those services on your behalf.

Types of Third-Party Integrations

We may integrate with various third-party services including, but not limited to, cloud storage providers, email services, calendar applications, document management systems, and other productivity tools. The specific integrations available may vary based on your subscription level and the services you choose to connect.

Information Accessed from Third-Party Services

When you authorize our application to connect with third-party services, we may access:

• Your profile information (name, email address, profile picture)
• Files, documents, or data stored in connected services
• Email messages, contacts, or communication data
• Calendar events and scheduling information
• Other information necessary to provide our services as described at the time of authorization

How We Use Third-Party Service Data

We use information accessed from third-party services solely to:

• Provide the features and functionality you have requested
• Synchronize data between our platform and connected services
• Facilitate communication and collaboration through our application
• Improve and enhance our services
• Authenticate your identity and maintain account security

We do not use information from third-party services for purposes unrelated to the core functionality of our application or for advertising purposes unless you provide explicit consent for such use.

Data Protection and Security

We implement appropriate technical and organizational measures to protect information accessed from third-party services, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Employee training on data protection and privacy practices
• Compliance with applicable data protection laws and third-party service provider policies

Third-Party Data Retention

We retain information accessed from third-party services only for as long as necessary to provide our services to you or as required by law. You may request deletion of such information at any time by contacting us at legal@absnetwork.com.

Sharing of Third-Party Service Data

We do not sell or rent information accessed from third-party services. We may share such information only:

• With service providers who assist in operating our application, subject to confidentiality obligations
• When required by law or to respond to legal processes
• To protect our rights, property, or safety, or that of our users or the public
• With your explicit consent
• In connection with a merger, acquisition, or sale of assets, with notice to affected users

Your Control and Rights

You maintain full control over the connections between our application and third-party services. You may:

• Revoke our application’s access to third-party services at any time through your account settings or the third-party service’s permission management interface
• Request information about what data we have accessed from connected services
• Request deletion of data accessed from third-party services
• Modify or limit the permissions granted to our application

Compliance with Third-Party Policies

Our use of information from third-party services complies with the respective service providers’ terms of service, user data policies, and API usage requirements. We regularly review and update our practices to ensure ongoing compliance with these policies and applicable laws.

What legal basis does TMO have for collecting processing my information?

TMO may process your information because:

• We have a contract with you
• You have given us permission to do so
• We must provide services to you after you have purchased something from us
• To comply with the law

All of these reasons are reasons TMO may legally process the information we have about you.

How is the collected information used?

We may use the Personal Information that you provide to us to operate and improve our business, including our websites and our products and services; to communicate with you; to provide you with information or services that you have requested; and for verification purposes. We may use and disclose any information that is aggregated or de-identified so that it does not identify you personally, in our discretion.

How is the information disclosed?

TMO may share your Personal Information as described below:

• With our vendors, consultants, agents, contractors, and other service providers that we use to support our business;
• To provide you with any information or services that you request;
• To respond to subpoenas, court orders, and other legal process, or as otherwise required by law;
• To exercise TMO’s legal rights or defend TMO against legal claims, to enforce our contracts, to investigate, respond to and resolve problems or inquiries (including governmental inquiries), or to permit us to pursue available remedies or limit the damages that we may sustain;
• In connection with an actual or potential merger, sale, acquisition, assignment, or transfer of all or part of our assets, affiliates, lines of business, or products and services, including at bankruptcy;
• With our affiliates, subsidiaries, or parent companies; and
• With your consent.

Third-Party Links and Services

Our websites, products and services may contain links to third-party websites and products and services. We do not control these linked websites and this Privacy Policy does not apply to those websites. We encourage you to read the privacy policy of any third-party website that you visit before you provide any information to that website’s owner.

Do we collect information about children?

We do not knowingly collect Personal Information from children under 16 years old.

How long will you keep my personal information?

We will keep your personal information:

• For as long as required by law
• Until we no longer have a valid reason for keeping it

We may keep just enough of your personal information to ensure that we comply with your request not to use your personal information or comply with your right to erasure. For example, we must keep your request to be erased even if it includes your personal data until such time as you are no longer our customer.

If you have questions about our Data Retention Policy, please contact: legal@absnetwork.com.

How will you be notified of changes to this Privacy Policy?

We reserve the right to modify or update this Privacy Policy periodically. If we change our practices with respect to your information, we will notify you by posting a revised Privacy Policy on our website and accessible at www.themortgageoffice.com/privacy.aspx. We encourage you to revisit this Privacy Policy periodically to stay informed about our practices with respect to your information.

Whom can you contact if you have additional questions?

If you have questions regarding our Privacy Policy please contact us by email at legal@absnetwork.com