How Purefy Protects Your Data

Purefy takes protecting your data and maintaining your trust very seriously. We have established a comprehensive security and compliance program to ensure that our customers can easily and securely find the best rate on their new loan.

Calculating your real-time rates from the industry's best lenders...

Secure Personnel

Purefy ensures that only vetted employees are given access to our systems.
  • All Purefy contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
  • Confidentiality agreements are signed by all employees, contractors, and others who have a need to access our systems.
  • We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques that attack vectors.

Secure Development and Testing

Purefy uses secure development lifecycles principles and third-party testing to ensure our systems are secure for you, the customer.
Purefy hires talented external penetration testers to attempt to hack our systems and validate our security practices.
All team members that are regularly involved in any system development undergo annual secure development training

Software development is conducted in line with OWASP Top 10 recommendations for web application security.

Cloud Security

Purefy uses a cutting-edge Microsoft Azure cloud environment that is continually updated with the latest physical and network security features.
  • All data is encrypted at rest and in transmission using financial-grade tech to prevent any unauthorized access and prevent data breaches.
  • Our entire platform is continuously monitored using Microsoft cloud defense tools and subject to third-party penetration testing and vulnerability scanning.
  • Purefy uses role-based access controls, meaning that only Purefy’s most senior technology and security administrators have access to your most sensitive data.

Compliance

Purefy’s external certification process provides independent assurance of our dedication to protecting your data. We use trusted third parties to regularly assess and validate the protections and effective security practices Purefy has in place.

SOC 2 Type 2

Purefy successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Purefy’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Purefy was audited by Prescient Assurance, a leader in security and compliance certifications for technology companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada.

The unqualified opinion on our SOC 2 Type II audit report demonstrates that we manage customer data with the highest standard of security and compliance.