Home See how it works Security View EULA Product updates Send us feedback How much will you save? Use our calculator to see how much you’ll save every year. Click here.

At a la mode, we take the job of protecting your data and that of your customers very seriously. We have implemented systems and policies to ensure that your data is safe and compliant. SureDocs fully complies with the FTC regulations regarding the Gramm-Leach-Bliley Act. This document describes the areas affected and falling under the Act along with a description of how we safeguard data and maintain compliance.

Protection from unauthorized access during the document
upload process

Documents uploaded to our servers for delivery to your recipients are protected by a 128bit SSL connection to the web services that handle the receiving of documents from the SureDocs desktop application.

Protection while recipients view / sign documents

In order to comply with the Safeguards and Privacy rules of GLBA, SureDocs never sends any documents or NPI customer data in e-mail messages. E-mail is only used to send notifications and instructions for viewing to recipients. During the actual document viewing and signing process, pages of documents and PDF files are sent to recipients across secure encrypted SSL web connections.

Verifying Signatures

One of the challenges to conducting business over the internet is ensuring that the person on the other end of the transaction is who they say they are. SureDocs offers a combination of technology from Equifax and Wave Systems to verify the signer’s identity before they can view or sign a document.   
To verify a signer’s identity, their basic contact information (name, address, etc.) is sent via a secure encrypted connection to Equifax. This “soft hit” (which in no way affects their credit history or score) supplies a series of between three and eight multiple-choice questions involving current or previous mortgages, car loans, addresses and phone numbers. Since these questions are based on information most people don’t carry around with them in their wallet, it’s very difficult to compromise. To enhance security, only two unsuccessful attempts are allowed before the system is locked out for 72-hours.

In the event that the signer has been locked out, or in the rare case when their information is not found in the Equifax system, SureDocs includes a manual, offline process that requires the signer to fill out an affidavit, have it notarized and fax it in to a toll-free number. Click here for specific instructions on this manual process.

Protection from unauthorized access while in our custody

Once in our custody, electronic access to documents is restricted to key personnel who develop and maintain the systems. We implement a hardware firewall solution that prevents direct access to any of our servers from outside the building.

Physical access to the data is protected in our network operations center by multiple layers of security. Physical access from outside the building to the general offices is secured by electronic card access. Anyone without a security badge is not even able to enter the general offices. Once inside the general offices, access to the network center itself is again limited by card access to key personnel who maintain the systems. Logs are kept of all access to any door.

Use of documents and/or data by a la mode

Under no circumstances does a la mode, sell, convey, share or disseminate in any way, any data associated with your SureDocs documents. We are in the business of providing software solutions for the real estate industry and have been a conscientious and trustworthy custodian of customer data since 1985.

As part of a la mode's process of continued enhancements and upgrades to the SureDocs products, we monitor and compile various statistics on the habits those using our software. These statistics such as which fields are left blank, most common stopping points, and most common editing features used, don't contain any confidential consumer information but provide us with a wealth of information we need to improve the product. In addition we reserve the right to aggregate certain data points for the purposes of measuring the level of growth of our products and tracking trends industry wide in the habits of consumers.

Protecting data from power failure and disaster

All documents sent using SureDocs are hosted at a la mode's state of the art data center located in Oklahoma City, Oklahoma. In addition, a la mode also has two other offices in Orlando and Salt Lake City, as well as a leased backup data center which is also in Oklahoma. Each of the data centers houses at least one redundant system and boasts redundant power employing uninterruptible power supplies and generators capable of supplying them with power for an indefinite period of time. In the event of a disaster affecting the physical location of the Oklahoma City data center, a la mode is capable of becoming fully functional by employing a combination of the three alternate data centers.

DirectFax
An exclusive technology of a la mode that allows borrowers to send paper based documents using any fax machine. The documents are converted to a digital PDF file and attached to the loan file automatically using a special bar coded cover page. Any hard copy document can be sent such as pay stubs, tax returns or even drivers license, passport or other official ID.

Gramm-Leach-Bliley
The Gramm-Leach Bliley (i.e., GLB) Act requires financial institutions to take steps to ensure the security and confidentiality of "customer" records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The GLB Act broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services. GLBA requires government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The regulations required all covered businesses to be in full compliance by July 1, 2001.