Lenders Direct is committed to protecting your privacy online.  We understand how important it is that you are aware of what will happen to the personal information we collected from you.  This Online Privacy Policy explains how we may collect information from you online when you visit our website.  Our commitment to protect your information and your privacy extends to your online banking.  While our privacy policies are the same whether you are online or not, we have extra measures in place to protect your privacy when you bank online with us.

Browsing Our Website.  As you browse our website, the Bank may gather certain data that is not personally identifiable to you.  We may note the IP Address in order to track the number of people who visited the site and the pages visited in order to evaluate the usefulness of our sites.  We do not collect any information about you as an individual.

Using Services.  When you request an online application for one of our financial products or services, or ask to review your accounts, our web site will request information via an online form.  This information allows you to perform certain tasks (for example, review your accounts) and allows us to provide the information you requested.  In these cases, we collect only the information necessary to interact with you.

About "cookies". To provide better service and a more effective web site, we use "cookies" as part of our interaction with your browser.  A "cookie" is a small text file placed on your hard drive by our web page server.  These cookies do not collect personally identifiable information and we do not combine information collected through cookies with other personal information to determine who you are or your e-mail address.

Cookies are commonly used on web sites and do not harm your system.  By configuring your preferences or options in your browser, you determine if and how a cookie will be accepted.  We use cookies to determine if you have previously visited our web site and for a number of administrative purposes.

Collecting Information.  When you visit our website, we may collect the following information in order to service your accounts, save you time and money and better respond to your needs:

• Information we receive from you on applications or other forms.  This may include your name, home and email addresses, assets, liabilities, marital status and income.
• Information about your online transactions and account experience, as well as information about our online communications with you.  Examples include your bill payments and your activity on the web site, such as collecting information on product information reviewed.

How We May Share Information.  Lenders Direct does not share nonpublic personal information among affiliated companies requiring an opt out nor does it share with nonaffiliated third parties requiring an affirmative consent from the consumer.

Lenders Direct may share Customer Information we collect from you online with nonaffiliated companies that act on our behalf.  These nonaffiliated companies are contractually obligated to keep the information we provide to them confidential and to use the Customer Information we share only to provide the services we ask them to perform.  These companies may include financial service providers such as payment processing companies, and non-financial companies such as check printing and data processing companies.

Personal information might be needed or requested from you so you can register for banking or other services, or to fill our forms or applications for services (such as credit cards), for special promotions or contests, or to accomplish transactions you request (such as bill payment or other banking services).  This may result in sharing of Personal Information with third parties (such as data processors or service bureaus) as part of servicing your accounts or transactions.

Information Sharing with Nonaffiliated Third Parties as Permitted By Law.  We are permitted by law to share all the information we collect about you online to credit bureaus and similar organizations and when required or permitted by law.  For example, Customer Information may be disclosed in connection with a subpoena or similar legal process, fraud prevention or investigation, risk management and security, and the recording of deeds of trust and mortgages in public records.

How We Handle E-Mail.  Included in our web site is the capability for the customer to correspond with the Bank via e-mail.  Internet e-mail is not secured.  This correspondence, via e-mail, should be for the purpose of asking general questions of a non-sensitive and non-confidential nature.  Do not provide sensitive or confidential information (for example, your account number).  The Bank will collect the e-mail addresses of those who correspond with the Bank via e-mail and any information that is provided to the Bank.

We work to ensure privacy and security during your online sessions.  The information you provide to us online is protected by Secure Socket Layer (SSL technology).  SSL is the leading security protocol for data transfer on the Internet.  This technology scrambles your account information as it moves between your PC's browser and GBB's computer systems. When information is scrambled, or encrypted in this way, it becomes nearly impossible for anyone other than GBB to read it.  This secure session helps protect the safety and confidentiality of your information when you bank with us online.

Consolidation Sites.  Please use caution when using consolidation sites.  Consolidation sites are Internet sites that offer the ability to collect all of your personal information on one site.  For example, you may be encouraged to provide consolidation sites with your personal finance information. Never provide this information to a site that you do not recognize and fully trust.

YOU SHOULD KNOW:   All transactions initiated by a consolidation site using access information you provide may be considered authorized by you, whether or not you were aware of the specific transaction.  You may revoke this authority only by notifying us, and we may need to block your account until we issue new access codes.
Protecting Children's Privacy Online.  Our website is not directed to children under 13.  We do not knowingly solicit data or market to children under 13.  We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.

Our Commitment to Your Privacy.  You can count on LENDERS DIRECT to keep you informed about how we protect your privacy and limit the sharing of information you provide to us whether it is at a branch office, over the phone or through the Internet.

What you can do to protect your financial information.  We are committed to ensuring that your information is accurate, current and complete.  You should routinely review and reconcile your account statements.  Safeguard and protect your account records and other information pertaining to your relationship with the Bank.  If you become aware of incorrect information in our records, please call us at (800) 229-3832.  If the record is within our control, we will promptly make the necessary corrections.

Links to non-Lenders Direct Websites.  We are not responsible for the Information collection practices of the non-Lenders Direct links you click from our web pages.  We cannot guarantee how these third parties use cookies or whether they place on your computer cookies that may identify you personally.  We urge you to review the privacy policies of each of the linked web sites you visit before you provide them with any personally identifiable information.

The above information represents the Bank's Online Privacy Policy effective October 2007.  The Bank does, however, reserve the right to change this Policy at any time.

Security Policy

At Lenders Direct we take security very seriously. We have taken every precaution necessary to be sure your information is transmitted safely and securely. The latest methods in Internet system security are used to increase and monitor the integrity and security of our system.

To develop a sound architecture, Lenders Direct has incorporated the capabilities of firewalls, control capabilities of routers, operating system level controls, application level controls, report consolidation methods, and security monitoring devices such as Intrusion detection systems and scanners. In this architecture, every piece is layering on the capabilities of the other to create overlapping controls and fail-over. What this means to you is that if a single layer of security is broken, other layers of security are there. This is referred to as "security in-depth."

Data security between the customer browser and our Web server is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption, server authentication, and message integrity for an Internet connection. In addition, SSL provides a security "handshake" that is used to initiate the connection. This handshake results in the client and server agreeing on the level of security they will use and fulfills any authentication requirements for the connection. Currently Lenders Direct’ online application supports data encryption at the highest level (128 bit). In order to get this level of encryption, you will need a browser that supports it.  By simply clicking on Help and About Internet Explorer after bringing up the browser, you will notice a Cipher Strength. This will tell you the security level, and give you an opportunity to upgrade via the hyperlink to Upgrade Information.

When accessing our Internet Banking site, you will be forwarded to a Web page with a URL address that starts with https://. This will cause your browser's HTTPS layer to start an encrypted session using SSL. You will then receive a login screen. Since the encrypted session has already been started, your user name and password are safe and secure. The data traveling between the user and the server is encrypted and can only be decrypted with the public and private key pair. These two keys are the only combination possible for that session. When the session is complete, the encryption keys expire and the whole process starts over when a new session is started.

Our network intrusion detection system is running 24 hours a day, 7 days a week. The network intrusion detection engine sits on the same network as the Internet Banking site and monitors all traffic on that segment. The engine is looking for attack signatures - watching for evidence that an attempted intrusion is taking place. When the engine detects unauthorized activity, it responds immediately by terminating the connection, sending an alert to specially trained staff and recording the session. This allows security architecture to automatically monitor network traffic, detect and respond to suspicious activity, and intercept and respond to network abuse before systems are compromised.

Internet security does not rely on technology alone. Without everyone's participation, all the security systems and technology in the world are worthless. You must treat your User ID and password with the same care as an ATM or credit card and PIN. In addition, you must make sure that no one is physically watching when you enter your password. If you are logged in to the service, be sure to log off of the service and exit the browser when you leave the computer unattended. You should also take standard precautions to keep you system clean and free from viruses that could be used to capture password keystrokes and financial information.

If you should have additional questions regarding the security of our Internet site, please contact us at (800) 229-3832.