As a licensed mortgage broker, we are subject to some of the strictest federal and state privacy laws in the financial industry. This page explains every standard we follow, every right you have, and how to exercise them.
AllApprovedHere.com is subject to and compliant with the following federal privacy and consumer protection statutes.
GLBA / Regulation P
Gramm-Leach-Bliley Act · 15 U.S.C. §6801
FTC Safeguards Rule
16 CFR Part 314 · Information Security Program
FCRA
Fair Credit Reporting Act · 15 U.S.C. §1681
RESPA
Real Estate Settlement Procedures Act · 12 U.S.C. §2601
TRID / TILA-RESPA
Loan Estimate & Closing Disclosure Rules
TCPA
Telephone Consumer Protection Act · 47 U.S.C. §227
CAN-SPAM Act
Email Marketing Compliance · 15 U.S.C. §7701
Equal Housing Lender
Fair Housing Act · ECOA · 42 U.S.C. §3604
We are licensed in 5 states and comply with each state's applicable privacy and consumer protection laws.
| State | Law | Key Rights | License |
|---|---|---|---|
| California | CCPA / CPRA (Cal. Civ. Code §1798.100) | Know, Delete, Correct, Opt-Out, Portability, Non-Discrimination | DFPI — CA DRE |
| Arizona | ARS §44-1373 et seq. (Data Breach) | Breach notification within 45 days; GLBA applies | AZDFI |
| Washington | Washington Privacy Act (RCW 19.255) | Access, Delete, Correct, Opt-Out of Profiling | WA DFI |
| Colorado | Colorado Privacy Act (CRS §6-1-1301) | Access, Delete, Correct, Opt-Out, Portability | CO DORA |
| Nevada | NRS §603A (Nevada Privacy of Information) | Opt-Out of Sale; Breach notification | NV FID |
All licensing information is publicly verifiable through the NMLS Consumer Access portal.
Required by the FTC Safeguards Rule (16 CFR Part 314) — our information security program includes the following controls.
TLS 1.3 Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.3, the current industry standard.
Encrypted Data at Rest
All stored personal and financial information is encrypted at rest using AES-256 encryption.
Multi-Factor Authentication
All staff access to systems containing NPI requires multi-factor authentication (MFA).
Access Controls
Role-based access controls limit who can view customer NPI. All access is logged and audited.
Audit Logging
Every access to nonpublic personal information (NPI) is logged with timestamp, user ID, and IP address per §314.4(c)(8).
Breach Notification
In the event of a data breach, we will notify affected customers within 30 days as required by applicable state laws.
Vendor Management
All third-party service providers with access to NPI are required to maintain equivalent security standards under written agreements.
Annual Risk Assessment
We conduct annual information security risk assessments and update our security program accordingly per §314.4(b).
Employee Training
All staff with access to NPI receive annual privacy and security training per §314.4(f).
Depending on your state of residence, you may have some or all of the following rights regarding your personal information.
Right to Know / Access
Request a copy of the personal information we have collected about you, including categories, sources, and how it is used.
CCPA §1798.110 · CPA · WPA
Right to Delete
Request deletion of your personal information. Certain data may be retained as required by federal mortgage lending laws (7-year retention).
CCPA §1798.105 · CPA · WPA
Right to Correct
Request correction of inaccurate personal information we hold about you.
CCPA §1798.106 · CPA · WPA
Right to Opt-Out
Request that we stop selling or sharing your personal information. Note: we do not sell personal information to third parties.
CCPA §1798.120 · GLBA Regulation P
Right to Portability
Request a portable, machine-readable copy of your personal information.
CCPA §1798.130 · CPA
Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not affect your ability to obtain our services.
CCPA §1798.125
Ready to exercise your rights?
Submit a request online. We will respond within 45 days as required by law. No charge for submitting a request.
We collect only what is necessary for mortgage processing and retain it only as long as required by law.
| Data Category | Purpose | Retention Period | Legal Basis |
|---|---|---|---|
| Loan Application Data (NPI) | Mortgage processing, underwriting, compliance | 7 years | RESPA, ECOA, FCRA |
| Credit Reports | Loan qualification assessment | 25 months | FCRA §605 |
| Contact Information | Communication, lead follow-up | 3 years (or until deletion request) | GLBA, CCPA |
| Website Analytics | Site improvement, marketing optimization | 26 months | Consent / Legitimate Interest |
| TCPA/SMS Consent Records | Proof of consent for communications | 5 years | TCPA 47 CFR §64.1200 |
| GLBA Notice Delivery Records | Regulatory compliance documentation | 5 years | Regulation P §1016.9 |
| Privacy Request Records | Compliance documentation | 3 years | CCPA §1798.130 |
| Audit Logs | Security monitoring, breach detection | 3 years | FTC Safeguards Rule §314.4(c)(8) |
For privacy questions, requests, or concerns, contact us through any of the following channels.
Phone
(602) 628-1231Barrett Financial Group, LLC ATTN: Privacy Officer Scottsdale, AZ 85251
Response Time
Within 45 days of receipt (CCPA requirement)
Regulatory Contacts: If you believe your privacy rights have been violated, you may also file a complaint with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), or your state's attorney general office. California residents may contact the California Attorney General.
We use cookies to improve your experience and comply with applicable law.
We use essential cookies to operate this site. With your consent, we also use analytics cookies (to understand how visitors use our site) and marketing cookies (to show relevant content). You may opt out at any time. Privacy Policy · GLBA Notice