Security

We take security very seriously at LoanBuddy. Our team works hard to make sure this is a secure place to conquer your student loan debt.

LoanBuddy is hosted and managed within Microsoft’s Azure cloud. Azure is created using the most rigorous security and compliance standards in the world. Azure is designed with no single point of infrastructure failure.

These include:

  • ISO 27001 & ISO 27018
  • SOC1, SOC2, SOC3
  • FedRAMP
  • HITRUST

All data is encrypted at rest using NSA approved cryptography and encrypted in transit using industry standard https/tls.1.2 protocols. All customer data remains in the continental United States of America.

LoanBuddy uses Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe makes use of best-in-class security tools and practices to maintain a high level of security.

LoanBuddy backs up all data on a daily basis and uses Azure’s global replication service to ensure that its resilient across Azure US regions. In the event Azure region being affected LoanBuddy can resume operation in another Azure region. All backups are encrypted.

A web application firewall, managed by Azure, screens all inbound web traffic for malicious content. Production resources containing customer data are only accessible by authorized LoanBuddy personnel and no wireless networks are used in production.