Our Privacy First Approach For Lenders
As a reminder, Alpharank only works with US banks and credit unions so that we can focus on the unique needs of our customers. Our design is ‘Privacy First’:
● We do not collect Personally Identiﬁable Information (PII) or Non-Public Information (NPI)
● We do not collect privacy busting data elements such as IP or MAC addresses
● Our data collection does not rely on cookies
In this document we detail the data that is collected on behalf of the Lender, how it is stored, processed, and reported back to the Lender.
Data Collection and Security
Alpharank only collects data with the explicit permission of our customer (the Lender). The data that is collected does not contain any Personally Identiﬁable Information (PII), Non-Public Information (NPI), customer or member information (CI) nor other data that could lead to reidentiﬁcation (such as IP or MAC address).
We collect only two types of information:
A) Anonymous clickstream data: Document Object Model changes from the online systems
(website, account opening, loan origination systems)
B) System of Record: processing information from account opening and loan origination systems
Anonymous Clickstream Data
Lenders install the Alpharank tag on various online systems. This tag collects in real time anonymous DOM events. The tag does not report any PII, NMI, CI nor any potentially re-identiﬁable data. The data from the tag is expressly limited to the following data points:
● Lender unique id
● Browser properties id
● DOM event and event information (e.g. “Click” on “continue button”)
● Document Link (URL) and Title
● TimeStamp (in milliseconds) and Time Zone oﬀset (in minutes)
● Document Encoding, screen resolution, color depth, viewport
● Browser Name
● Browser User Agent
● Mobile device indicator
System of Record Data
Lenders provide Alpharank system of record data showing the disposition of the completed loan and account applications. This is crucial because Lenders want to maximize dollars processed out (loans) and processed in (deposits), not clicks or completions.
System of Record data is provided either through a dedicated export facility such as MeridianLink FileNexus, or through a secure FTP transfer scheduled by the Lender.
The data provided by the Lender to Alpharank does not contain any PII, NMI, CI nor any potentially
re-identiﬁable data. The data from the Lender is expressly limited to the following data points:
Optional (Enhanced Analytics)
● Credit Score
● Debt-to-Income Ratio
● Loan-to-Value Ratio
● Denial Reason
Data Storage & Processing
Clickstream data and System of Record data are stored securely in Alpharank’s dedicated Amazon Web Services (AWS) instance. Access to AWS is controlled via an explicit authorized user list plus multi factor authentication:
● Account ID
● IAM user name
● IAM password
● Dynamic authentication code (from a hard or soft token, 30 seconds validity)
Clickstream data is processed by an event handler at time of collection, then moved nightly into AWS S3 long term storage. System of Record data is placed directly into S3 storage.
Alpharank’s data science model operates on both data sets to produce its ﬁnal analytics and recommendations. The model is built on a series of lambda functions that are instantiated on demand, produce output data, and then automatically clean up at the end of operation. These output data are stored securely in a separate RedShift environment also in AWS.
Alpharank’s advanced reporting functions to the Lender are delivered through a series of web widget components that query the RedShift environment in real time. By deﬁnition, none of these widgets contain customer/member information, personal information, or non-public information.
Reporting widgets include:
● Time based line and bar charts
● Event funnel charts
● Combo drill-down charts combining one or more of the above
Built into each of these widgets is the ability to query or ﬁlter the data as required. For example:
● “Show me only funded accounts and dollars for certiﬁcates of deposits and money market accounts opened in March 2023”
● “Show me the performance in terms of applications received/approved/funded including $$ booked from Google searches for my Broadway & Main branch”
● “List all DENIED vehicle loans apps from existing customers via digital banking single sign on”
In addition to built-in reporting functions, Alpharank instantiates on request additional Lender-speciﬁc widgets to address enterprise needs. For example:
“Report funded checking accounts from Google/Meta/Bing by county”
● “Report funded checking accounts from Google/Meta/Bing by county”
For advanced Lenders, we provide a regular feed of output data that can be fed back into enterprise BI systems (for example, Tableau, SalesForce Marketing Cloud, PowerBI, Adobe Analytics) or into ad platforms (for example, Google/Meta/Bing). This data transfer is engineered so only the lender can reconcile the underlying behavior to the identity of the web visitor. Delivery is typically organized through secure FTP.
Data Usage & Permissions
Alpharank collects ﬁrst-party data on behalf of Lenders with explicit Lender permission:
(i) to perform the Optimization Services;
(ii) to the extent required by applicable law; and
(iii) internally for purposes of developing, improving and testing its algorithms and techniques.
Alpharank does not use or disclose the collected Data except for the purposes of benchmarking or as otherwise requested or authorized by the Lender in writing (for example, feed Alpharank data into Salesforce Marketing Cloud, Tableau reporting solution, or Google Ads Oﬄine Conversions).
For benchmarking, we only share information that is limited to usage patterns, and reduced into anonymous, aggregated form (“De-identiﬁed Data”).
Alpharank does not sell or share data with any ad exchanges, brokers, or other entities that are in the business of proﬁting from the sale of personal information.
Download a copy of our Data Collection, Storage & Transmission Policy - Click Here