FAQs on Sherlok's Data Processing & Security
What measures does Sherlok take to ensure data security?
Sherlok prioritizes the security of both broker and consumer data. We employ robust security practices, including engaging independent security reviewers and auditors, continuous compliance monitoring, and adhering to industry-standard encryption protocols to safeguard sensitive information.
How does Sherlok gather data for accurate customer churn prediction and repricing automation?
Sherlok utilizes a variety of first-party and third-party data sources to gather comprehensive information about loans, customers, and properties. These sources include consumer-provided data, open banking consent processes, and manual data entry by brokers and Sherlok staff.
What role does open banking play in data collection for Sherlok?
Through open banking, consumers provide explicit consent for sharing their data with Sherlok. We operate as a Trusted Adviser in the Consumer Data Right (CDR) system, ensuring consumers have control over what data is shared, for what purposes, and for how long.
How does Sherlok handle manual data entry by brokers and staff?
Brokers can manually enter customer, loan, and property details into Sherlok as needed. Additionally, our staff can assist brokers in collecting missing data points required for repricing automation, following strict data processing rules.
What feedback does Sherlok provide from the repricing process?
Sherlok updates loan details, including new rates and outstanding balances, based on repricing requests. Consumers are notified about any updates to their loan details resulting from proactive repricing by Sherlok.
What additional data does Sherlok collect from brokers, and why?
Sherlok collects identity and access information, billing details for paid versions, API keys, and lender portal credentials. This data allows for personalization, billing, and automation of certain repricing steps.
How does Sherlok ensure access control and organizational security?
Sherlok implements confidentiality clauses, background checks, and security training for employees and contractors. Access to systems is controlled via network security and two-factor authentication, with continuous monitoring and logging of access.
Where is Sherlok's data hosted, and what security measures are in place?
Sherlok's primary hosting provider is Amazon AWS, located in Sydney. We employ encryption in-transit and at-rest, regular security updates, and conduct regular recovery drills to ensure data protection and availability.
Which subprocessors does Sherlok utilize for its operations?
Sherlok utilizes subprocessors such as Amazon Web Services, Microsoft, Google Cloud Platform, Stripe Payments, and others for cloud services, office productivity, payment processing, and customer success software.
What certifications and compliance standards does Sherlok adhere to?