Blueprint Privacy Policy

Security and Use of Personal Data

We have physical, electronic, and procedural safeguards in place to protect your data.  Employee access to the data repositories is controlled and limited.  All data is kept on servers owned and maintained by Microsoft and is backed up in triplicate for data reliability.  All data is kept in the continental United States.  Microsoft regularly submits their services to external security audits and obtains compliance certifications such as HIPAA BAA, ISO/IEC 27001:2005, FedRAMP, and E.U. Model Clauses.  More information here:

Latest SOC Audit: Link  (04/30/2020)

Data Collected – Client

We collect the following data about our users.  Having user data allows us to provide better customer service and communicate with our users.

  • First & Last Name
  • Email address
  • Company information (optional)


Data Collected – Borrower

Blueprint is a mortgage income analysis tool.  Thus Blueprint requires specific lines and boxes from tax returns to function.  This information does not need a real borrower’s name.  By default the borrowers are referred to as: Borrower One, Borrower Two, and so on.  The users have an option to change the default name from Borrower One, to be more specific.  This is completely optional and at the discretion of the user.

Blueprint requires the following information from borrowers to be factually correct:

  • Values from specific lines and boxes from tax forms

The following information may be fictitious and used to give anonymity the borrower:

  • Borrower Name
  • Borrower’s employer name
  • Address of REO properties

Sharing of Data

Blueprint does not share any data about borrowers or users outside the immediate direct employees of Blueprint.

Old Data & Former Users

If your account is un-used for a period of 180 days your data will automatically be erased.  This applies only to former customers.  Active customer data is maintained for a period of 3 years.