Request Access

Privacy Policy

Last updated: February 25, 2026

Introduction

Mektra LLC ("Mektra," "we," "us," or "our") operates Studio 1003 and the website located at 1003.io. We are committed to protecting the personal data of individuals who visit our website, use our platform, or engage with our services. This Privacy Policy explains how we collect, use, share, and safeguard your personal information.

By accessing or using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our website or services.

Mektra LLC is located at 60 E Rio Salado Pkwy Ste 900, Tempe, AZ 85281. You may contact us at [email protected] or by phone at 920-238-6560.

1. Categories of Personal Data Collected

We may collect the following categories of personal data depending on how you interact with our website and services:

  • Account Data: First name, last name, email address, company name, NMLS ID, and phone number provided during access requests and account registration.
  • Billing Data: Payment information processed through Stripe for subscription management. We do not store full credit card numbers on our servers.
  • Platform Data: Borrower records, pipeline data, documents, call logs, and other information you enter into Studio 1003 in the course of using the platform.
  • Contact Information: Full name, email address, phone number, and other details you provide when contacting us.
  • Technical Identifiers: Cookies, session tokens, and similar tracking technologies used to identify your browser or device.
  • Usage Data: Pages visited, features used, time spent on pages, navigation paths, click patterns, and referral sources.
  • Device Data: Operating system, browser type and version, screen resolution, language preferences, and device type.
  • IP Address: Your Internet Protocol address collected automatically when you access our website or platform.
  • Form Submissions: Any information you voluntarily submit through contact forms, access request forms, or other input fields on our website.
  • Integration Data: When you connect Studio 1003 to third-party services, additional categories of data may be processed through those integrations, including:
    • Contact information and borrower details exchanged with loan origination systems (LOS)
    • Call and SMS metadata processed through telephony and messaging integrations
    • Email metadata and delivery information processed through email service providers
    • Documents and verification results exchanged with document management and verification providers
    • Loan fields, pricing data, and credit information exchanged with credit, pricing, and compliance vendors

2. Sources of Data

We collect personal data from the following sources:

  • Direct Submissions: Information you provide to us directly through forms, emails, phone calls, or other communications.
  • Platform Usage: Data generated through your use of the Studio 1003 platform, including pipeline activity, call records, and document uploads.
  • Automated Tracking: Data collected automatically through cookies, web beacons, analytics scripts, and similar technologies when you visit our website.
  • Service Provider Integrations: Information received from third-party service providers that support our website and platform operations, including analytics platforms, hosting providers, and payment processors.
  • Third-Party Integrations: Data received from or transmitted to third-party systems you connect to Studio 1003, such as loan origination systems, credit bureaus, pricing engines, telephony providers, messaging platforms, document vendors, and verification services. The data exchanged depends on the specific integrations you enable.

3. Purposes of Processing

We process personal data for the following purposes:

  • Provide Services: To deliver, maintain, and improve the Studio 1003 platform and the services you have requested.
  • Account Management: To process access requests, manage your account, handle billing, and communicate service-related information.
  • Respond to Inquiries: To respond to your questions, comments, and requests submitted through our website or other channels.
  • Analytics and Optimization: To understand how visitors and users interact with our website and platform so we can improve the user experience, content, and functionality.
  • Security and Fraud Prevention: To protect our platform, services, and users from unauthorized access, fraud, and other harmful activities.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Legal Bases for Processing

We process personal data based on the following legal grounds, as applicable:

  • Consent: Where you have provided clear, affirmative consent for us to process your data for specific purposes, such as receiving marketing communications or accepting non-essential cookies.
  • Contract Performance: Where processing is necessary to fulfill our obligations under a contract with you, such as providing the Studio 1003 platform services, or to take steps at your request prior to entering into a contract.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include fraud prevention, platform security monitoring, and business analytics.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject.

For purposes such as fraud prevention and security monitoring, we have conducted balancing assessments to ensure that our legitimate interests do not disproportionately affect your rights. Security monitoring logs are retained only for defined operational periods and are subject to access controls.

5. Borrower Data and Integration Data — Processor vs. Controller

Borrower data entered into Studio 1003 by you and your team is your data. We process it on your behalf to provide the platform services. We do not access, use, or share borrower data for any purpose other than delivering the Studio 1003 service. We act as a data processor with respect to borrower data, and you remain the data controller.

When you enable third-party integrations within Studio 1003, data may be transmitted to or received from those third-party services on your behalf. With respect to this integration data, we act as a data processor carrying out your instructions. You remain the data controller and are responsible for ensuring that your use of each integration complies with applicable privacy laws, the third-party provider's terms and privacy policies, and any consent or notice obligations owed to borrowers or other data subjects.

Each integration vendor may independently act as a data controller or processor depending on the nature of the service they provide. Their own privacy policies and terms govern their handling of data once it is transmitted to their systems. We encourage you to review the privacy policies of any third-party services you connect to Studio 1003.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for as long as your account is active. If you cancel your subscription, we retain your data for a reasonable period to allow for reactivation. You can request deletion at any time.
  • Access Request Data: Retained for a reasonable business duration following your request.
  • Platform Data: Retained in accordance with your subscription and applicable data retention settings.
  • Analytics Data: Retained per the applicable vendor retention window as configured in our analytics platforms.
  • Security Logs: Retained for a defined operational period necessary to detect and investigate potential security incidents.
  • Integration Data: Data processed through third-party integrations is transmitted in real time or near-real time and is retained within Studio 1003 only as long as necessary to provide the platform services and maintain operational records. Retention of data within third-party integration systems is governed by those providers' own retention policies.

We do not retain personal data indefinitely. When personal data is no longer needed, it is securely deleted or anonymized. Specific retention periods may vary based on the nature of the data, applicable legal and regulatory requirements, and the terms of your subscription. We do not commit to specific retention timelines beyond what is required by law, and we reserve the right to adjust retention practices as needed to comply with evolving legal obligations.

7. Data Sharing

We may share personal data with the following categories of third parties:

  • Payment Processor: Stripe for subscription billing and payment processing. When you provide payment information, it is handled directly by Stripe under their security standards.
  • Hosting Providers: Infrastructure and hosting services that store and serve our website and platform data.
  • Analytics Providers: Google Analytics (GA4) for website usage analytics and performance measurement.
  • Tag Management: Google Tag Manager (GTM) for managing and deploying tracking scripts on our website.
  • Email Services: Resend for transactional email delivery.
  • Infrastructure Vendors: Other vendors that provide essential infrastructure, security, and operational support.
  • Legal or Compliance Authorities: Government agencies, courts, or other entities when required by law or to protect our legal rights.
  • Integration Vendors (Subprocessors): When you enable integrations within Studio 1003, data may be shared with the third-party vendors that power those integrations. These vendors act as subprocessors and may include providers of loan origination systems, credit reporting, pricing engines, telephony, messaging, document management, and verification services. Data is shared only as necessary to facilitate the integration you have enabled, and each vendor's own privacy policy and terms of service govern their use of that data.

We do not sell your personal information to third parties. We do not share your personal data for purposes unrelated to those described in this Privacy Policy.

8. Cookies and Analytics

We use Google Analytics with Google Tag Manager and Consent Mode v2 to understand how visitors interact with our marketing site. We use essential cookies for session management and authentication within the application. Our cookie consent banner allows you to accept all cookies, reject non-essential cookies, or manage your preferences. We do not use advertising cookies or tracking pixels.

9. International Transfers

Your personal data may be processed in the United States, where Mektra LLC is headquartered, or in other jurisdictions where our service providers operate. If your data is transferred outside of your country of residence, we implement standard contractual safeguards where applicable to ensure an adequate level of data protection in compliance with relevant data protection laws.

10. Your Privacy Rights — US State Laws

Depending on your state of residence, you may have the following privacy rights under applicable US state privacy laws (such as the California Consumer Privacy Act and similar state legislation):

  • Right to Know: You may request information about the categories and specific pieces of personal data we have collected about you.
  • Right to Delete: You may request that we delete personal data we have collected from you, subject to certain legal exceptions.
  • Right to Correct: You may request that we correct inaccurate personal data that we maintain about you.
  • Right to Opt Out of Targeted Advertising: You may opt out of the use of your personal data for targeted advertising purposes.
  • Right to Opt Out of Sale or Sharing: You may opt out of the sale or sharing of your personal data, where applicable. Mektra does not sell personal information.
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to verifiable requests within the timeframe required by applicable law.

11. Your Privacy Rights — EEA/UK

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and applicable UK data protection laws:

  • Access: You may request a copy of the personal data we hold about you.
  • Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Erasure: You may request that we delete your personal data in certain circumstances.
  • Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
  • Objection: You may object to our processing of your personal data based on legitimate interests.
  • Portability: You may request that we provide your personal data in a structured, commonly used, and readable format.
  • Complaint to Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

To exercise these rights, contact us at [email protected].

12. Security Measures

We implement reasonable security measures designed to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Administrative Safeguards: Policies and procedures governing data access, handling, and incident response.
  • Technical Safeguards: Industry-standard tools and configurations to protect systems and data, including TLS 1.2+ for data in transit and AES-256 encryption for data at rest.
  • Access Controls: Role-based access restrictions limiting data access to authorized personnel only.
  • Monitoring and Logging: Ongoing monitoring of systems and access logs to detect and respond to potential security events.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

13. Children's Data

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe that a child under 13 has provided personal data to us, please contact us at [email protected].

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Mektra LLC
60 E Rio Salado Pkwy Ste 900
Tempe, AZ 85281
Email: [email protected]
Phone: 920-238-6560