I work for a bank owned mortgage lender. I say that because we take compliance serious. We use MonitorBase to track credit pulls, HomeBot (to market to our past closed clients) and Jungo for our CRM (track leads, drip market to prospective borrowers, communicate with borrower and their agents when a file is in process etc.)
We do so and feel very compliant. None of those systems have no public date. Non-public data is info such as Social Security Numbers and Bank Account Numbers. Names, DOB, Contact Info, Home Address, purchase price of home, estimated home value, mortgage, mortgage amount and interest rate is all data that is public.
Having an Opt-Out in your message is key.