Home/Security & data
Security & data

Your data, handled with care.

We build custom systems for real estate companies, and those systems run on your data. Our stance is simple: the data is yours, you can take it with you, and we protect it with sensible, standard practices. This page lays out how we handle it — and is honest about what is in place today versus what is still on our roadmap.

Trust posture

Where we stand.

A few things you can count on from the first engagement. No badges we have not earned, and no security theater.

Registered companyDeal Direct Exportable on requestStandard formats, anytime Encryption in transitHTTPS/TLS by default Role-based accessPeople see only what they should
Practices

How we handle your data.

The day-to-day practices built into the systems we deliver — which run on your own cloud accounts, not ours. They are standard, deliberate, and the same regardless of project size.

  • Data ownership & portability

    Your records, contacts, and history belong to you. We design schemas you can read and export in standard formats, so you are never trapped inside a black box you cannot leave.

  • Role-based access control

    Access is scoped to roles, so agents, managers, and admins each see and do only what their job requires. Permissions are reviewed when people join, change roles, or leave.

  • Encryption

    Traffic to and from the systems we build is encrypted in transit over HTTPS/TLS, and the reputable, mainstream cloud accounts they run on — yours, not ours — encrypt stored data at rest.

  • Backups & reliability

    We set up regular backups with point-in-time recovery on your own infrastructure, so an outage or a bad change does not become a lost-data event.

  • Data export, any time

    You can export your data at any time, in your format. For longer engagements we can set up a recurring export to a location you control, so a usable snapshot always sits in your hands.

  • Vendor & dependency hygiene

    We keep the dependency list small and deliberate, favor well-supported libraries, patch known issues, and prefer reputable providers over whatever is newest. Fewer moving parts means fewer ways to fail.

Your data

Your data isn't ours to monetize.

Your records stay in your own systems and accounts. There is no product login where your data lives only with us, and nothing important is locked away — you can read it, export it, and take it with you.

  • It is your data, full stop — contacts, deals, documents, and history are yours, not ours to monetize or gate.
  • Exportable on request — a complete export in standard formats whenever you ask, no exit fee and no friction.
  • Runs on your accounts — hosting and key services sit on your own cloud accounts, billed to you directly, so your data never lives with us.
  • Documented, not mysterious — you get a readable schema and notes, so another team could pick it up if they had to.
OWNERSHIP · what stays yours
AssetOwnerStatus
Contacts & deal recordsYouExportable
Documents & historyYouExportable
Reports & dashboardsYouYours
Database schemaYouDocumented
Cloud & service accountsYouAt cost

Want the export options spelled out for your engagement? We will put it in writing. Ask us →

Honest note

What we have, and what's on the roadmap.

We would rather be straight with you than imply certifications we do not hold. Here is the honest split between what is in place today and what we are working toward.

In place today

Data ownership and export, role-based access control, encryption in transit, regular backups on your own infrastructure, and disciplined vendor and dependency hygiene. These are built into every system we ship.

On the roadmap

A formal SOC 2 examination is a goal we are working toward, not a certification we hold today. We are also maturing our written policies, access reviews, and incident response so they would stand up to an audit. We will say so plainly the moment any of it is certified.

What we promise

We will not market a control we have not implemented or a certificate we have not earned. If your industry or your own clients require specific controls, tell us early and we will scope the engagement to meet them honestly.

Have a security questionnaire or a vendor review to complete? Send it over and we will answer it directly, including where the honest answer is "not yet." Start there →

Security & data

Questions about how we'd handle your data?

Bring us your security requirements, your export needs, or your vendor questionnaire. We will give you straight answers about what we do, how we protect it, and where we are still maturing.