Security

v1 stub. This page describes the security posture in force at launch. Formal SOC 2 / ISO 27001 attestation is on the v1.5 roadmap.

Encryption

All uploaded contracts and generated reports are encrypted at rest in Cloudflare R2 using AES-256. In-transit traffic is TLS 1.3. Database connections use mutual-TLS where the cloud provider supports it; encryption keys are managed by the platform KMS.

Access control

Authentication via Clerk with mandatory email verification. Application-layer tenancy isolation: every domain row has an owner_id and queries filter on it. Object access is gated by signed URLs that auto-expire. PII redaction via Microsoft Presidio runs on every log line before it reaches storage.

Incident response

Sentry catches application errors with PII redaction enabled. Material incidents are disclosed to affected accounts within 72 hours of discovery. Failed report generations auto-refund within seconds and are tagged in the credit ledger so they can be audited.

Reporting a vulnerability

Security disclosures: security@property-finder.app. We acknowledge within 48 hours.