Compliance Overview
Transparency about our compliance posture, certifications, data protection practices, and sub-processor ecosystem.
SOC 2 Type 2
In ProgressWe are currently undergoing SOC 2 Type 2 audit with an independent third-party auditor. All Trust Service Criteria (TSC) controls have been implemented and are being monitored during the observation period.
Expected completion: Q3 2026. Report will be available to customers under NDA upon request.
GDPR Compliance
CompliantAs an EU-based service with data hosted in France, Real Estate OS is fully compliant with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.
Data Processing Agreement (DPA)
A pre-signed GDPR-compliant Data Processing Agreement is available for all customers. Enterprise customers may request a custom DPA. Contact us to obtain a copy.
Sub-processor List
The following third-party services process data on behalf of Real Estate OS. All sub-processors maintain SOC 2 Type 2 certification.
| Sub-processor | Purpose | Location | SOC 2 |
|---|---|---|---|
| Stripe | Payment processing | US | Type 2 |
| Plaid | Bank account linking | US | Type 2 |
| Anthropic | AI document analysis | US | Type 2 |
| Resend | Transactional email | US | Type 2 |
| OVH | Infrastructure hosting | France (EU) | Type 2 |
| Sentry | Error monitoring | US | Type 2 |
This list was last updated in March 2026. We will notify customers at least 30 days before adding new sub-processors.
Security Certifications Roadmap
Security Controls Implementation
CompleteAll 12 SOC 2 Trust Service Criteria controls implemented
Q4 2025
SOC 2 Type 2 Audit
In ProgressObservation period with independent auditor
Q1 2026
SOC 2 Type 2 Report
PlannedExpected certification completion
Q3 2026
ISO 27001
PlannedInformation security management system certification
Q1 2027
Compliance Inquiries
For questions about our compliance program, to request our SOC 2 report, or to discuss enterprise security requirements, contact our compliance team.
compliance@betonassets.com