Enterprise-Grade Security
Real Estate OS is built from the ground up with SOC 2 readiness in mind. Your property and financial data is protected by multiple layers of industry-leading security controls.
Security Controls
Data Encryption
TLS 1.3 for all data in transit. AES-256 encryption at rest via PostgreSQL transparent data encryption. All backups are encrypted.
Authentication
Multi-factor authentication (MFA/TOTP), SAML SSO for enterprise, and argon2id password hashing with per-user salts.
Authorization
Role-based access control (RBAC) with 5 roles, row-level security (RLS) policies, and full tenant isolation.
Audit Logging
Complete audit trail for every data change with before/after snapshots, actor identification, and tamper-proof storage.
API Security
SHA-256 API key hashing, request rate limiting, HMAC webhook signatures, and scoped access tokens.
Infrastructure
Hosted on dedicated VPS infrastructure (OVH France). Automated daily backups, health monitoring, and incident alerting.
Session Management
30-minute idle timeout, 12-hour absolute session lifetime, secure HttpOnly cookies, and SameSite strict policy.
Vulnerability Management
Strict Content Security Policy (CSP), security headers (HSTS, X-Frame-Options), input validation, and output encoding.
Incident Response
Automated anomaly detection, structured logging with Sentry, real-time alerting, and documented incident response procedures.
Compliance Status
We are actively pursuing SOC 2 Type 2 certification. All 12 required security controls have been implemented and are undergoing continuous monitoring.
Vendor Security
All third-party vendors (Stripe, Plaid, Anthropic, Resend, Sentry, OVH) are SOC 2 Type 2 certified.
Implemented Controls
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond within 24 hours.
security@betonassets.com