How we protect your data.
Infrastructure
- ✓Hosting: Vercel edge network with automatic SSL/TLS encryption on all connections
- ✓Database: Supabase (AWS US-East-2) with encryption at rest and in transit
- ✓Authentication: Supabase Auth with bcrypt password hashing — we never store or see your password
- ✓File Storage: Supabase Storage with per-tenant isolation for compliance documents
Data Isolation
- ✓Multi-tenant isolation: Every database query is scoped to your brokerage's tenant ID. One brokerage can never access another's data.
- ✓Row Level Security: Supabase RLS policies enforce data access at the database level — even if application code has a bug, the database won't return unauthorized data.
- ✓Role-based access: Agents, brokers, managers, and owners each see only what their role permits. Permissions are customizable per user.
Application Security
- ✓Input validation: All user inputs validated with Zod schemas at the server boundary
- ✓XSS prevention: React's built-in escaping plus sanitized OG metadata
- ✓CSRF protection: Server Actions with built-in CSRF tokens
- ✓Webhook security: Stripe signature verification on all payment webhooks
- ✓Dependency auditing: Daily automated security scans of all dependencies
Monitoring & Response
- ✓Audit logging: Every compliance-relevant action is recorded with timestamp, actor, and metadata
- ✓Automated testing: Type checking, unit tests, and E2E tests run on every code change
- ✓Incident response: Data breach notification within 45 days per Tennessee TIPA requirements
Compliance
- ✓Tennessee TIPA: Compliant with Tennessee Information Protection Act (effective July 1, 2025)
- ✓CAN-SPAM: Unsubscribe links in all automated emails, physical address included
- ✓Data Processing Agreements: Available for all subscribing brokerages
Questions?
Contact us at security@brokerready.net for security inquiries or to report a vulnerability.