Real estate involves sensitive personal and financial information. We understand the trust you place in us and have built our platform with security at every layer. Below is an overview of our security practices.
Encryption
- All data encrypted in transit using TLS 1.3
- Data at rest encrypted with AES-256
- Database connections use SSL/TLS certificates
- Passwords hashed using bcrypt with per-user salts
Infrastructure
- Hosted on Vercel with global edge network
- Database hosted on Supabase with automated backups
- DDoS protection and rate limiting on all endpoints
- Automated failover and disaster recovery
Authentication
- Secure session management with HTTP-only cookies
- Support for social login (Google, Facebook, LinkedIn)
- Row Level Security (RLS) on all database tables
- Role-based access control for team features
Access Control
- Principle of least privilege for all internal access
- Audit logging for administrative actions
- API keys scoped to specific permissions
- Team member roles with granular permissions
Monitoring & Response
- 24/7 automated security monitoring
- Real-time alerting on suspicious activity
- Regular penetration testing by third-party firms
- Incident response plan with defined SLAs
Compliance
- GDPR compliant data processing
- CCPA compliant for California residents
- SOC 2 Type II certification in progress
- Regular third-party security audits
Responsible Disclosure
We value the work of security researchers. If you discover a vulnerability in our platform, please report it responsibly. We ask that you:
- Email your findings to security@themls.ai with detailed reproduction steps
- Allow us reasonable time (90 days) to address the issue before public disclosure
- Do not access, modify, or delete other users' data
- Do not perform denial-of-service attacks or social engineering
We commit to not pursuing legal action against researchers who follow these guidelines. Contact us at security@themls.ai.