Security & Compliance
Enterprise-grade security, compliant by design. We protect every document and every action with layered controls.
Encryption
AES-256 at rest, TLS 1.2+ in transit. Keys rotated regularly and stored securely.
Access Control
Least-privilege, role-based access. All access is logged and reviewed.
Monitoring
24/7 monitoring, anomaly detection, and automated alerts for suspicious activity.
Our Security Program
We operate a defense-in-depth model combining hardened infrastructure, strict identity & access management, continuous monitoring, and regular audits. All sensitive data is isolated and encrypted, and we regularly conduct penetration testing with independent partners.
- Network segmentation and WAF protection
- Mandatory MFA for administrative access
- Automated backups and disaster recovery testing
- Secure SDLC with code review and dependency scanning
Compliance
PIPEDA (Canada)
Our data handling aligns with PIPEDA requirements, including consent, transparency, access, and safeguarding.
FCRA (US)
We follow FCRA guidance for fair reporting practices and consumer rights during tenant screening.
CCPA/CPRA (California)
We support consumer rights to access, delete, and opt out of data sharing, with clear workflows.
GDPR Principles
While not our primary jurisdiction, we adhere to core GDPR principles around minimization and purpose limitation.
Data Retention & Deletion
Original documents are automatically deleted 30 days after verification. Analytical outputs are retained up to 12 months for dispute resolution and auditability, then permanently erased. You can request early deletion at any time.
Report a Vulnerability
We value security researchers and run a responsible disclosure program. If you believe you’ve found a security issue, please contact us.