Bank-Level Security
Your property data is protected with enterprise-grade security and compliance
How We Protect Your Information
We take security seriously. Your property documents, financial information, and personal data are protected using the same standards trusted by banks and financial institutions.
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption, the same standard used by banks and financial institutions.
Enterprise Infrastructure
Built on enterprise-grade cloud infrastructure with SOC 2 Type II compliance, 99.9% uptime SLA, and automated backups.
Access Controls
Multi-factor authentication, role-based access controls, and least-privilege principles ensure only authorized access to your data.
Secure Authentication
Industry-standard authentication powered by Supabase Auth with bcrypt password hashing and session management.
Regular Security Audits
Continuous security monitoring, vulnerability scanning, and regular penetration testing to identify and address potential risks.
Threat Detection
24/7 automated monitoring and alerting for suspicious activity, unauthorized access attempts, and potential security threats.
Security Infrastructure
Data Encryption
In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), preventing interception by third parties.
At Rest: All stored data is encrypted using AES-256 encryption, the gold standard for data protection used by governments and financial institutions worldwide.
Document Storage: Uploaded documents are stored in encrypted cloud storage with redundancy across multiple geographic locations for disaster recovery.
Authentication & Access Control
Multi-Factor Authentication (MFA): Optional MFA adds an extra layer of security to your account using time-based one-time passwords (TOTP).
Password Security: Passwords are hashed using bcrypt with per-user salt, making them computationally infeasible to reverse.
Session Management: Secure session tokens with automatic expiration and refresh mechanisms prevent unauthorized access.
Role-Based Access: Internal team access is restricted based on job function, following the principle of least privilege.
Cloud Infrastructure Security
Supabase (Database): PostgreSQL database hosted on AWS with automated backups, point-in-time recovery, and row-level security (RLS) policies.
Google Cloud Platform: AI processing (Gemini 2.5 Pro) runs on Google's secure infrastructure with data processing agreements in place.
Vercel (Hosting): Edge network with DDoS protection, automatic SSL certificates, and global CDN for fast, secure delivery.
Network Security: Firewalls, intrusion detection systems, and network segmentation isolate sensitive components.
Monitoring & Incident Response
24/7 Monitoring: Automated systems continuously monitor for unusual activity, failed login attempts, and potential security threats.
Vulnerability Scanning: Regular automated scans identify and alert us to potential vulnerabilities in dependencies and infrastructure.
Incident Response Plan: Documented procedures for identifying, containing, and resolving security incidents within established timeframes.
Breach Notification: If a data breach occurs, we will notify affected users within 72 hours as required by law.
Compliance & Standards
Financial Data Protection
We follow industry best practices for handling financial information, including rigorous safeguarding protocols and transparent privacy notices, inspired by standards like the Gramm-Leach-Bliley Act.
CCPA/CPRA (California)
California residents have enhanced privacy rights including data access, deletion, and opt-out of sales (we don't sell data).
SOC 2 Type II
Our infrastructure providers (Supabase, Vercel, GCP) maintain SOC 2 Type II compliance for security, availability, and confidentiality.
GDPR Ready
Our privacy practices align with GDPR principles including data minimization, purpose limitation, and user rights.
Our Security Commitments
We will never sell your data to third parties or advertisers
We will never use your documents to train AI models for other users
We will never share your property data without your explicit consent
We will notify you immediately if we detect unauthorized access to your account
We will maintain transparency about how your data is used and protected
How You Can Help Protect Your Account
- ✓Use a strong, unique password with at least 12 characters including uppercase, lowercase, numbers, and symbols
- ✓Enable multi-factor authentication (MFA) for an extra layer of account protection
- ✓Never share your password with anyone, including NestKeepr employees (we will never ask)
- ✓Log out of shared devices and avoid using public Wi-Fi for sensitive transactions
- ✓Report suspicious activity immediately to security@nestkeepr.com
- ✓Keep your email secure since password resets are sent to your registered email address
Report a Security Issue
If you discover a security vulnerability or have concerns about account security:
Security Team: security@nestkeepr.com
Response Time: Critical security issues are addressed within 24 hours
For general privacy questions, contact privacy@nestkeepr.com