Bank-Level Protection
Your property intelligence is protected with enterprise-grade security and compliance
How We Protect Your Information
We take security seriously. Your property documents, financial information, and personal data are protected using industry-standard security measures and encryption.
Data Encryption
Same encryption protection banks use for your financial data. Your documents are protected in transit and at rest.
Enterprise Infrastructure
Infrastructure trusted by Fortune 500 companies, with high availability and automated backups.
Access Controls
Multi-factor authentication, role-based access controls, and least-privilege principles ensure only authorized access to your data.
Secure Authentication
Industry-standard authentication powered by Supabase Auth with bcrypt password hashing and session management.
Regular Security Audits
Continuous security monitoring, vulnerability scanning, and regular penetration testing to identify and address potential risks.
Threat Detection
24/7 automated monitoring and alerting for suspicious activity, unauthorized access attempts, and potential security threats.
Security Infrastructure
Data Encryption
In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), preventing interception by third parties.
At Rest: All stored data is encrypted using AES-256 encryption, the gold standard for data protection used by governments and financial institutions worldwide.
Document Storage: Uploaded documents are stored in encrypted cloud storage with redundancy across multiple geographic locations for disaster recovery.
Authentication & Access Control
Multi-Factor Authentication (MFA): Required SMS-based verification adds an essential layer of security. Every login requires a one-time code sent to your verified phone number.
Password Security: Passwords are hashed using bcrypt with per-user salt, making them computationally infeasible to reverse.
Session Management: Secure session tokens with automatic expiration and refresh mechanisms prevent unauthorized access.
Role-Based Access: Internal team access is restricted based on job function, following the principle of least privilege.
Cloud Infrastructure Security
Supabase (Database): PostgreSQL database hosted on AWS with automated backups, point-in-time recovery, and row-level security (RLS) policies.
Google Cloud Platform: AI processing (Gemini 2.5 Pro) runs on Google's secure infrastructure with data processing agreements in place.
Vercel (Hosting): Edge network with DDoS protection, automatic SSL certificates, and global CDN for fast, secure delivery.
Network Security: Firewalls, intrusion detection systems, and network segmentation isolate sensitive components.
Monitoring & Incident Response
24/7 Monitoring: Automated systems continuously monitor for unusual activity, failed login attempts, and potential security threats.
Vulnerability Scanning: Regular automated scans identify and alert us to potential vulnerabilities in dependencies and infrastructure.
Incident Response Plan: Documented procedures for identifying, containing, and resolving security incidents within established timeframes.
Breach Notification: If a data breach occurs, we will notify affected users within 72 hours as required by law.
Compliance & Standards
Financial Data Protection
We follow industry best practices for handling financial information, including rigorous safeguarding protocols and transparent privacy notices, inspired by standards like the Gramm-Leach-Bliley Act.
CCPA/CPRA (California)
California residents have enhanced privacy rights including data access, deletion, and opt-out of sales (we don't sell data).
SOC 2 Type II
Our infrastructure providers (Supabase, Vercel, GCP) maintain SOC 2 Type II compliance for security, availability, and confidentiality.
GDPR Ready
Our privacy practices align with GDPR principles including data minimization, purpose limitation, and user rights.
Our Security Commitments
We do not sell your data to third parties or advertisers
We do not use your documents to train AI models for other users
We do not share your property information without your explicit consent
We are committed to notifying you promptly if we detect unauthorized access to your account
We will maintain transparency about how your data is used and protected
How You Can Help Protect Your Account
- ✓Use a strong, unique password with at least 12 characters including uppercase, lowercase, numbers, and symbols
- ✓Keep your phone number current for SMS-based multi-factor authentication (MFA is required for all accounts)
- ✓Never share your password with anyone, including NestKeepr employees (we will never ask)
- ✓Log out of shared devices and avoid using public Wi-Fi for sensitive transactions
- ✓Report suspicious activity immediately to security@nestkeepr.com
- ✓Keep your email secure since password resets are sent to your registered email address
Report a Security Issue
If you discover a security vulnerability or have concerns about account security:
Security Team: security@nestkeepr.com
Response Time: We prioritize critical security issues
Security Researchers: Please review our Vulnerability Disclosure Policy for safe harbor protections and reporting guidelines.
For general privacy questions, contact privacy@nestkeepr.com