Real estate transactions contain sensitive personal and financial data. We treat that with the seriousness it deserves.
Security is built into every layer of CloseTrac - not bolted on afterward.
All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Supabase enforces row-level security so no user can ever access another user's records - even if they share a database.
CloseTrac uses Supabase Auth with email + password sign-in and magic links. Broker accounts have scoped team access - agents only see their own clients and deals. Client portals are invite-only with unique access tokens.
CloseTrac runs on Vercel (global edge network) and Supabase (Postgres hosted on AWS). Both providers hold SOC 2 Type II certification. All infrastructure is managed with least-privilege access policies.
All document submissions, task completions, and client portal access events are logged with timestamps, IP addresses, and user identifiers - so you always have a complete record of who did what and when.
Documents are stored in private, signed-URL-gated Supabase Storage buckets. Presigned URLs expire in 60 seconds. No document is ever publicly accessible by URL alone.
If you discover a security vulnerability in CloseTrac, please report it to security@closetrac.com. We aim to acknowledge all reports within 24 hours and provide a resolution timeline within 72 hours.
CloseTrac inherits security certifications from its infrastructure providers, supplemented by our own controls.
We take security reports seriously. If you've discovered a potential security issue in CloseTrac, please reach out to us privately before disclosing publicly. We'll work quickly to investigate and resolve.
security@closetrac.com