Security at TurboBroker

Real estate transactions involve sensitive personal and financial data. We built TurboBroker with security at every layer so you can trust us with your most important deals.

Infrastructure Security

  • Hosted on Vercel with enterprise-grade infrastructure and global edge network
  • Database on Supabase (PostgreSQL) with encryption at rest
  • All data encrypted in transit with TLS 1.3
  • All data encrypted at rest with AES-256
  • Automatic backups and disaster recovery

Application Security

  • Row Level Security (RLS) on all database tables ensures users can only access their own data
  • Authentication via Supabase Auth with bcrypt password hashing
  • API rate limiting at 100 requests per minute
  • Webhook signature verification for all third-party integrations
  • Input validation and sanitization on all endpoints
  • No sensitive data stored in logs or AI prompts

Data Privacy

  • Fully compliant with CCPA and applicable privacy regulations
  • We never sell your data to third parties
  • PII handled per CCPA guidelines with strict access controls
  • Minimal data collection policy: we only store what is needed to run your transactions
  • Documents sent to OpenAI for extraction only, never used for model training

Communication Security

  • SMS powered by Twilio with registered phone numbers and TCPA compliance
  • Email via SendGrid with CAN-SPAM compliance and SPF/DKIM/DMARC authentication
  • Opt-out mechanisms provided for all automated communications
  • No outreach during legally prohibited hours

Compliance

  • 3-year document retention per real estate regulations
  • Full audit trail for all AI actions and transaction modifications
  • DRE license verification for agents and brokerages
  • SOC 2 readiness program in progress

Responsible AI

  • AI responses flagged for human review when confidence is low
  • Risky content such as legal advice or contract changes requires agent approval before sending
  • All AI interactions logged with full audit trail
  • Human-in-the-loop safeguards for sensitive operations

Report a Vulnerability

Found a security issue? We take every report seriously. Please reach out to our security team and we will respond within 24 hours.

support@turbobroker.ai