Fortified by
Design.
CloudCoord protects your real estate data with database-level isolation, encrypted storage, and a purpose-built document security pipeline. We tell you exactly what we do — no more, no less.
Encryption
AES-256 at Rest, TLS 1.2+ In Transit
Data Isolation
Row-Level Security, Per-User Enforcement
Document Security
5-Layer Pipeline, Injection Defense
Trusted Providers
Supabase SOC 2, Vercel SOC 2, Anthropic API
Security Details
Encryption at Rest & In Transit
All data transmitted to and from CloudCoord is encrypted using TLS 1.2+. Data stored in our database is encrypted at rest using AES-256. This includes all documents, transaction records, contact information, and communications.
Data Isolation — Row-Level Security
CloudCoord uses Supabase with Row-Level Security (RLS) enforced at the database layer. This means the database itself enforces that you can only access your own transactions and documents — even a bug in our application code cannot expose another agent's data to you.
Every database query is scoped to the authenticated user's ID. RLS policies are active on all tables containing user data, providing logical isolation at the data layer for every user and team.
Document Security Pipeline
CloudCoord implements a five-layer security pipeline for all uploaded documents:
- Input sanitization to strip hidden text and embedded scripts
- Injection pattern detection to prevent prompt manipulation
- Privileged instruction boundaries during AI processing
- Output schema validation to ensure structured, predictable results
- Rate limiting (20 requests per hour per user) with all security events logged for review
AI and Your Data
CloudCoord uses the Anthropic Claude API to process documents and generate communications. Anthropic does not use API-submitted data to train their models. Your documents are processed transiently and are not retained by Anthropic after processing.
Document Handling
Uploaded documents are stored in an isolated, private storage bucket. Documents are never publicly accessible. Access requires an authenticated session tied to the owning agent's account.
Authentication
User sessions are managed through Supabase Auth with secure, short-lived tokens. Password reset links expire within 30 minutes and are single-use. We support Google OAuth for agents who prefer to sign in with their Google account.
Gmail Integration
When you connect your Gmail account, CloudCoord requests read-only access to your inbox to identify and process transaction-related emails. CloudCoord also creates email drafts in your Gmail account for your review before sending. We do not read, store, or process emails unrelated to your active transactions. We never send email from your personal Gmail account — all outbound email sent by CloudCoord automatically is delivered through CloudCoord's own verified sending domain.
Infrastructure
CloudCoord is hosted on Vercel (application layer) and Supabase (database and storage). Both providers maintain SOC 2 Type II compliance for their infrastructure. CloudCoord benefits from the security controls of these providers but does not independently hold SOC 2 or ISO 27001 certifications. User data is logically isolated via row-level security policies at the database layer.
Responsible Disclosure
If you discover a security vulnerability, contact us at security@cloudcoordinator.io. We take all reports seriously and respond within 24 hours.
Enterprise Inquiries
For brokerages with formal security requirements, we're happy to discuss your specific needs. Contact us to schedule a security review call.
Ready to secure your portfolio?
Join real estate teams who trust CloudCoord with their most sensitive transaction data.
Get Started