§ 04 / SECURITY
your data.
your control.
PlainComp is built from the ground up to protect the sensitive client data real estate professionals handle every day. Here is how.
01 / POSTURE
Nine pillars of operational security. Every customer data path is gated, logged, and reversible.
01
▮ENCRYPTION
- ·TLS 1.3 in transit
- ·AES-256 at rest via Supabase (AWS)
- ·End-to-end HTTPS — no exceptions
02
▮ACCESS CONTROL
- ·Row Level Security at the database
- ·Per-user data isolation
- ·No cross-tenant access
03
▮AUTHENTICATION
- ·Email + password with bcrypt
- ·Google OAuth single sign-on
- ·TOTP two-factor support
- ·Secure httpOnly session cookies
04
▮INFRASTRUCTURE
- ·Vercel edge network with global CDN
- ·Built-in DDoS protection
- ·Supabase on AWS with automatic failover
05
▮HEADERS
- ·Content Security Policy (CSP)
- ·X-Frame-Options DENY
- ·HSTS strict transport
- ·X-Content-Type-Options nosniff
06
▮API SECURITY
- ·Rate-limited endpoints
- ·Input sanitization
- ·API keys hashed via SHA-256
- ·Webhook signature verification
07
▮COMPLIANCE
- ·SOC 2 Type II in progress
- ·CCPA-ready
- ·No data sold or shared
08
▮DATA HANDLING
- ·Clear retention policies
- ·Right to deletion on request
- ·Data export available
09
▮DISCLOSURE
- ·security@plaincomp.com
- ·Responsible disclosure welcome
- ·Every report investigated
02 / DISCLOSURE
report it.
We take every inquiry seriously. Reach out to the security team and we will respond promptly.
▮ security@plaincomp.com