Security at AutoTC™

Real estate transactions involve sensitive personal and financial data. We built AutoTC™ with security at every layer so you can trust us with your most important deals.

Infrastructure Security

  • Hosted on enterprise-grade cloud infrastructure with a global edge network
  • Managed PostgreSQL database with encryption at rest
  • All data encrypted in transit
  • All data encrypted at rest
  • Automatic backups and disaster recovery

Application Security

  • Row Level Security (RLS) on all database tables ensures users can only access their own transaction data, documents, and communications
  • Authentication with secure, industry-standard password hashing
  • API rate limiting on all endpoints
  • Webhook signature verification for all third-party integrations
  • Input validation and sanitization on all endpoints
  • No sensitive data stored in logs or AI prompts

Data Privacy

  • Fully compliant with CCPA and applicable privacy regulations
  • We never sell your data to third parties
  • PII handled per CCPA guidelines with strict access controls
  • Minimal data collection policy: we only store what is needed to run your transactions
  • Documents are processed by our AI provider for extraction only and are never used to train AI models
  • Document content, client data, and transaction details are strictly isolated to your account. De-identified, non-personal metadata may be used internally to improve service accuracy, but never contains personal information or document content.

Communication Security

  • SMS sent from registered phone numbers with TCPA compliance
  • Email sent with CAN-SPAM compliance and standard email authentication
  • Opt-out mechanisms provided for all automated communications
  • No outreach during legally prohibited hours

Compliance

  • Document retention exceeds all 50-state requirements (3-8 years by state, IRS 7 years)
  • Full audit trail for all AI actions and transaction modifications
  • Real estate license verification for agents and brokerages across all 50 states and DC
  • TCPA and CAN-SPAM compliant SMS and email workflows (opt-in records, STOP/HELP keyword handling, quiet-hours enforcement)

Responsible AI

  • AI responses flagged for human review when confidence is low
  • Risky content such as legal advice or contract changes requires agent approval before sending
  • All AI interactions logged with full audit trail
  • Human-in-the-loop safeguards for sensitive operations

Report a Vulnerability

Found a security issue? We take every report seriously. Please reach out to our security team and we will respond within 24 hours.

support@autotc.ai