PropPack AI - AI Powered Property Solutions
Log InGet Started
PropPack AI - AI Powered Property Solutions
Log InGet Started
Home/Legal/Security

Your Data Security is Our Priority

PropPack.ai employs enterprise-grade security measures to protect your property data, personal information, and financial transactions at every level.

We understand that property transactions involve sensitive personal and financial information. Our multi-layered security approach ensures that your data is protected with the same standards used by financial institutions and government agencies.

Data Encryption

Military-grade encryption for all your data

TLS 1.3 Encryption

All data transmitted between your browser and our servers is encrypted using the latest TLS 1.3 protocol, preventing interception and eavesdropping.

Active

AES-256 Encryption at Rest

All stored data, including property documents and personal information, is encrypted using AES-256, the same standard used by banks and governments.

Active

End-to-End Encryption

Sensitive documents shared between parties are end-to-end encrypted, ensuring only authorized recipients can access them.

Active

Infrastructure Security

Enterprise-grade hosting and redundancy

SOC 2 Compliant Hosting

Hosted on AWS/Azure infrastructure with SOC 2 Type II certification for security and availability.

Encrypted Backups

Daily automated backups with AES-256 encryption, stored in geographically distributed locations.

99.9% Uptime SLA

Guaranteed service availability with redundant systems and automatic failover.

DDoS Protection

Advanced DDoS mitigation to protect against distributed denial-of-service attacks.

Access Controls

Strict authentication and authorization

Multi-Factor Authentication (MFA)

Optional MFA for all accounts, required for admin and professional accounts. Supports authenticator apps and SMS verification.

  • Time-based one-time passwords (TOTP)
  • SMS verification codes
  • Backup recovery codes

Role-Based Access Control (RBAC)

Granular permissions ensure users only access data relevant to their role (seller, buyer, agent, solicitor).

  • Principle of least privilege
  • Audit logs for all access
  • Automatic session expiration

Single Sign-On (SSO)

Enterprise SSO support for organizations using SAML 2.0 or OAuth 2.0 identity providers.

  • SAML 2.0 integration
  • OAuth 2.0 support
  • Azure AD, Okta, Google Workspace

Session Management

Secure session handling with automatic logout after inactivity and device tracking.

  • 30-minute inactivity timeout
  • Device fingerprinting
  • Remote session termination

Payment Security

PCI DSS compliant payment processing

PCI DSS Level 1 Compliance

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. PropPack.ai never stores or processes credit card information directly.

  • No card data stored on our servers
  • Tokenization of payment methods
  • 3D Secure authentication
  • Fraud detection and prevention

Secure Payment Flow

  1. 1Payment details entered directly into Stripe's secure form
  2. 2Card data encrypted and sent directly to Stripe
  3. 3Stripe returns a secure token to PropPack.ai
  4. 4Transaction processed using token (no card data exposed)

API Security

Secure integrations and data exchange

API Authentication

All API requests require authentication using secure API keys or OAuth 2.0 tokens with expiration.

Rate Limiting

Automatic rate limiting prevents abuse and ensures fair resource allocation across all users.

Webhook Verification

All webhook payloads are cryptographically signed to verify authenticity and prevent tampering.

Monitoring & Incident Response

24/7 security monitoring and rapid response

24/7 Security Monitoring

Continuous monitoring of all systems for suspicious activity, unauthorized access attempts, and security anomalies.

  • Real-time threat detection
  • Automated alerting system
  • Security operations center (SOC)

Intrusion Detection

Advanced intrusion detection systems (IDS) identify and block malicious activity before it can cause harm.

  • Network intrusion detection
  • Host-based intrusion prevention
  • Behavioral analysis

Incident Response Plan

Documented incident response procedures ensure rapid containment and resolution of security incidents.

  • Incident classification and prioritization
  • Containment and eradication procedures
  • Post-incident analysis and reporting

Regular Penetration Testing

Quarterly penetration testing by independent security firms to identify and remediate vulnerabilities.

  • External penetration testing
  • Internal security assessments
  • Vulnerability remediation tracking

Compliance & Audits

Regular audits and certifications

Annual Security Audits

Comprehensive annual security audits by independent third-party firms to validate our security posture.

Vulnerability Scanning

Continuous automated vulnerability scanning of all systems and applications with immediate remediation.

Third-Party Assessments

Regular security assessments by independent experts to ensure compliance with industry standards.

Data Privacy

GDPR-compliant data handling

GDPR Compliance

Full compliance with UK GDPR for data protection and user privacy rights.

Data Minimization

We collect only the data necessary to provide our services, nothing more.

Right to Deletion

Users can request deletion of their data at any time, subject to legal retention requirements.

Data Portability

Export your data in machine-readable formats for transfer to other services.

Security Certifications

ISO 27001

Information Security Management

Aligned

SOC 2 Type II

Security & Availability

Certified

PCI DSS Level 1

Payment Card Security

Compliant

Cyber Essentials

UK Government Scheme

Certified

Report a Security Issue

If you discover a security vulnerability or have concerns about our security practices, please report it immediately to our security team.

Report Security Issue

Email: security@proppack.ai | We respond to all security reports within 24 hours.