Security
We take security seriously. Here's how we protect your data. For implementation and billing questions, see our FAQ for Buyers.
Encryption
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted using industry-standard AES encryption. API keys and integration credentials (JobNimbus, storm providers) are encrypted before storage and never stored in plain text.
Infrastructure
We host on Vercel and Supabase, both SOC 2 compliant providers. Access to production systems is restricted and audited. We use Row Level Security (RLS) in our database so users can only access their own data.
Authentication
We use Supabase Auth with secure session management. Passwords are hashed and never stored in plain text. Webhooks (Stripe, JobNimbus) validate signatures before processing. Cron jobs require a secret token.
Third-Party Security
We integrate with Stripe (payments), JobNimbus (CRM), CoreLogic (property data), and Google APIs. We only request the minimum permissions needed and never store credentials beyond what is required for the integration to function.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly to security@stormclose.com. We will acknowledge and address reports promptly.