Real Estate CRM Pro is built to protect real estate CRM records, client documents, e-signature packets, reports, videos, and workflow data for small real estate teams.
Application Security
Production traffic is served over HTTPS. Secure cookies, optional authenticator app MFA, HSTS, CSRF protection, clickjacking protection, noindex controls for private CRM pages, and browser security headers are enabled. Customer media is not served through a public media directory; private uploads are checked by application-level access controls.
Data Protection
OAuth tokens and saved integration credentials are encrypted at rest with a dedicated field-encryption key. New team API keys are shown once and stored as hashes. Data exports exclude passwords, OAuth tokens, and raw API keys.
Documents and Signatures
Signature documents are team-scoped. Signer links use unique tokens, optional access codes, audit events, signed PDF hashes, and document seals. Sensitive document views and downloads are logged for audit review.
Uploads
Uploads are restricted by type and size. Production upload malware scanning is enabled and required for supported upload paths.
Backups and Monitoring
Production database and media backups are maintained on a scheduled basis. Application health checks, Sentry error monitoring, and server-health snapshots are used to detect reliability and security issues.
Support Access
Support-console access is limited to authorized staff accounts, and support-console views and sensitive support actions are logged. Customers can request data exports and deletion review from the Data & Privacy settings page.
Responsible Disclosure
If you believe you found a security issue, email support@realestatecrmpro.com with a concise description, steps to reproduce, and any relevant URLs or screenshots. Please do not access, modify, or download data that is not yours.