PropVault
Security

How PropVault protects your Vault

PropVault is designed so property records remain private, controlled, and tamper-evident.

This page outlines the approach at a high level. For deeper diligence or procurement reviews, contact us.

Overview

PropVault runs on managed infrastructure with:

  • Encryption in transit (TLS) for all web and API traffic
  • Encryption at rest for application data and stored files

Access is enforced at the database level using row-level security, so each request can only access data the authenticated user is permitted to see. File storage is private by default.

Security is treated as an ongoing discipline:

  • Data collection is minimized
  • Access to production systems is restricted
  • Sensitive workflows (e.g. identity verification, e-signatures) rely on established providers

Data protection

Vault documents are stored in private object storage, organized per property.

  • Files are not publicly accessible
  • Access is mediated through application logic
  • Permissions reflect Vault ownership and sharing rules

Data is used strictly to operate the product. Personal information is not sold.

See our Privacy Policy for collection, use, and retention.

Access and identity

Authentication is handled through a trusted provider using industry-standard session and token management.

All Vault actions are enforced server-side:

  • Users must be authenticated
  • Ownership or access rights are verified before any operation

For transaction workflows:

  • Buyers can complete identity verification
  • NDAs can be executed before accessing sensitive materials

This ensures access is both controlled and auditable.

Integrations

Where appropriate, PropVault integrates with specialized providers (e.g. identity verification, e-signatures).

  • Only necessary data is shared per workflow
  • Vendors operate under their own security frameworks
  • Incoming events (e.g. webhooks) are verified using signatures or shared secrets

Integrity and ledger

PropVault uses an append-only, tamper-evident ledger model:

  • Records are not overwritten
  • New entries are appended to preserve history
  • Each file is fingerprinted (e.g. cryptographic hash)

Storage objects are treated as immutable once written, aligning the file layer with the ledger model.

This ensures:

  • Historical integrity
  • Detectability of changes
  • Consistency between files and recorded metadata

For verification and scoring, see Audit methodology and PropVault Score.

Payments

Payments are handled by a PCI-compliant processor.

  • Card details are not stored on PropVault servers
  • Payment data is tokenized and securely vaulted by the provider

Reporting issues

If you identify a potential security vulnerability, email support@propvault.homes.

Please include:

  • Description of the issue
  • Steps to reproduce

Reports are taken seriously; responsible disclosure is coordinated with the reporter.

Questions

For security questionnaires, architecture reviews, or custom terms, contact us and the request will be routed appropriately.

Contact us