Trust & security

Security at every layer.

Real-estate data is sensitive — names, phone numbers, payment histories, project documents. We treat every byte like it's our own.

Encryption everywhere

TLS 1.3 in transit. AES-256-GCM at rest. Per-tenant keys for integration credentials.

Row-Level Security

Postgres RLS enforces tenant isolation at the database layer. Application bugs cannot leak data across tenants.

Role-based access

Super Admin → Admin → Manager → Sales Rep, with optional custom roles. Every API call is scoped.

Audit trails

Every mutation is logged with actor, timestamp, before/after diff. Exportable for compliance reviews.

Hardened infra

ISO-27001 certified data centers in India. WAF, DDoS protection and rate limiting on every endpoint.

Compliance ready

DPDP Act alignment, RERA-compliant data handling, DPA available on request.

Responsible disclosure.

Found a vulnerability? We appreciate your help. Email security@sconsett.com with details — please give us 90 days to remediate before public disclosure. We acknowledge every report within 48 hours and credit researchers in our hall of fame.

Out of scope
Social engineering, physical attacks, denial-of-service, and reports from automated scanners without a working PoC.

Need a DPA, SOC report, or security questionnaire?

We'll turn it around within 3 business days.

Talk to our team