Skip to main content
AdamationAIAdamationAI

Trust

Security

The controls that keep your data, your transactions, and your commissions safe.

Encryption everywhere

AES 256 at rest. TLS 1.3 in transit. Every row in every table is encrypted before it touches a disk.

Row level isolation

Database level row security enforces that no customer can read another customer’s data, ever. Not through the UI, not through the API, not through a misconfigured query.

Built on SOC 2 infrastructure

Supabase (SOC 2 Type II), Vercel (SOC 2 Type II, ISO 27001), Resend (SOC 2 Type II). We inherit their controls and add our own on top.

No data sharing

Your customer data is never sold, rented, traded, or used to train models. Full export is available from the platform at any time.

Audit logs

Every authentication event, permission change, and data export is logged. Broker administrators see full activity history for their organization.

Least privilege access

Employees access production only for support requests you initiate, and only with the minimum permissions required. All access is logged.

Compliance posture

  • Infrastructure: Hosted on SOC 2 Type II certified providers (Supabase, Vercel, Resend). Their audit reports are available under NDA.
  • SOC 2 for AdamationAI: Not yet pursued. Planned once we cross 25 brokerage customers.
  • GDPR: We follow EU data protection principles: lawful basis, data minimization, access and deletion rights, and named processors.
  • Data residency: All customer data is stored in US data centers.
  • HIPAA: Not applicable. Real estate transactions are not protected health information.

Operational practices

  • Automated daily backups with point in time recovery on the production database.
  • Error monitoring and alerting on every production deployment.
  • Dependency scanning and automated security patching.
  • Mandatory two factor authentication for every internal staff account.
  • Incident response: we commit to notifying affected customers within 72 hours of confirming a security incident that touches their data.

Your controls

  • Two factor authentication on every account.
  • Role based permissions: broker, team lead, agent, coordinator, viewer.
  • Full data export (CSV + JSON) from any account, no support ticket required.
  • Account deletion on request, with confirmation of irreversible data removal.

Report a security issue

If you believe you have found a vulnerability, email security@adamationai.com. We acknowledge within one business day and work with you on responsible disclosure. Coordinated disclosure is welcomed and appreciated.