Security & privacy
Built private by default.
BuyerRooms hold sensitive things: financial documents, family decisions, the details of the largest purchase most people ever make. Here is concretely what we do to protect them: no vague assurances, no badges we haven’t earned.
What we actually do.
Tenant-isolated data
Each agent’s workspace is isolated at the database rule layer. One agent’s buyers, properties, and documents are never queryable from another agent’s account. Isolation is enforced by access rules, not by application code alone.
Documents private by default
Buyer documents are never publicly addressable. Access happens through short-lived signed links that expire automatically. There is no “anyone with the link” mode.
Every document access is logged
Each view and download of a document in the vault is written to an audit log: who, what, and when. Agents and buyers can see the trail for their own files.
Magic links you can revoke
Buyer invitations use long, random, single-purpose tokens, not predictable URLs. Agents can revoke a buyer’s link at any time, which immediately cuts off access to the room.
Export and deletion, self-serve
You can export your data and delete your account from settings without filing a ticket. Deletion removes your content from production systems; backup copies age out on a fixed schedule.
No AI training on your documents
AI features process your content to produce recaps and property cards. Nothing more. We do not use your documents, recordings, or buyer data to train AI models, and our processing agreements with AI providers reflect that.
Encrypted in transit and at rest
OfferReady runs on Google Cloud and Firebase infrastructure. Data is encrypted in transit (TLS) and at rest using the platform’s managed encryption.
What we don’t claim.
We don’t list compliance certifications we haven’t completed, and we won’t put a badge on this page before an independent auditor has signed off on it. What you read above is our actual posture today. As formal audits are completed, we’ll publish them here.
Found a vulnerability, or have a question about how we handle data? Email albert@arbicgroup.com. Security reports go to the top of the queue.
For the details of what we collect and how it’s used, read the Privacy Policy.