Sort Residential takes security seriously. We follow industry best practices to keep resident data safe, private, and secure.
All data in transit is encrypted with TLS 1.3. Messages and personal data are encrypted at rest using AES-256.
PostgreSQL row-level security policies ensure residents can only access data within their own community — never another building's data.
All property manager and admin portals require MFA. Staff accounts use Google OAuth plus a time-based PIN for every login.
Our security policies, incident response plans, vendor assessments, and data classification follow the SOC 2 Trust Service Criteria framework.
Real-time error detection with automated diagnosis. Dependabot scans dependencies for vulnerabilities. Critical errors trigger immediate alerts.
API keys, service credentials, and access tokens are rotated quarterly. All rotations are logged and tracked for compliance.
Sort Residential collects only the data necessary to provide community features. We do not sell resident data to third parties, run advertising algorithms, or share personal information outside of your property community.
Sort is hosted on Supabase, built on AWS infrastructure with SOC 2 Type II certification. Our database uses PostgreSQL with row-level security, and all API traffic passes through Supabase's edge network with rate limiting and DDoS protection.
Access to production systems is strictly controlled. All admin access requires MFA. Property managers receive scoped access limited to their own communities only.
Sort maintains a formal incident response plan. Critical security events are logged, triaged, and addressed within 24 hours. Affected users are notified in accordance with applicable data breach notification requirements.
To report a security vulnerability, email security@sortresidential.com. We aim to respond within 48 hours.
Our team is happy to answer questions about our security practices, data handling, or compliance posture.
Contact Security Team →