Security at PropAPIS

Last updated: July 29, 2025

At PropAPIS, the security of your data is a top priority. We maintain rigorous technical and organizational safeguards to ensure the confidentiality, integrity, and availability of our real estate data parsing platform and user information.

1. Infrastructure and Hosting

Our platform is hosted on modern, industry-standard cloud infrastructure providers (e.g., AWS, Vercel, or equivalent), offering:

Data encryption at rest and in transit (TLS 1.2+)
Regular security patches and OS updates
Geo-redundant backups and fault-tolerant architecture
Role-based access controls for internal systems

2. Application Security

We implement the following practices across our development lifecycle:

Secure coding standards based on OWASP guidelines
Automated dependency scanning for vulnerabilities
Code review and CI/CD pipelines with security gates
Input validation and rate limiting to mitigate injection, scraping abuse, and DoS vectors
Anti-detection measures for real estate data parsing while maintaining ethical compliance

3. Authentication and Access

Account access is protected by secure password hashing (bcrypt).
We support 2-Factor Authentication (2FA) for client accounts.
All administrative access is restricted via VPN and MFA.
Principle of least privilege is enforced across all internal roles.
API access is secured with token-based authentication and rate limiting.

4. Data Isolation and Client Segregation

PropAPIS uses logical data segregation mechanisms to prevent cross-access between clients. Each customer's access to real estate data parsing services is controlled and audited.

5. Monitoring and Incident Response

Real-time monitoring and logging are implemented across infrastructure.
Alerts are configured for abnormal behavior, rate anomalies, and unauthorized access attempts.
We maintain a structured incident response plan, including escalation procedures and client notification policies.
Specialized monitoring for real estate data parsing activities and platform health.

6. Data Protection and Retention

We follow the principles of data minimization and purpose limitation. Personal information is collected only as needed for service delivery and is:

Encrypted at rest and during transmission
Regularly reviewed and deleted when no longer necessary
Subject to strict access controls and audit trails
Anonymized during real estate data processing where possible

7. Vendor and Third-Party Risk

We evaluate all subprocessors and third-party tools for compliance with industry security standards. All third parties handling client data are required to:

Sign Data Processing Agreements (DPAs) where applicable
Provide assurances of data security and confidentiality
Undergo periodic review for risk assessment

8. Responsible Disclosure

If you believe you've discovered a security vulnerability in our platform, we encourage you to report it responsibly by contacting:

Email: security@propapis.com

We will acknowledge and investigate all valid reports.

9. Limitations and Shared Responsibility

While PropAPIS employs strong security controls, no system is immune to risk. We expect our clients to:

Use strong, unique passwords and enable 2FA
Keep API keys confidential
Avoid exposing or mishandling data retrieved from PropAPIS
Comply with real estate platform terms of service when using our data parsing services

PropAPIS shall not be liable for breaches resulting from client-side misconfigurations, credential leaks, or insecure downstream integrations.

10. Compliance Alignment

While PropAPIS is not formally certified under SOC 2 or ISO 27001, our practices are inspired by their frameworks and designed to meet the security expectations of modern enterprise clients.

We are committed to transparency, security maturity, and continuous improvement in our real estate data parsing services.