Security

How DocJacket protects your transaction data with enterprise-grade security practices, encryption, and compliance standards.

How DocJacket Keeps Your Data Secure

DocJacket is an AI-powered transaction coordination platform that processes sensitive real estate data, contracts, and communications. Given the critical nature of this information, security is at the foundation of our engineering and data science practices. Our team and technology infrastructure are held to the highest standards of information security, code quality, and scalability.

DocJacket maintains strict internal policies that prevent any unauthorized access to user data or accounts. As we integrate with email platforms and document systems, we continuously meet and exceed industry standards of security and privacy through rigorous internal audits and security reviews.

How DocJacket Enhances Transaction Security

DocJacket uses advanced AI algorithms to organize transaction communications and documents by property and deal context. Our AI determines relationships between emails, contracts, and documents, grouping them with transaction identifiers to create intelligent transaction folders. This contextual organization enables several enhanced security features:

Real estate wire fraud is a $1.3 billion annual problem. DocJacket provides specialized protection by understanding the context of real estate transactions and detecting potentially fraudulent wire instruction changes, unusual communication patterns, and compromised email accounts within transaction workflows.

Our AI recognizes legitimate transaction participants and applies real estate business logic to flag suspicious requests for wire transfers, personal information, or last-minute document changes that are common in fraud attempts.

Multi-Tenant Data Isolation

DocJacket ensures complete data separation between different brokerages and agents. Each transaction exists in its own secure environment with row-level security controls, ensuring agents can only access their assigned properties and client information.

Compliance & Document Retention

By organizing all transaction communications and documents into structured folders, DocJacket creates comprehensive audit trails for compliance with real estate regulations including RESPA, state licensing requirements, and MLS data protection standards. All document modifications and access patterns are logged for regulatory review.

Secure Document Processing

Our AI processes contracts and documents using secure, encrypted pipelines with immutable storage for legal documents. All document analysis occurs within our protected infrastructure, and we maintain strict data isolation between different customer transactions and brokerages.

Enterprise Security Architecture

DocJacket implements defense-in-depth security using enterprise-grade cloud infrastructure with multiple layers of protection:

Zero-Access Policy

DocJacket employees have zero access to customer transaction data, emails, or documents. Even for customer support purposes, we request customers manually share specific information rather than accessing their data directly.

AI-Powered Threat Detection

Microsoft Defender for Cloud provides 24/7 threat detection using the MITRE ATT&CK framework, identifying everything from vulnerability scanning attempts to cryptocurrency mining and SQL injection attacks.

Immutable Document Storage

Critical documents like purchase agreements and contracts are stored with Write Once, Read Many (WORM) policies, ensuring they cannot be modified or deleted, meeting SEC 17a-4(f) and FINRA compliance requirements.

PCI DSS Compliance

Our platform maintains PCI DSS Level 1 compliance for secure processing of rental payments and security deposits, with tokenization to avoid storing sensitive payment information.

Data Protection & Privacy Policy

DocJacket delivers value by organizing transaction communications and documents into structured, AI-enhanced workflows. This requires processing significant amounts of sensitive customer data, which we are committed to keeping private and secure.

Our Data Commitments:

  • We do not sell, transfer, or make public any customer transaction data
  • Data is only transferred in change-of-control events (e.g., acquisition)
  • All AI processing occurs within our secure, encrypted infrastructure
  • Customer data is logically isolated with row-level security and encrypted at rest and in transit
  • We comply with GDPR, CCPA, RESPA, and other applicable privacy regulations
  • MLS data is protected according to local board requirements and access restrictions

For integration with email platforms like Gmail and Outlook, DocJacket's use of information received from APIs adheres to respective platform data policies and limited use requirements.

Infrastructure Security

DocJacket is built on enterprise-grade cloud infrastructure that provides multiple layers of security through industry-leading providers with extensive compliance certifications:

Microsoft Azure Security

Our backend services run on Microsoft Azure, leveraging their enterprise-grade security infrastructure with comprehensive threat protection.

  • Azure App Service: Platform-level security with automatic updates, encrypted communications, and app isolation
  • Azure SQL Database: Advanced threat protection with Always Encrypted and Transparent Data Encryption
  • Azure Blob Storage: AES-256 encryption with immutable storage policies for legal documents
  • Azure Key Vault: Secure secret management with automatic rotation capabilities

Enterprise-Grade Database Reliability

  • Automatic Daily Backups: Your transaction data is backed up automatically every day with 35-day retention
  • 99.9% Uptime Guarantee: Microsoft-backed SLA ensures your deals are accessible 24/7
  • Point-in-Time Recovery: Complete data protection - we can restore any information to any minute in the past month
  • Geographic Redundancy: Your data exists in multiple Azure regions for disaster recovery protection
  • Instant Failover: Automatic switching to backup systems if any issues occur - your business never stops

Your transaction data is safer with DocJacket than on your own computer or local servers.

Compliance Certifications: SOC 2 Type II, ISO 27001, PCI DSS Level 1, HIPAA, FedRAMP, and 90+ other certifications. View the complete list at Azure Compliance Offerings.

Vercel Platform Security

Our frontend applications are hosted on Vercel, providing edge-based security with global DDoS protection and Web Application Firewall.

  • Multi-layered Firewall: OWASP Top 10 protection with managed rulesets across 18 global regions
  • Automatic SSL/TLS: Free wildcard certificates with TLS 1.3 support and automatic renewal
  • Bot Protection: Advanced bot management without requiring CAPTCHAs for users
  • Secure Compute: Private network isolation with dedicated IP addresses for enterprise deployments

Compliance Certifications: SOC 2 Type 2, ISO 27001:2022, GDPR, PCI DSS, with HIPAA Business Associate Agreements available. Review details at Vercel Security & Compliance.

Next.js Application Security

Our applications are built with Next.js security best practices, providing built-in protection against common web vulnerabilities.

  • XSS Protection: Automatic string escaping and secure Server Component architecture
  • CSRF Protection: Built-in protection for Server Actions with Origin/Host header validation
  • Content Security Policy: Comprehensive CSP implementation with nonce-based security
  • Secure Authentication: Integration with enterprise identity providers and multi-factor authentication

Encryption & Data Protection

All data transmission and storage uses industry-standard encryption with customer-managed key options:

  • Data in Transit: TLS 1.3 encryption for all communications with automatic certificate management
  • Data at Rest: AES-256 encryption with customer-managed keys through Azure Key Vault
  • Database Security: Transparent Data Encryption (TDE) and Always Encrypted for sensitive fields
  • Document Storage: Immutable storage policies for contracts and legal documents

Access Controls & Authentication

  • Multi-Factor Authentication: Required for all administrative access with conditional access policies
  • Role-Based Access Control: Principle of least privilege with automated access reviews
  • Managed Identities: Azure managed identities eliminate the need for secrets in service-to-service authentication
  • Row-Level Security: Database-level isolation ensuring agents only access assigned transactions

Real Estate-Specific Security Features

DocJacket implements specialized security measures designed for the unique risks in real estate transactions:

Wire Fraud Prevention

Advanced detection of wire instruction changes, monitoring for suspicious timing and sender patterns that are common in real estate wire fraud schemes targeting closing transactions.

MLS Data Protection

Compliance with local MLS board requirements including access restrictions, data retention policies, and authorized use monitoring to protect proprietary listing information.

Commission Data Security

Encrypted storage and processing of sensitive commission information with role-based access ensuring only authorized brokers and agents can view financial details.

Client Privacy Protection

Dynamic data masking for personally identifiable information, ensuring support staff and unauthorized users cannot view sensitive client details like SSNs or financial information.

Incident Response & Vulnerability Management

DocJacket maintains a comprehensive security program with 24/7 monitoring and rapid response capabilities:

Continuous Monitoring

Our security team leverages Microsoft Defender for Cloud and Vercel's security monitoring to detect threats in real-time. All security events are logged with automated alerting for suspicious activities.

Vulnerability Assessment

Regular security assessments include automated vulnerability scanning through Azure Security Center, third-party penetration testing, and code security reviews. All findings are tracked with documented remediation timelines.

Responsible Disclosure

We welcome security researchers to report potential vulnerabilities through our responsible disclosure program. Security reports can be submitted to:

security@docjacket.com

Compliance & Certifications

DocJacket meets industry compliance standards relevant to real estate and financial services through our cloud infrastructure partners and internal security practices:

SOC 2 Type II

Security, availability, and confidentiality controls verified by independent auditors

PCI DSS Level 1

Payment card industry compliance for secure processing of rental payments and deposits

GDPR & CCPA

Data protection compliance with automated consent management and data subject rights

ISO 27001

International information security management system certification

RESPA Compliance

Real Estate Settlement Procedures Act compliance for transaction documentation

State Licensing

Compliance with state real estate commission data protection and retention requirements

Security Documentation & Resources

For detailed information about our security practices and those of our infrastructure partners:

Microsoft Azure Security

Vercel Security

Contact Our Security Team

For security-related questions, vulnerability reports, or compliance inquiries, please contact our security team:

Security Reports

security@docjacket.com

For vulnerability disclosures and security concerns

Compliance Inquiries

compliance@docjacket.com

For compliance documentation and audit requests

Last updated: August 3, 2025