At a glance
Encryption everywhereTLS 1.2+ in transit; encryption at rest in storage, with app-layer encryption for the most sensitive identifiers.
Tenant isolationFirm-scoped tenant isolation on every API path — with database RLS as defense-in-depth on crown-jewel tables.
Role-aware accessAdmin, Sales, and Resolution scopes, with activity logging per seat.
SOC 2-aligned postureSecurity architecture and control documentation maintained for audit readiness — ask us for enterprise security review materials during rollout.
The data RESO holds
Account transcripts, Form 433 financials, identifiers, and the firm’s own work product all live on the case record. That is sensitive by definition, so the platform is built to firm-grade controls rather than consumer defaults.
How it’s protected
- Encryption in transit (TLS 1.2+) and at rest in storage, with app-layer encryption for sensitive identifiers
- Firm-scoped tenant isolation on every API path, with database RLS as defense-in-depth
- Role-aware access — Admin, Sales, and Resolution scopes per seat
- Activity logging across the case record, with practitioner attestation on deliverables
- Security architecture documentation available for enterprise rollout review
Practitioner judgment stays required
Client-facing outputs are not auto-sent. A practitioner reviews and attests to deliverables before they leave the firm — so the human accountable for the work is always in the loop, and the record shows it.
Enterprise rollout
For multi-seat firms, ask about enterprise rollout options — including SSO and firm playbook configuration — during onboarding.
Was this page helpful?