Security
Defensible by design.
Not a paragraph in the footer.
Appraisals carry legal weight. Your MLS access is licensed to you. Your workfile is evidence. We built ValueSwell around those responsibilities from the first commit.
Encrypted in transit & at rest
TLS 1.3 everywhere. All data at rest is AES-256 encrypted. Secrets are sealed in a HSM-backed vault — no engineer can read them in plaintext.
Per-user audit trail
Every agent action is attributed to an authenticated user, with timestamps, source citations, and SHA-256 content hashes. You can export the trail at any time.
Your MLS credentials, your control
We store MLS credentials encrypted with per-user keys, never share them between tenants, and support per-session revocation. Reads only — agents cannot post or modify.
US-hosted infrastructure
Hosted on major US cloud providers in SOC 2 Type II facilities. Data residency is US-only unless otherwise contracted.
Role-based access
Granular roles for appraisers, reviewers, admins, and auditors. SSO + SAML for enterprise. Mandatory MFA on admin accounts.
Backup + retention
Workfiles retained for 7 years per USPAP. Hourly point-in-time backups. Exportable ZIP archives on request — yours to keep.
Compliance
Frameworks & certifications
How we operate
- No training on your data — agent models use published guidelines, not customer uploads
- Penetration testing by independent third party, annually
- Vulnerability disclosure program + security@valueswell.com
- Incident response runbooks with contracted SLAs
- Background checks on all engineers with production access
- Isolated environments for dev / staging / production
Security contact
Report a vulnerability
Responsible-disclosure program — we reply within one business day and credit researchers.
security@valueswell.comProcurement
Need our security pack?
SOC 2 bridge letter, pen-test summary, and DPA are available under NDA for enterprise procurement teams.
Request the pack