Escrow data is sensitive. We take security seriously — from encryption to access controls to compliance.
TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Encrypted database connections
Secure file storage on Firebase/Google Cloud
Firebase Authentication with email + Google OAuth
API key authentication for integrations
Webhook signature verification (Twilio, Stripe, eSign)
Session management with secure tokens
Hosted on Vercel (SOC 2 Type II compliant)
Database on Google Firebase (SOC 2, ISO 27001)
Payments via Stripe (PCI DSS Level 1)
Global CDN with DDoS protection
Role-based permissions
Audit trail for all document actions
Client portal with token-based access (no sensitive data exposed)
API keys scoped per integration
AI classification via Anthropic (SOC 2 compliant)
Documents are NOT used to train AI models
Processed in-memory — not stored by AI provider
Full data ownership retained by customer
CCPA compliant (California Consumer Privacy Act)
TCPA compliant SMS messaging
Data deletion on account termination
Regular security reviews and updates
If you discover a security vulnerability, please report it responsibly. Contact us at security@escrowpilot.ai and we will respond within 24 hours. Please do not publicly disclose vulnerabilities before we have had a chance to address them.
Questions about our security practices? Contact security@escrowpilot.ai