Security for Australian real estate agency data
EstateOS is built on BridgeOS platform invariants — tenant isolation, encryption, audit logging, and privacy workflows designed for regulated industries. We apply the same bar to agency contact, listing, and tenancy data.
The pillars
How we keep agency data safe
Tenant isolation by agency_id
Every domain table has agency_id UUID NOT NULL. Postgres row-level security enforces isolation at the database layer. The application layer re-checks every query as defence-in-depth. Cross-agency data access is permitted only for explicitly-named SUPPORT_CONSULTANT procedures.
Australian data residency
Postgres, Redis, S3-equivalent storage all live in ap-southeast-2 (Sydney). The schema is multi-region ready for NZ / UK / SG expansion, but every byte of agency data in v1 lives in AU. AI provider region pinning is applied where available — Anthropic and OpenAI AU / APAC endpoints.
Encryption at rest and in transit
AES-256 encryption at rest for every data store. TLS 1.3 in transit. Column-level AES-256 encryption for DV-suppressed fields and equivalent safety-sensitive data. Encryption keys managed via cloud KMS with rotation policy.
Address suppression for safety-sensitive contacts
Contacts flagged with address_suppression = true have address and property details redacted in all AI outputs, exported reports, bulk emails, and external portal payloads. Role-gated reveal with an audit event written on every read — the same pattern we use for other safety-sensitive contact data on the BridgeOS platform.
DSAR fulfilment workflow
Identity verification, 30-day statutory clock, automated extraction across every entity, manual review queue for third-party PII redaction, legal-hold flag, principal or privacy-officer approval before release. Required for Privacy Act 1988 compliance. Not a one-time CSV export.
Audit log per AI invocation
Every AI call writes to ai_usage_log: agency_id, prompt_name, prompt_version, model, tokens, cost, feature, reviewer, before / after content. The audit log is queryable for DSAR fulfilment, ACCC content-accuracy inquiry, and internal security review.
AU compliance roadmap
OAIC consent tracking, ACCC content-accuracy posture, Privacy Act 1988 + December 2026 automated-decision transparency obligations, Disability Discrimination Act compliance via WCAG 2.2 AA, state-specific tenancy and bond rules. Where we have not yet certified, we say so on this page.
What we have not yet completed
We are pre-design-partner. We have not yet completed SOC 2, ISO 27001, or a third-party penetration test. Those are on the roadmap before the first non-design-partner customer signs. Design partners receive our internal threat model and the audit log specification on request.
If you are evaluating EstateOS and have a security questionnaire, send it — we will respond personally.
FAQ
Security questions for procurement and principals
Data residency, isolation, encryption, and honest certification status.
- Where is EstateOS data stored?
- v1 agency data is designed for Australian residency in ap-southeast-2 (Sydney). AI provider region pinning is used where available; fallback regions are disclosed in the privacy policy when required.
- How does EstateOS isolate one agency from another?
- Every domain table is scoped by agency_id. Row-level security in Postgres and application-layer filters both enforce the boundary — cross-agency access is limited to explicitly defined support procedures.
- How do you handle Privacy Act access requests (DSARs)?
- EstateOS provides a DSAR workflow: verification, a 30-day statutory clock, automated extraction across entities, a queue to redact third-party personal information, legal-hold support, and approval before release.
- What encryption does EstateOS use?
- AES-256 at rest for data stores, TLS 1.3 in transit, and additional column-level encryption for safety-sensitive fields such as address-suppressed contacts.
- Is EstateOS SOC 2 or ISO 27001 certified?
- Not yet. We are pre-design-partner and list SOC 2, ISO 27001, and independent penetration testing on the roadmap before general availability. Design partners can request our threat model and audit-log specification.
- Does using EstateOS make our agency compliant with the Privacy Act?
- No. EstateOS provides technical controls and workflows that support compliance efforts; your agency remains accountable for its privacy program, notices, and use of personal information.