How we keep your team's data safe.

Real estate teams trust us with phone numbers, pipeline data, and daily performance metrics. Here's how we protect all of it.

Infrastructure

• Database: Supabase (Postgres) with row-level security enforced on every table. Team data is strictly scoped — an agent on Team A cannot see anything from Team B, ever.
• Authentication: Supabase Auth with bcrypt password hashing + email verification. OAuth providers (Google, Apple) planned.
• Transport: every request is TLS 1.3, HSTS preloaded. No plaintext, ever.
• SMS: Telnyx, operating on a TCR-registered 10DLC campaign with carrier-approved throughput and deliverability.
• AI:Cosmo runs on Anthropic's Claude API. Anthropic does not train on your conversations.

Payment security

Payment is processed by Stripe, a PCI Level 1 and SOC 2 certified processor. We never see, store, or transmit your card details. Your card lives in Stripe's vault — we just trigger the monthly charge.

Access controls

• Team leaders only see their own team's data. Hard-enforced at the database level via RLS.
• Agents only see their own Cosmo thread and their own numbers.
• Rocket Team AI employees do not access your data unless you explicitly grant support access via a dashboard toggle.

Data retention & deletion

Active subscription: your data stays as long as you pay. Cancelled: all identifying data is permanently deleted 30 days after cancellation. You can request immediate deletion by emailing privacy@rocketteam.ai.

Incident disclosure

If we ever discover a security incident that affects your team data, we will notify you via email within 72 hours of discovery, with details on what happened and what we're doing about it.

Questions or concerns

Security issues: security@rocketteam.ai. We respond same day.