Trust & Security Center

Your data.
Your contacts.
Your call.

This page explains exactly how your information is protected, who owns it, and what we've committed to — in plain language, not legal disclaimers.

Agent-owned data Export anytime SOC 2 in progress Stripe payments
Why this matters

You've seen what happens
when agents don't own their data

In September 2025, LionDesk was acquired and shut down. 165,000 real estate agents lost their contact history overnight — no refunds, no migration path, no recovery. Earlier, Follow Up Boss was acquired by Zillow, raising real concerns about whether agent data was being seen by a direct competitor.

These weren't edge cases. They're the predictable result of a market where agents store their most valuable professional asset — their relationships — in tools they don't actually own.

What happened to others

LionDesk: 165,000 agents lost everything in 2025. Follow Up Boss acquired by Zillow — your client data in the hands of a company that sells homes to your clients.

What we commit to

You own every contact. We are independently operated. Your data is exportable at any time from your account settings — no support ticket required.

Data Ownership

Every contact belongs
to you — full stop

Your contacts, notes, deal records, and interaction history are yours. We are a tool. We don't treat your data as an asset we own.

  • We do not sell your data to any third party
  • We do not share your contacts with your brokerage
  • We do not use your client information for marketing
  • We do not claim ownership over anything you enter
  • We do not restrict your data when you cancel
  • Export all contacts as CSV anytime — from Settings, one click, no wait
  • If you cancel, data stays exportable for 30 days before deletion
  • No acquirer or brokerage can access your data without your action
  • No support ticket required to export — it's a self-serve button

The Data Export Promise

Your contacts, notes, deal timelines, and interaction history are available as a CSV at any time. From your account settings. One click. No ticket. This is a commitment, not a buried setting.

Settings → Export Data → Download CSV — available from day one
Security Practices

Modern security.
No shortcuts.

Sphere Tracker is built on production-grade infrastructure. Here's exactly what that means for the safety of your data.

🔒

Encryption everywhere

Data encrypted at rest and in transit via TLS. Your information is never transmitted in plain text.

🔑

Secure authentication

Powered by Clerk. Token-based sessions with short expiry. Password resets are single-use and expire in 1 hour.

💳

Stripe handles payments

We never touch your card data. Stripe is PCI DSS Level 1 certified. We are fully outside PCI scope.

🚧

Rate limiting on login

Authentication endpoints limited to 10 requests/minute per IP, blocking brute-force attempts.

👁

Live error monitoring

Continuous monitoring via Sentry. Unusual activity triggers immediate alerts to our team.

Infrastructure

Built on platforms
you can verify

We run on well-known providers that publish their own security documentation and compliance records. We don't run our own servers.

Vercel

Frontend + CDN

🛤

Render

API + managed infra

🐘

Supabase

PostgreSQL database

🔑

Clerk

Auth + user management

💳

Stripe

Payments (PCI DSS L1)

📧

SendGrid

Transactional email

Compliance Roadmap

Where we are.
Where we're going.

We're an early-stage product. We operate with strong security controls, but we haven't completed all formal certifications yet. We're publishing our roadmap so you know exactly where things stand.

DONE

Secure infrastructure stack

Encryption, rate limiting, Stripe for payment isolation, Sentry error monitoring — all live from day one.

DONE

Privacy Policy & Terms of Service

Attorney-reviewed policies covering data ownership, retention, user rights, and usage terms.

IN PROGRESS

Cyber Liability Insurance

Procuring commercial cyber liability coverage. Target: $1–2M policy in place before first subscribers.

IN PROGRESS

Incident Response Plan

Documenting breach notification procedures, escalation paths, and user communication protocols.

Q4 2026

SOC 2 Type I Readiness Assessment

Independent audit of security controls. Planned as brokerage partnerships begin to scale.

2027

SOC 2 Type II Certification

Full sustained audit confirming controls over time. Required for enterprise and brokerage relationships at scale.

Communication & Consent

We draft.
You send.

Sphere Tracker provides AI-drafted message templates and relationship prompts. We do not send emails, texts, or any communications to your contacts without your explicit action.

Every message sent to a client is reviewed, edited if needed, and sent by you. Sphere Tracker is a copy tool. You control the communication entirely.

You remain responsible for:

  • Ensuring consent before contacting anyone
  • Compliance with CAN-SPAM, TCPA, and applicable law
  • Reviewing AI-drafted content before it goes out
  • Maintaining opt-out processes for your contacts
What We Store

Only what you give us.
Nothing else.

We store what you enter. We do not collect data from third-party sources or enrich your contact profiles without your input.

  • Contact names, phone numbers, email addresses — entered by you
  • Personal context notes (kids, pets, life events) — entered by you
  • Deal timelines and milestone dates — entered by you
  • Interaction and touch log history — created by your activity
  • Social Security Numbers or government identifiers — never collected
  • Bank account or routing numbers — never collected
  • Raw card data — Stripe handles all of this, we never see it
  • Sensitive financial information — never stored

Questions about security or data?

We respond to all security and privacy questions within one business day.

✉ hello@agentready.io