T
TitleTrace

Security

Security built for firms that handle client title files.

Vague security promises don't cut it in a regulated industry. Here is exactly what we have built and why.

Cryptographic Tenant Isolation

Your organization's data — uploaded documents, extracted entities, graph relationships, AI queries, audit logs — exists in a fully isolated cryptographic tenant. There is no shared database layer, no cross-tenant query access, and no administrative shortcut that bypasses this isolation. This is not a configuration setting. It is the architecture.

Encryption In Transit and At Rest

All data transmitted between your browser and our servers uses TLS 1.3. All stored documents and extracted data are encrypted at rest with AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation.

Isolated Document Vault

Every project you upload lives in an encrypted, firm-scoped vault — not a shared storage environment. Your files are isolated at the infrastructure level, not accessible to other organizations, and not retained beyond your defined window. You control what stays and what gets deleted, and deletion is permanent.

Zero Model Training

Your documents are never used to train, fine-tune, or improve any AI model — ours or any third party's. All AI inference runs in isolated sessions scoped to your query. Prompts and responses are not retained or logged by model providers. This is governed by strict data processing agreements.

Immutable Audit Logs

Every action in TitleTrace — document uploads, query submissions, entity extractions, user access events, terms-of-service agreements — is written to an immutable, database-level audit log. This log cannot be modified or deleted by users or administrators.

Data Retention and Your Control

You retain full ownership of your data at all times. Documents and workspace data can be deleted through the application at any time. Upon account termination, all customer data is permanently purged within 30 days. Data export is available at any time for portability.

Compliance Roadmap

SOC 2 Type I certification is targeted for Q4 2026. If you have specific compliance, regulatory, or procurement requirements, contact us directly — we will provide documentation appropriate to your needs.

Responsible Disclosure

If you identify a security vulnerability, contact security@titletrace.com. We commit to a response within 24 hours and follow responsible disclosure practices.