Trust & Safety
Security
Last updated: May 13, 2026
Close22 handles real estate lead data — names, phone numbers, emails, and inquiry details. We take that responsibility seriously. Here is how we protect it.
TLS Everywhere
All data in transit is encrypted using TLS 1.2+. We enforce HTTPS across every endpoint.
Encrypted at Rest
Lead data and API credentials are stored encrypted in Supabase with row-level security policies.
API Key Auth
Every webhook request is authenticated via an x-api-key header unique to your account.
Stripe Payments
We never store card numbers. All payment data is handled by Stripe's PCI-compliant infrastructure.
Webhook Verification
Stripe webhooks are verified using signed secrets. Unverified requests are rejected automatically.
Minimal Data Access
Staff access to production data is restricted and logged. We operate on a need-to-know basis.
Infrastructure
- Hosted on Vercel (edge network, automatic DDoS protection)
- Database on Supabase with row-level security and encrypted backups
- SMS routed through Close22 Gateway and the managed provider configured for your account
- AI processing via Anthropic (enterprise-grade data handling)
Your Responsibilities
- Keep your API key confidential — treat it like a password
- Only share webhook URLs with trusted lead sources
- Notify us immediately if you suspect your account has been compromised
Reporting a Vulnerability
If you discover a security issue, please report it responsibly to hello@close22.com. We will respond within 48 hours and work with you to address the issue promptly. Please do not publicly disclose vulnerabilities before we have had a chance to fix them.
© 2026 Close22, LLC. All rights reserved.