Security

How your data is kept.

No badge wall, no compliance theater. Just a plain account of how resty.ai handles your portfolio — written by the person who built it.

What we do

Encrypted in transit

Every request runs over HTTPS through CloudFront. The app server only accepts traffic from CloudFront, so there's no open back door to the box.

Your data is isolated from everyone else's

Each account sees only its own data, enforced at the data layer on every read and write — not just hidden in the interface. An adversarial multi-agent security review checked for cross-account leaks and found none.

Backed up daily

The database is captured by automatic daily disk snapshots with a rolling retention window, so a bad day doesn't mean lost records.

No third-party analytics inside the app

Once you're logged in, there are no advertising or analytics trackers following you around. We don't load third-party scripts on your portfolio.

You can export everything

Every table exports to CSV — transactions, the rent roll, Schedule E, the whole portfolio. Your records are yours to take with you, any time, no support ticket required.

Passwords are hashed, never stored

Passwords are salted and hashed with a slow key-derivation function. We can't read your password, and neither could anyone who got hold of the database.

What we don't do

We don't resell or share your data with anyone.
We don't run a lending-offer or refinance-lead pipeline off your numbers.
We don't process rent or hold your money — there are no payment rails to compromise.
We don't load advertising trackers onto your account.

Found something?

If you find a security issue, tell us before you tell anyone else and we'll work it fast. Email security@resty.ai. We don't run a paid bounty, but we'll credit you if you'd like.