Data security

Your data, and your clients' data, are protected here.

You are trusted with your clients' personal information, and you are trusting us with it in turn. Here is exactly how we keep both your data and theirs safe, in plain language, with nothing dressed up.

Two kinds of data, both protected

The people you serve, and the people you work with.

Your clients' data

The names, emails, phone numbers, and conversations of your leads and clients. This is the information you have a professional and legal duty to protect, so it is scoped to your firm, never shared with another brokerage, and never used to train AI.

Your data

Your account, your team, your writing-voice samples, and your firm settings. It is yours: you control who on your team can see it, you can export it, and you can ask us to delete it. We cannot open your account without your permission.

How we keep it safe

The protections, one by one.

Your data stays separated from every other brokerage

Every record in the platform is stamped with your firm's identity, and every request carries that firm identity, so your data is scoped to your firm. Your leads, your conversations, and your team's information are kept apart from every other firm on the platform, and we have automated tests covering that separation.

Encrypted coming and going

Everything is encrypted while it travels over the internet, the padlock you see in your browser, and encrypted at rest on our database provider's disks. The credentials that connect your email and other tools get an additional layer of AES-256 encryption on top.

We cannot just look at your data

By default, no one at Krogel can open your firm's account. If you ever want hands-on help, you grant us access yourself: it turns on only with your explicit permission, is limited to a short window, and switches off automatically. Its use is recorded to your account.

Only your team gets in

Sign-in is handled by a specialist identity provider (Clerk), the same category of login security used by much larger companies. Accounts are role-based, so each person sees only what their role allows, and two-factor login is supported.

Your data never trains AI

The AI that drafts your messages runs on Anthropic's Claude. Anthropic is contractually prohibited from using your data, or your clients' data, to train its models, handles it under a formal data-processing agreement with short deletion timelines, and processes it primarily in the United States. Your data stays yours.

A person approves every message

Nothing substantive reaches a client without a licensed member of your team reviewing and approving it. The AI drafts, your realtor decides. Consent is checked before every send and it fails safe: if we are not certain a contact agreed to hear from you, we do not send.

Built on trusted, audited infrastructure

We do not run our own servers. Your data lives on infrastructure from providers who carry their own independent SOC 2 audits, including Vercel, Neon for the database, Clerk for login, and Anthropic for AI. We inherit their physical and platform security.

Watched around the clock, and recoverable

Automated health checks and an outside uptime monitor page us the moment anything goes dark. Your data is backed up continuously with point-in-time recovery, so it can be restored if something goes wrong, and every incident gets a written review.

A complete, exportable trail

Every meaningful action, a lead classified, a draft written, a compliance check, an approval, a message sent, is captured as a timestamped record you can export. If a regulator or a client ever asks what happened, you have the answer.

Our promises

What we will never do.

  • Sell your data or your clients' data
  • Share it with other brokerages on the platform
  • Use it to train AI models
  • Message a client without a human approval and valid consent

Straight talk

Where we are, honestly.

We would rather be straight with you than oversell. We are not SOC 2 certified yet, that is a formal third-party audit we are actively working toward. What is true today: we maintain a documented security program mapped to the SOC 2 criteria, we host on SOC 2-audited providers, and we review and harden it continuously as we grow. We are also strengthening our defenses over time, for example adding deeper database-level safeguards on top of the firm-level separation already in place.

If you want the detail, our security policy and the way to report a concern are published, and a real person answers at the address below.

Questions about your data? Ask us directly.

It is your data. You can ask what we hold, ask us to correct or delete it, and export your records at any time. For anything security or privacy related, email security@krogelindustries.com. You can also read our privacy policy and compliance overview.

Data security · Krogel Capital