Features Pricing Learn Glossary Free Tools Compare Alternatives Best-Of Lists Integrations Portals For Investors Invest by City Try Demo Sign In Start Free

Your financial data deserves serious protection

DoorVault protects your most sensitive real estate financial data with multiple layers of encryption, strict access controls, and continuous monitoring.

Encrypted
Storage at rest
HTTPS/TLS
Encryption in transit
Passkeys & 2FA
Multi-factor auth
Vetted Cloud
Managed infrastructure

Security at every layer

From the moment your data enters DoorVault to how it's stored, accessed, and protected.

Data Encryption

Data is encrypted at rest by managed storage providers. Browser connections use HTTPS, and sensitive credentials are encrypted with Fernet symmetric encryption before storage.

Authentication

Sign in with passkeys (FIDO2/WebAuthn), Google, Apple, or email + password with TOTP two-factor authentication. Brute-force protection locks accounts after failed attempts.

Cloud Infrastructure

Hosted on managed cloud infrastructure with PostgreSQL databases. Documents are stored on Cloudflare R2 with provider-managed server-side encryption.

Audit Logging

Sensitive actions are logged with timestamps, IP addresses, and user context. Login attempts, data exports, and admin actions are tracked for review and investigation.

Access Control

Role-based access with household data isolation. Each user only sees their own data. Household members share data only when explicitly invited.

Error Monitoring

Real-time error tracking with Sentry captures exceptions, and uptime monitoring alerts the team when availability needs attention.

Encryption that never sleeps

Your financial data is protected by multiple encryption layers. We rely on managed encrypted storage, HTTPS/TLS in transit, and Fernet symmetric encryption for sensitive credentials.

Document files stored in Cloudflare R2 are encrypted server-side. Database backups are encrypted. Even our Knox AI pipeline processes data in memory and never persists raw text to third-party services.

Managed encryption at rest
HTTPS/TLS in transit
Fernet credential encryption
Encrypted database backups
HTTPS enforced (.app domain)
No plaintext password storage
  • 1
    Your browser connects over encrypted HTTPS (mandatory for .app domains)
  • 2
    Cloudflare provides DDoS protection, WAF rules, and edge caching
  • 3
    Railway runs your app in isolated containers with encrypted network
  • 4
    PostgreSQL stores data on managed encrypted volumes
  • 5
    Cloudflare R2 stores documents with server-side encryption
  • 6
    Fernet keys independently encrypt sensitive account data

Modern authentication built in

We support the most secure authentication methods available today. Passkeys (FIDO2/WebAuthn) provide phishing-resistant passwordless login. Google and Apple SSO let you leverage their security infrastructure.

For password-based login, we enforce strong hashing (PBKDF2-SHA256 with salt), automatic lockout after failed attempts, and optional TOTP two-factor authentication with backup recovery codes.

Passkeys (FIDO2/WebAuthn)
Google & Apple SSO
TOTP 2FA with backup codes
Brute-force lockout
Session invalidation on password change
Active session management
  • 1
    Login attempt checked against rate limits (5/minute per IP)
  • 2
    Password hash verified with PBKDF2-SHA256 (600,000 iterations)
  • 3
    2FA challenge required if TOTP is enabled
  • 4
    Session token generated with cryptographic randomness
  • 5
    Secure cookie set with HttpOnly, Secure, SameSite=Lax flags
  • 6
    Login event logged with IP, user agent, and timestamp

Knox AI with privacy first

Knox analyzes your documents and transactions through a vetted AI provider under contract. Your data is processed but never stored by that provider, never used for model training, and never shared with third parties.

We implement prompt injection detection to prevent malicious documents from manipulating AI behavior. All AI outputs are validated and sanitized before being applied to your data.

Data never used for AI training
Prompt injection protection
Input sanitization & validation
Human-in-the-loop review
  • 1
    Document uploaded to encrypted storage (R2)
  • 2
    Text extracted locally within our infrastructure
  • 3
    Sanitized text sent to our AI provider via encrypted connection
  • 4
    Knox analysis returned (data not retained by the provider)
  • 5
    Results validated and shown for your review before applying
  • 6
    You approve which changes to apply to your data

Built on trusted providers

Enterprise security certifications and world-class infrastructure.

Railway

Managed hosting with isolated containers and encrypted networking

PostgreSQL

Managed database with automatic backups, point-in-time recovery, and encrypted volumes

Cloudflare

Global CDN with DDoS protection, WAF, and R2 object storage with encryption

Sentry

Real-time error monitoring and performance tracking with instant security alerts

Our data practices

Transparency about how we handle your data.

Data Deletion

Delete your account and all associated data at any time. When you delete data, it's permanently removed from our databases and storage.

No Data Selling

We will never sell your data to third parties. Your financial information, documents, and property details are yours. We make money from subscriptions, not your data.

Data Portability

Export your complete data anytime. Properties, transactions, documents, tax reports. CSV, PDF, and Excel exports. Your data is never locked in.

Ready to secure your portfolio data?

Join investors who trust DoorVault to protect their most sensitive financial information.

Try Live Demo Create Free Account