Terrio handles sensitive real estate closing information on behalf of law firms and settlement providers. Security and data minimization are built into how the platform works, not added afterward.
This page summarizes our practices. A more detailed overview is available to customers and partners under NDA.
Hosting and infrastructure
- The Platform is operated in the United States on Microsoft Azure, a leading cloud provider with a broad set of independent compliance certifications for its infrastructure.
- Production access follows the principle of least privilege, and administrative credentials are managed centrally.
Tenant isolation
- Each Firm's data is logically isolated, with database-level access controls (schema separation and row-level security) designed to ensure that one Firm cannot access another Firm's data.
Encryption
- Data is encrypted in transit (TLS) and at rest.
- Designated sensitive fields, such as government and financial identifiers, receive additional field-level encryption.
Secrets and key management
- Application secrets and credentials are stored in a managed key vault and are never hard-coded in source. Access is scoped and auditable.
Data minimization
- Nonpublic personal information is never sent by ordinary email. Sensitive data is processed inside the secured Platform or moved through approved secure-transfer channels.
- Terrio is never in the wire or funds path. We do not send, hold, or move closing funds or wire instructions, and we are not a trust-accounting or tax-filing service.
- Notifications and communications are limited to the information necessary for the task.
Monitoring, logging, and audit
- Access to sensitive information is logged, and each matter carries a tamper-evident audit trail of activity.
- Ingested files are subject to malware and content scanning before processing.
Artificial intelligence
- Where the Platform uses third-party AI, it does so under agreements that prohibit using customer data to train the provider's models. We do not train AI models on customer transaction data.
Access control
- Access to the Platform is authenticated and role-based, and supports modern identity controls, including single sign-on and multi-factor authentication where configured.
Vulnerability reporting
We welcome responsible disclosure. If you believe you have found a security issue, please contact us at [email protected]. We will acknowledge your report and work with you to validate and address it.
We continue to mature our security program, including formalizing independent third-party assessments as we scale.