Trust Center

Security & Privacy

This page is maintained by Cessna AI Solutions to answer common security and privacy questions about TwinTC™. It describes controls in use today for California real estate contracts. It is app-owned editable content, not an independent certification.

Last reviewed: July 12, 2026

TLS in transit

All traffic to twintc.com™ and twintc.ai™ is served over HTTPS/TLS with a valid certificate.

Encryption at rest

Contracts and database records are stored on managed cloud infrastructure that encrypts data on disk (AES-256).

Row-level security

Every table enforces row-level access at the database layer — a user can only read the rows they own.

Private document bucket

Uploaded contracts land in a private storage bucket; direct-link access is blocked and reads require a valid session.

Sealed, immutable audits

Once an audit is sealed, the record cannot be edited — even by the owner. Enforced by a database trigger.

Auth-gated everything

Contract endpoints require a valid signed-in session. No anonymous access to deal-room data.

How your contracts are protected

When an agent uploads a contract to TwinTC™, the file travels from the browser to our servers over TLS (the padlock in your address bar). It then lands in a private storage container — not on a public URL, not indexable, not readable without a valid signed-in session tied to the uploader.

Each contract row in our database is tagged to the user who owns it. A database-level policy (row-level security) rejects any read or write from a session that doesn't match. Even if someone obtained a direct database URL, the system would return no rows for anything they don't own.

The single intentional exception: the supervising California broker can review submitted audits from agents in the brokerage. This is required for broker oversight under California real estate law and is scoped by role — not by open access.

Sealed audits: legal defensibility

Once an audit is marked sealed, the record becomes immutable. A database trigger blocks every further update — the agent, the broker, and Cessna AI Solutions personnel all lose the ability to alter the audit's findings, timestamps, or file references. This is a legal-defensibility feature: what the audit said at the moment of sealing is what the audit will always say.

Broker review actions are recorded to a separate event log, preserving the chain of who saw what and when.

Access and authentication

Users sign in with email and password (Google sign-in optional). Sessions are managed with signed tokens; passwords are never stored in plaintext. Administrative access to production systems is limited to Cessna AI Solutions personnel for support, security, and legal-compliance purposes and is scoped to the minimum needed to resolve a specific request.

We recommend every agent enable a strong, unique password and use a password manager. Password reuse across brokerage and personal accounts remains the single most common cause of real-world breaches in real estate.

Infrastructure and subprocessors

TwinTC™ runs on managed cloud infrastructure that provides physical security, network isolation, automated patching, and encrypted storage. AI-assisted audit reasoning uses model providers through server-side calls — uploaded transaction documents are not used to train third-party AI models.

Payment processing is handled by Stripe; TwinTC™ never sees or stores full card numbers. Email delivery uses our own verified sending domain.

What we do not claim

We deliberately avoid overstated compliance language. TwinTC™ is not HIPAA-covered — real estate contracts contain personal and financial information but not Protected Health Information, so HIPAA does not apply. TwinTC™ is not currently SOC 2 audited; that is on the roadmap and we will publish the report when the audit is complete.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at the address below.

Shared responsibility

TwinTC™ provides the platform controls above. You — the licensed agent or broker — remain responsible for who you invite to a deal room, what you upload, and how your brokerage handles client information end-to-end. This page describes Cessna AI Solutions' controls, not your brokerage's overall privacy program.

Reporting a security issue

To report a suspected vulnerability or a security concern, email cessna@cessnaaisolutions.com with the subject line "Security Report." Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and respond.

See also our Privacy Notice for information rights, deletion requests, and CCPA/CPRA disclosures.

CallEmail