TitleQuiet
How It WorksLearnFor HomeownersFor InvestorsFor AttorneysPricing
Sign InGet Started
TitleQuiet

Automated quiet title research for property owners, investors, and attorneys across New Jersey.

SOC 2 In ProgressAES-256

Product

  • How It Works
  • Pricing
  • For Homeowners
  • For Investors
  • For Attorneys
  • For Title Companies

Learn

  • Education Center
  • What is Quiet Title?
  • Common Title Clouds
  • State Guides — NJ
  • Glossary

Company

  • About
  • Security
  • Blog
  • Contact

Legal

  • Terms of Service
  • Privacy Policy
  • Legal Disclaimer
  • Attorney Network Terms
  • Acceptable Use
  • DMCA Policy

© 2026 TitleQuiet. All rights reserved.

TitleQuiet is a technology platform, not a law firm. Information provided does not constitute legal advice. Full disclaimer

Security

Built for institutional-grade security.

TitleQuiet handles sensitive property records, legal documents, and financial data. We apply defense-in-depth security at every layer of the stack, built on a foundation of SOC 2 Type II certified providers.

SOC 2 Prep

TitleQuiet SOC 2 Type II preparation underway. Our infrastructure providers (Vercel, Neon, Clerk, Stripe) each hold their own SOC 2 Type II certifications.

AES-256

All data encrypted at rest with AES-256 via Neon (database) and Upstash (cache).

TLS 1.3

All data in transit encrypted with TLS 1.3, enforced by Vercel and Neon.

PCI-DSS

Payment data handled exclusively by Stripe (PCI-DSS Level 1 certified). We never store card data.

GDPR / CCPA

Privacy controls for EU and California residents. Data deletion requests honored within 30 days.

Bar-Verified Attorneys

Every attorney on the platform independently verified against state bar records before activation.

Defense in Depth

Six independent security layers — each designed to catch what the layer above missed.

Layer 1

Edge Protection

  • ·Vercel Edge Network — global CDN with built-in DDoS mitigation across 100+ regions
  • ·Rate limiting on all API endpoints: sliding-window per user and per IP (Redis-backed)
  • ·OWASP Top 10 mitigations enforced at the application layer via Zod schema validation
  • ·Clerk-powered bot and abuse detection on all authentication flows

Layer 2

Application Security

  • ·Clerk authentication (SOC 2 Type II certified) — JWT validation on every API request
  • ·Multi-factor authentication (MFA) required for attorney and admin accounts
  • ·Role-based access control enforced server-side on every route and API endpoint
  • ·Input validation via Zod schemas on all endpoints — no unvalidated user data reaches the database
  • ·Content-Security-Policy, HSTS (2-year preload), X-Frame-Options: DENY headers on every response
  • ·Admin routes protected by both Clerk session auth and optional IP allowlist

Layer 3

Data Security

  • ·Encryption at rest: AES-256 via Neon (PostgreSQL) and Upstash (Redis)
  • ·Encryption in transit: TLS 1.3 on all connections (enforced by Vercel and Neon)
  • ·Neon managed key rotation — cryptographic keys managed and rotated by Neon's infrastructure
  • ·Database accessible only over encrypted connection strings — no public IP exposure
  • ·Payment data handled exclusively by Stripe (PCI-DSS Level 1 certified) — we never store card data

Layer 4

Infrastructure

  • ·Hosted on Vercel (SOC 2 Type II certified) — serverless, auto-scaling, zero server management
  • ·PostgreSQL on Neon (SOC 2 Type II certified) — managed database with automated failover
  • ·Redis on Upstash (SOC 2 Type II certified) — serverless cache and rate-limit store
  • ·Transactional email via Resend — no PII stored in email provider beyond delivery metadata
  • ·No long-lived servers, no SSH access surface, no self-managed infrastructure

Layer 5

Monitoring & Detection

  • ·Sentry error monitoring — real-time error tracking with PII scrubbing before transmission
  • ·Application-level audit log: every privileged action recorded with user ID, timestamp, IP address, and user agent
  • ·Scraper health dashboard — real-time status monitoring for all 21 NJ county data pipelines
  • ·Vercel deployment logs and access logs retained for forensic analysis
  • ·Incident response plan in place — security issues acknowledged within 24 hours

Layer 6

Backup & Recovery

  • ·Neon automated continuous backups with point-in-time restore (PITR) support
  • ·Vercel deployments are immutable and instantly rollback-able to any prior release
  • ·Database credentials and API secrets stored in Vercel encrypted environment variables
  • ·RPO: ~5 minutes (Neon PITR) · RTO: ~15 minutes (Vercel instant rollback)
  • ·SOC 2 readiness program underway — documentation and controls under active review

Infrastructure Providers

TitleQuiet is built on a stack of independently SOC 2 certified providers. We do not operate our own data centers — your data is protected by enterprise-grade managed infrastructure with their own audit programs.

Vercel
Hosting & CDN
SOC 2 Type II
Neon
PostgreSQL database
SOC 2 Type II
Upstash
Redis (rate limiting)
SOC 2 Type II
Clerk
Authentication & MFA
SOC 2 Type II
Stripe
Payment processing
PCI-DSS Level 1 + SOC 2
Sentry
Error monitoring
SOC 2 Type II

Responsible Disclosure

If you discover a security vulnerability in the TitleQuiet platform, please report it responsibly. We will acknowledge receipt within 24 hours and work to resolve confirmed vulnerabilities promptly. We follow coordinated disclosure practices and ask that you allow us reasonable time to investigate before public disclosure.

Report security issues to: security@titlequiet.com

We do not currently operate a bug bounty program but we acknowledge and appreciate all valid reports.