Trust

Security practices

DueFound is designed for sensitive property and identity records. This page describes implemented controls without guaranteeing that any system is risk-free.

Access and isolation

Role-based authorization, organization-scoped records, short-lived secure sessions, multifactor authentication requirements, and expiring case-specific upload links limit access.

Document handling

Files are type and size checked, stored under randomized keys, quarantined until security and processing checks complete, and released only through authorized case routes. Production requires encrypted private storage and authenticated malware scanning.

Reliability and accountability

Versioned processing, source citations, immutable-style audit chains, backups, retention jobs, dead-letter handling, and licensed approval gates support investigation and recovery.

Report a concern

Send suspected vulnerabilities or incidents to security@duefound.com. Do not include sensitive documents in ordinary email.