TitleQuiet
How It WorksLearnFor HomeownersFor InvestorsFor AttorneysPricing
Sign InGet Started
TitleQuiet

Automated quiet title research for property owners, investors, and attorneys across New Jersey.

SOC 2 In ProgressAES-256

Product

  • How It Works
  • Pricing
  • For Homeowners
  • For Investors
  • For Attorneys
  • For Title Companies

Learn

  • Education Center
  • What is Quiet Title?
  • Common Title Clouds
  • State Guides — NJ
  • Glossary

Company

  • About
  • Security
  • Blog
  • Contact

Legal

  • Terms of Service
  • Privacy Policy
  • Legal Disclaimer
  • Attorney Network Terms
  • Acceptable Use
  • DMCA Policy

© 2026 TitleQuiet. All rights reserved.

TitleQuiet is a technology platform, not a law firm. Information provided does not constitute legal advice. Full disclaimer

Security

Built for institutional-grade security.

TitleQuiet handles sensitive property records, legal documents, and financial data. We apply defense-in-depth security at every layer of the stack.

SOC 2 Type II

AWS infrastructure certified. TitleQuiet audit in progress.

AES-256

All data encrypted at rest with AES-256 via AWS KMS.

TLS 1.3

All data in transit encrypted with TLS 1.3.

PCI-DSS

Payment data handled by Stripe (PCI-DSS Level 1 certified).

GDPR / CCPA

Privacy controls for EU and California residents.

Bar-Verified Attorneys

Every attorney independently verified against state bar records.

Defense in Depth

Six independent security layers — each designed to catch what the layer above missed.

Layer 1

Edge Protection

  • ·AWS CloudFront CDN with DDoS mitigation
  • ·AWS WAF with OWASP Top 10 rule set
  • ·Rate limiting: 100 req/min per IP on all API endpoints
  • ·SQL injection and XSS detection at the edge
  • ·AWS Shield Standard (DDoS protection)

Layer 2

Application Security

  • ·Clerk authentication — SOC 2 Type II audit in progress
  • ·JWT validation on every API request
  • ·Role-based access control enforced server-side on every route
  • ·Input validation via Zod schemas on all endpoints
  • ·Content-Security-Policy, HSTS, X-Frame-Options: DENY headers
  • ·CSRF protection via double-submit cookie pattern

Layer 3

Data Security

  • ·Encryption at rest: AES-256 (RDS, S3, ElastiCache)
  • ·Encryption in transit: TLS 1.3 on all connections
  • ·AWS KMS for cryptographic key management with automatic rotation
  • ·PostgreSQL database in private subnet — no public internet access
  • ·S3 bucket policies with versioning and no public access
  • ·Payment data handled exclusively by Stripe (PCI-DSS Level 1)

Layer 4

Network Security

  • ·VPC with public/private subnet architecture
  • ·Application Load Balancer is the only publicly exposed endpoint
  • ·Security Groups with principle of least privilege
  • ·NAT Gateway for private subnet internet access
  • ·VPC Flow Logs enabled for forensic analysis

Layer 5

Monitoring & Detection

  • ·AWS CloudTrail — full API audit logging
  • ·AWS CloudWatch — metrics, alarms, and log aggregation
  • ·AWS GuardDuty — intelligent threat detection
  • ·Application-level audit log: every data access recorded with user, timestamp, IP
  • ·PagerDuty alerting for critical security events
  • ·Incident response runbook tested quarterly

Layer 6

Backup & Recovery

  • ·RDS automated daily backups with 30-day retention
  • ·Point-in-time recovery with 5-minute granularity
  • ·S3 versioning + cross-region replication for disaster recovery
  • ·Infrastructure as Code (Terraform) — full rebuild in under 2 hours
  • ·RPO: 5 minutes · RTO: 2 hours

Responsible Disclosure

If you discover a security vulnerability in the TitleQuiet platform, please report it responsibly. We will acknowledge receipt within 24 hours and work to resolve confirmed vulnerabilities promptly.

Report security issues to: security@titlequiet.com

Please do not disclose vulnerabilities publicly until we have had a reasonable opportunity to investigate and remediate. We do not currently operate a bug bounty program but we do acknowledge all valid reports.