Security & data protection
Built to protect the people who trust it
REAISALE asks sophisticated buyers for their identity and their intent. That is a responsibility, not a formality. This page sets out — in plain terms, without the implementation details an attacker would want — exactly how your data is protected and what we will and will not do with it.
Encrypted everywhere
All traffic is served over HTTPS with HSTS (two-year max-age, subdomains included, preload enabled) — browsers refuse to connect insecurely. A strict Content-Security-Policy, X-Frame-Options: DENY, a cross-origin opener policy, and a tight referrer policy are enforced on every response.
Accounts & sessions
Authentication runs on a managed identity provider. Passwords are salted and hashed by the provider — REAISALE never sees or stores a plaintext password. Sessions live in httpOnly, secure cookies that JavaScript on the page cannot read, which closes the most common session-theft vector.
Row-level data isolation
The database is default-deny. Every table that holds user data carries row-level security policies that scope each row to its owner: a signed-in user can read and write only their own watchlist, saved searches, and preferences — never anyone else's. The privileged service key is server-only and never reaches the browser.
Payments — we never touch your card
Buyers are never charged. Where payment exists (partner-side), it runs through a hosted Stripe checkout. Card numbers are entered on Stripe's own page and are never seen, transmitted, or stored by REAISALE. We hold no card data to lose.
Your lead, your consent
When you request an introduction, your details are routed to a verified licensed partner only with your explicit, recorded consent. We collect the minimum needed to connect you, we do not sell contact lists, and you can opt out at any time.
Abuse resistance
Every public endpoint is rate-limited. The admin console is protected against brute-force login attempts. Submission forms carry bot traps, and inputs are size-capped and validated at the boundary so a malformed or hostile payload cannot reach the core of the system.
Privacy & compliance
REAISALE is designed to align with the UAE Personal Data Protection Law (PDPL) and the EU GDPR: data minimisation, purpose limitation, recorded consent for any partner introduction, and the right to access or delete your data. The full detail is in the privacy policy and terms. REAISALE is a property-intelligence platform, not a licensed brokerage — all regulated activity is performed by licensed partners.
Responsible disclosure
Found a vulnerability or a privacy concern? We want to hear from you before anyone else does. Email [email protected] with the details and steps to reproduce. We commit to acknowledging legitimate reports and acting on confirmed issues. Please do not publicly disclose an issue before we have had a reasonable chance to address it.