Trust Center

Built so a reviewer can trust the record.

AcreSeal's job is to produce documentation that holds up under federal audit, third-party forensic review, and adversarial legal scrutiny. The architecture, audit roadmap, and operational posture below describe how.

Security Architecture

  • Encryption in transit: TLS 1.3 on all browser-to-server connections. HTTP traffic is upgraded automatically; no plaintext fallback.
  • Encryption at rest: Database storage encrypted via the hosting provider's AES-256 key management. Photo evidence is stored in a separate object store with the same encryption posture and per-record access control.
  • Forensic hashing: SHA-256 hash chain bound to GPS coordinates, timestamps, photo hashes, and prior record hash. Any modification breaks the chain — detectable without AcreSeal-side access.
  • Hosting region: Primary deployment in US-East. Data does not leave US jurisdiction without explicit customer authorization.

Third-Party Audit Commitment

AcreSeal's cryptographic implementation will undergo independent third-party security audit upon first paying customer engagement. Target firms include Trail of Bits, NCC Group, or Bishop Fox — peer cryptographic audit firms with utility-sector experience. Audit findings will be publicly summarized at completion.

For mirror copy, see also the audit roadmap on /compliance.

Regulatory Engagement

AcreSeal is engaged with ERCOT through the Research and Innovation Partnership Engagement (RIPE) program. Engagement with PUCT staff and FEMA Public Assistance program guidance is ongoing. Regulatory engagement is a continuous process; formal regulator endorsement is not claimed.

Data Handling and Retention

  • Landowner PII: Name, email, and phone are encrypted at rest with per-record keys. Decrypted only within authenticated dashboard sessions for staff with the appropriate role.
  • Forensic records: Retained for the life of the customer subscription plus seven years to support FEMA Public Assistance audit windows and PUCT documentation retention requirements.
  • Export on exit: At customer offboarding, all records exportable in standard formats (CSV, JSON, PDF) including the full forensic hash chain. No lock-in on the data the customer owns.
  • Deletion requests: Honored within 30 days for non-regulated records; subject to applicable retention obligations for forensic records.

Incident Response Posture

  • Error monitoring: Sentry instruments client and server with PII scrubbing on exception messages, breadcrumbs, and request bodies. Alerts fire on error rate > 1% per 15-min window and on any 500 on /api/* routes.
  • Disclosure: Security issues affecting customer records are disclosed to affected customers within 72 hours of internal confirmation. Material breaches are disclosed publicly via the trust center within 14 days.
  • Vulnerability reports: Email security@acreseal.com. We acknowledge reports within 48 hours and target patch within 7 days for critical issues.

NDA Available on Request

For utility evaluators, procurement reviews, or due-diligence conversations that require deeper detail than this page provides, AcreSeal will sign a mutual NDA on request and share architecture details, security control documentation, or audit findings under that NDA.

Request NDA

Want to verify a specific record?

Any AcreSeal forensic record is independently verifiable in your browser. No login. No subscription.

Go to /verify