A calm, complete sales system for developers—accurate inventory, one‑click offers, a clean buyer site, and WhatsApp follow‑ups.

How fast can we go live?

In 24 hours once your project data is ready. We set up your branded project site with real‑time availability and instant offers.

Does it work with our CRM?

Yes. You can use Citiwise on its own or alongside your existing CRM. Start with inventory, offers, and the buyer site; add more as needed.

Bank‑grade security, role‑based access, and a full audit trail for inventory and offers. Clear documents and history support compliance without extra work.

Trust

Security

How we protect your data

At Citiwise, security is foundational to everything we build. We understand that real estate developers entrust us with sensitive business data, including project information, buyer details, and financial records. We take this responsibility seriously.

This page describes the security measures we implement to protect your data. While no system can guarantee absolute security, we are committed to implementing and maintaining robust security practices.

Infrastructure Security

Cloud Infrastructure

Our Services are hosted on enterprise-grade cloud infrastructure provided by industry-leading providers:

Vercel: Web application hosting with global CDN, automatic DDoS protection, and edge security
Supabase: Database and authentication services with SOC 2 Type II compliance, hosted on AWS infrastructure

Network Security

All traffic is encrypted using TLS 1.2+ (HTTPS everywhere)
Automatic DDoS mitigation at the edge
Web Application Firewall (WAF) protection
Regular network security assessments

Data Protection

Encryption

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
At Rest: All data stored in our databases is encrypted using AES-256 encryption
Backups: Database backups are encrypted and stored in geographically distributed locations

Data Isolation

Customer data is logically isolated using Row-Level Security (RLS) policies, ensuring that each customer can only access their own data. This is enforced at the database level.

Password Security

Passwords are never stored in plain text
We use industry-standard bcrypt hashing with appropriate cost factors
Password strength requirements are enforced

Access Control

Role-Based Access Control (RBAC)

Citiwise implements granular role-based access control:

Owner: Full account access, billing management, team administration
Admin: Full project access, team member management
Sales: Lead and offer management, inventory viewing
Viewer: Read-only access to project data

Authentication

Secure email-based authentication
Session management with secure, httpOnly cookies
Automatic session expiration after inactivity
Protection against session fixation and hijacking

Internal Access

Principle of least privilege for all team members
Access to production systems is restricted and logged
Customer data access requires legitimate business need

Application Security

Secure Development

Secure coding practices following OWASP guidelines
Input validation and sanitization
Protection against common vulnerabilities (XSS, CSRF, SQL injection)
Dependency vulnerability scanning
Code review for security-sensitive changes

Audit Logging

We maintain comprehensive audit logs for security-relevant events, including:

Authentication events (login, logout, failed attempts)
Data access and modifications
Administrative actions
API access patterns

Vendor Security

We carefully evaluate the security practices of our third-party service providers:

Supabase: SOC 2 Type II certified, GDPR compliant, encrypted backups
Vercel: SOC 2 Type II certified, ISO 27001, GDPR compliant
Razorpay: PCI DSS Level 1 certified for payment processing

Business Continuity

Data Backup

Automated daily backups
Point-in-time recovery capability
Geographically distributed backup storage
Regular backup restoration testing

Availability

High-availability infrastructure design
Global CDN for fast, reliable access
Monitoring and alerting for service health

Incident Response

We maintain an incident response process to handle security events:

Defined incident classification and escalation procedures
Rapid response team for security incidents
Customer notification within 72 hours for data breaches affecting their data (or as required by applicable law)
Post-incident review and remediation

Responsible Disclosure

We value the security research community. If you discover a security vulnerability in our Services:

Please report it responsibly to security@citiwise.in
Provide sufficient detail for us to reproduce and address the issue
Allow us reasonable time to respond before any public disclosure
Do not access or modify data belonging to other users

We commit to acknowledging reports within 48 hours and keeping you informed of our progress.

Questions

For security-related inquiries:

Security Team: security@citiwise.in

For more information about how we handle personal data, please see our Privacy Policy.