Security at SLIM

Your lockbox data tracks access to people’s properties. We treat it that way.

No Code Storage

SLIM does not store lockbox access codes. Your codes remain with you — not in our system.

Audit Trail

Every action on every lockbox is logged permanently: who did it, when, and which lockbox. This trail cannot be edited or deleted — by anyone, including us.

Access Control

Agents can only see lockboxes assigned to them. Team leaders and admins have visibility across the team. Role-based permissions ensure the right people have the right access.

Data Isolation

Your data is isolated at the database level. No other team can see, query, or access your lockboxes or activity. This is enforced through Row Level Security policies, not just application-layer checks.

Infrastructure

All data is transmitted over HTTPS/TLS encryption. The application is hosted on Vercel with automatic SSL. The database is hosted on Supabase with encrypted connections.

Authentication Security

After 3 failed login attempts, CAPTCHA verification is required. After 5 failed attempts, the account is locked for 15 minutes. All sessions use secure, HTTP-only cookies.

Questions about our security practices? Email security@getslim.app or reply to any email from us.