Security Pillar
Authenticated workspace boundaries
Protected actions and saved workspace state run under authenticated user context so connected records remain scoped to the signed-in account.
Security
Protected by design, not added as an afterthought.
theCREmodel keeps the public experience clean while preserving authenticated workspace boundaries, cross-device cloud persistence, and a single connected security model across documents, analytics, CRM, marketing flyers, abstracts, and obligations.
Authenticated protected actions
Workspace isolation
thecremodel.com
Security Pillar
User-controlled credentials
Signed-in users can update their account name, email, and password from Personal Info while changes continue through the authenticated Supabase user endpoint.
Security Pillar
Connected data without cross-account bleed
Documents, analyses, CRM records, marketing flyers, lease abstracts, and obligations stay tied to the same workspace graph without leaking across users or clients.
Security Pillar
CRM pipeline linkage
New CRM client, tenant, and prospect profiles create linked pipeline deals, stay available in CRM selectors and account client settings, and use controlled stage changes to keep profile status aligned with pipeline movement.
Security Pillar
Client-scoped branding assets
Each client logo is stored once under that client workspace and reused across presentation outputs so branding changes do not fork into mismatched copies.
Security Pillar
Controlled sync and recovery
Signed-in workspace state is persisted in cloud-backed storage and can be restored from any device without silently reviving stale or deleted records.
Security Pillar
Deletion-aware obligations
When a saved source document is deleted, linked obligation repository records are pruned with it so removed lease files do not keep stale deadline records alive.
Security Pillar
Cross-device parsed document payloads
Original file payloads and parsed document snapshots sync separately from the main workspace record so Open and Apply can work on another signed-in device without relying on browser-only file caches.
Security Pillar
Thirty day device sessions
Signed-in devices keep their workspace session for up to 30 days of use unless the user signs out, while backend requests still require authenticated tokens.
Security Pillar
Visible sync state
The footer keeps sync visibility compact with Online, Sign in to sync, and Local states so users can confirm whether the workspace is cloud-connected before switching devices.
Security Pillar
Bounded document processing
OCR-heavy and image-only documents use bounded intake behavior so extraction remains responsive while still protecting the broader workflow and downstream exports.
Security Pillar
Reviewable obligation events
Notice, renewal, and termination dates pulled from lease rights clauses stay attached to the client-scoped obligation record and saved document snapshot so teams can review deadlines before relying on the timeline.
Security Pillar
Review-aware client outputs
Marketing flyers and lease abstract exports preserve analyst review status and source-document context so client-ready packages do not silently hide unresolved extraction issues.
Security Pillar
Stripe-secured billing
Subscription payments are processed entirely through Stripe — card data never touches our servers. Plan limits are enforced server-side via authenticated API calls so UI-only workarounds cannot bypass feature gates.
Security Pillar
Plan-tier feature enforcement
Every feature gate (deal limits, PDF export quotas, AI extraction access, module visibility) is validated on the backend against the org's verified subscription status. Downgraded or expired accounts revert to Starter limits automatically.
Security Pillar
Webhook signature verification
Stripe billing events are verified using signed webhook payloads before updating plan status. This prevents spoofed upgrade events from granting unauthorized access.
Security Pillar
White-label marketing output
Generated lease and sublease flyers use account branding and client-scoped marketing settings instead of hardcoded brokerage identity. Extracted flyer photos, floorplans, broker defaults, and generated PDFs stay scoped to the active workflow, share link, or saved client workspace record only after the user explicitly saves the PDF.
Security Pillar
Canonical production host
Production traffic is served from thecremodel.com so public pages, authenticated pages, and support flows stay aligned on the same origin.
Security Pillar
Support visibility for incidents
Security questions and operational issues flow through the same monitored support channel so reports can be triaged quickly with workspace context.
Representation Mode Coverage
Tenant Rep
Tenant mode changes workflow emphasis and reminders only; shared security and data boundaries stay intact.
Landlord Rep
Landlord mode changes leasing-console behavior and reporting emphasis only; shared security and client boundaries remain unchanged.
Report A Concern
Email info@thecremodel.com for security questions, suspicious behavior, or vulnerability reports.
Include the workspace or client name, the page involved, the action you took, and any timestamps or screenshots that will help reproduce the issue quickly.