Built private from the first line of code.
Estatly handles legally sensitive documents. Security isn't a feature we add later — it's the foundation.
Verified accounts
Email verification is required. Optional authenticator-app 2FA arrives in the next stage.
Encrypted at rest and in transit
All traffic is HTTPS. Documents live in private buckets with no public URLs.
Signed, expiring document links
Document URLs are signed and expire within one hour. Nothing is left dangling on the open web.
Row-level security on every table
Database policies enforce that you can only see your own records — except where you've explicitly shared.
Full activity log
Every login, document view, download, share, and edit is recorded so you have a complete audit trail.
Permanent account deletion
Delete your account and we permanently remove your data and uploaded files from our systems.
Encryption status
Your most sensitive data is encrypted with a per-account key, wrapped by a master key Estatly never logs. Even with database access, the values below are unreadable without the master key.
- EINs (entities)
- Private notes (entities, people, documents, renewals)
- Date of birth (people)
- Renewal confirmation numbers
- Names, addresses, emails, phones
- Dates other than DOB, statuses, ownership
- Activity log, profile info
Encryption protects your data from database breaches. Always keep your account password secure — your password is the gateway to decrypting your data.
Encrypt any existing plaintext values you saved before this rolled out. Safe to run again — it skips rows that are already encrypted.
Document file encryption
Document file content (PDFs, images, scans) is encrypted with your per-account key before it ever reaches storage. A direct download from the storage layer returns ciphertext — only Estatly's server can decrypt with your key.
No documents uploaded yet.