Trust Center

Compliance built into every post, not bolted on after.

Real estate is one of the most-regulated industries an agent can sell in. Every Frontage draft moves through the same rulebook a careful brokerage attorney would apply — Fair Housing, state advertising statutes, NAR Code, platform ToS — before it ever shows up in your queue.

Guardrails enforced on every draft.

Each domain below is enforced in code, scanned at draft time, and surfaced inline if a post trips a flag. We never silently rewrite — flagged content stops and waits for your call.

Fair Housing Act42 U.S.C. § 3601 et seq.

AI-generated copy cannot express preference based on race, color, religion, sex, disability, familial status, or national origin (federal). California adds 14 more protected classes.

Studio FHA scanner blocks publish on red flags.
Voice vocabulary banks pre-seeded with HUD trigger phrases.
CA Real Estate AdvertisingCA BPC §10140.6, §10235

License # and brokerage name required on every public ad. Per-violation DRE fine + license risk.

License # and brokerage stored in profile, required.
Platform ToS / APIEach platform's developer terms

Meta / TikTok / LinkedIn / X each enforce automation, AI-labeling, and rate-limit rules.

Bundle.social enforces per-platform rate limits + content rules.

Where your data lives.

We use named subprocessors for storage, auth, payments, and AI. Every one has a Data Processing Agreement on file. Full list available on request for procurement review.

Storage

Supabase (Postgres + object storage) with row-level security keyed to your account. Encrypted at rest; encrypted in transit. Your data isn't shared across tenants.

Auth

Clerk handles sign-in, session, and MFA. Frontage never sees your password.

Payments

Stripe Checkout (hosted). Card data is collected on Stripe's domain; we store only customer and subscription IDs. PCI scope: SAQ A.

AI

Anthropic (drafting, classification) and Groq (voice transcription). Voice clones — when you opt in — go through ElevenLabs.

Social publishing

Bundle.social manages OAuth, token storage, and the actual publish call. Tokens never touch Frontage servers.

Communications

Resend for transactional email. Twilio for SMS (with TCPA-compliant opt-in flow).

Your data, your control.

We follow the strictest applicable privacy law (CCPA/CPRA in California). The same controls apply regardless of where you're licensed.

Export everything

One-click export of every record we hold about you — listings, leads, drafts, voice profile, billing — as JSON. Available in Settings → Privacy & data.

Delete everything

Account deletion cascades through every subprocessor — Supabase, Bundle.social, Stripe, ElevenLabs. Stripe retains receipts per their tax compliance; everything else is wiped.

Do Not Sell

We don't sell or share your data with third parties for advertising. The CCPA "Do Not Sell" control is at /legal/do-not-sell.

Audit trail

Every flagged-and-overridden post is logged with a 3-year retention so a HUD or DRE audit has a defensible record.

What Frontage isn't.

Frontage is a software platform — not a brokerage, not a law firm, not an insurer. We build guardrails so your captions don't trip statute, but the agent of record (you, your broker) is responsible for what gets published. We don't give legal, financial, or tax advice; when a post requires a judgment call, we surface the flag and wait for yours.

Talk to us.

Procurement, security review, brokerage IT

For DPAs, security questionnaires, vendor reviews, or brokerage compliance officers requesting a signed agreement, write to trust@frontage.app.

For privacy / data deletion requests outside the in-app flow: privacy@frontage.app.

For copyright / DMCA notices: dmca@frontage.app.