Effective Date: July 15, 2026
This Information Security Policy describes the administrative, technical, and physical safeguards Reamo maintains to protect the information entrusted to us. Version 1.0.
Reamo, LLC (“Reamo,” “we,” “us”) provides an AI-powered middle-office platform for real estate professionals. Our platform processes sensitive information, including client call audio, transcripts, contact records, and transaction details. This Information Security Policy describes the administrative, technical, and physical safeguards Reamo maintains to protect the confidentiality, integrity, and availability of that information.
This policy reflects our commitment to handling customer and client data responsibly and forms the basis of the security practices referenced in our Terms of Service and Privacy Policy.
This policy applies to all Reamo information systems, production infrastructure, source code, and data processed by the Reamo platform, and to all personnel, contractors, and service providers who access Reamo systems or data. It covers data in all states — in transit, in use, and at rest.
Security is owned at the leadership level of Reamo. Reamo maintains a designated security point of contact responsible for the implementation, maintenance, and periodic review of this policy. Security responsibilities include risk assessment, control implementation, vendor oversight, incident response, and enforcement of the standards described below. This policy is reviewed at least annually and updated when material changes to our systems, services, or regulatory obligations occur.
Reamo classifies data to ensure appropriate handling:
Handling, access, and retention controls are applied according to classification, with the strictest controls applied to Sensitive/Confidential data.
Reamo enforces the principle of least privilege. Access to production systems and customer data is restricted to authorized personnel who require it to perform their duties. Controls include:
Customers control their own account access and are responsible for safeguarding their credentials and managing user permissions within their organization.
Reamo encrypts Sensitive/Confidential data both in transit and at rest:
Encryption keys are managed through the key-management services of our infrastructure providers and are restricted to authorized systems and personnel.
Reamo operates on enterprise-grade cloud infrastructure. Production environments are logically separated from development and testing environments. Network-level controls, firewalls, and security groups restrict traffic to only what is necessary. Administrative access to infrastructure requires authentication, is limited to authorized personnel, and is logged.
Security is integrated into Reamo's software development lifecycle:
Reamo relies on a limited set of trusted service providers to deliver its platform. We evaluate the security posture of providers that process customer data and require them to maintain safeguards consistent with this policy. Reamo's sub-processors include providers of cloud hosting and infrastructure, voice transcription, telephony and messaging, email and calendar connectivity, payment processing, and data storage. A current list of sub-processors is available upon request.
Reamo does not sell, rent, or share customer or client data with third parties for their own marketing or independent use.
Reamo retains customer and client data only as long as necessary to provide the service or as required by law. Specific retention periods — including for call recordings, transcripts, AI-generated summaries, and contact records — are described in our Privacy Policy. Customers may export or request deletion of their data at any time. Upon account termination or a valid deletion request, Reamo deletes or de-identifies the associated data within the periods described in our Privacy Policy, subject to legal retention obligations. Media and storage are disposed of using secure methods provided by our infrastructure providers.
Customers own their data. Reamo processes customer and client data solely to provide and improve the service on the customer's behalf and in accordance with our Privacy Policy. Customers may access, export, or delete their data. Reamo supports applicable data-subject rights, including those under the California Consumer Privacy Act (CCPA) and, where applicable, the EU/UK General Data Protection Regulation (GDPR).
Reamo maintains logging and monitoring of production systems to detect and respond to anomalous or unauthorized activity. Security-relevant events are recorded, and logs are protected against unauthorized access and tampering. Reamo reviews monitoring signals to support timely detection of potential security incidents.
Reamo monitors its systems and dependencies for known vulnerabilities and applies security updates in a timely, risk-prioritized manner. Critical vulnerabilities are remediated on an expedited basis. Reamo periodically assesses its environment for security weaknesses and addresses identified issues according to severity.
Reamo maintains an incident response process to identify, contain, investigate, and remediate security incidents. In the event of a confirmed data breach affecting customer or client data, Reamo will notify affected customers without undue delay and consistent with applicable legal requirements — and, consistent with our Privacy Policy, in no event more than 72 hours after confirmation where practicable — and will provide information about the nature of the incident and the steps taken in response.
Security concerns or suspected vulnerabilities can be reported to [email protected].
Reamo maintains regular backups of critical data and leverages the resiliency and redundancy of its cloud infrastructure providers to support availability. Backup and recovery practices are designed to enable restoration of service and data following a disruption.
Personnel and contractors with access to Reamo systems are bound by confidentiality obligations and are expected to comply with this policy and Reamo's acceptable-use standards. Reamo provides security awareness guidance to those with access to sensitive systems and data, and access is granted based on role and business need.
Reamo's production systems are hosted in the facilities of established cloud infrastructure providers that maintain robust physical security controls, including access restrictions, environmental protections, and 24/7 monitoring. Reamo does not operate its own data centers.
Reamo's security program is designed to align with widely recognized security and privacy standards and applicable laws, including the CCPA and, where applicable, the GDPR. Reamo does not currently hold a formal security certification and does not claim one. As the company matures, Reamo expects to pursue formal attestations such as SOC 2.
This policy is reviewed at least annually and whenever significant changes to Reamo's systems, services, or regulatory environment warrant. Updates are published on this page with a revised effective date and version.
Questions about this policy or Reamo's security practices can be directed to [email protected].