Vendor diligence materials. Not legal advice. Contractual terms are draft until counsel finalizes — see /legal.

Trust & compliance

IT and compliance resources for brokerages, title companies, and coordinators evaluating The Selling Table.

Download package

ZIP bundle with security summary, compliance FAQ, data handling, subprocessors, and draft privacy/DPA.

Download tenant compliance pack (.zip)

Start with 07-COMPLIANCE-FAQ.md inside the zip. For questionnaires, use 01-VENDOR-SECURITY-SUMMARY.md.

Overview for tenants

**Product:** The Selling Table — multi-tenant B2B SaaS for real estate document intake, PDF generation, email delivery, and optional e-sign coordination.

**URLs (typical production):**

  • Admin: `portal.thesellingtable.com`
  • Public wizard: `wizard.thesellingtable.com` (tenant-branded)
  • B2B pricing: `platform.thesellingtable.com`

---

What we are / are not

| We are | We are not |

|--------|------------|

| Software provider (SaaS) | Law firm, brokerage, title insurer, or escrow agent |

| Processor for transaction party data you collect | Controller for your end-customer transaction data |

| Controller for tenant account, billing, and platform security logs | Guarantor of legal sufficiency of documents your team produces |

---

Shared responsibility (summary)

**Platform**

  • Host the application, database, and integrations
  • Enforce tenant isolation (application layer + optional Postgres RLS)
  • TLS in transit; provider encryption at rest
  • Subprocessor management and breach notification to tenants (per DPA)
  • Audit logging for major platform actions

**Tenant (you)**

  • Licensing, agency disclosure, and regulatory compliance for your use case
  • Accuracy and legal adequacy of documents presented to buyers/sellers
  • Invited users and activity under your account
  • Consumer privacy requests for transaction data you control
  • Content you upload (custom PDFs, email attachments)

---

Data at a glance

  • **Region:** United States–primary (database pooler `us-east-1`)
  • **Database:** Supabase PostgreSQL via Prisma (no Supabase Auth client)
  • **PDFs:** Purchase agreements generated **on demand** from deal JSON; some artifacts stored as Postgres `bytea` (relationship ack PDFs, uploaded attachments)
  • **No** dedicated blob/CDN storage for agreement PDFs

---

Contacts

| Topic | Email |

|-------|-------|

| Support | support@thesellingtable.com |

| Privacy / DPA | privacy@thesellingtable.com |

| Security / abuse | abuse@thesellingtable.com |

| Legal | legal@thesellingtable.com |

---

Related documents

  • Platform legal (draft): `/legal/terms`, `/legal/privacy`, `/legal/dpa`, `/legal/acceptable-use`
  • Internal engineering: `docs/SECURITY-RLS-ROLLOUT.md`, `docs/SECURITY-AUDIT-2026-06.md`

Related

  • Privacy Policy (draft)
  • Data Processing Addendum (draft)
  • Terms of Service (draft)
  • Pricing

Last reviewed against codebase: June 2026

Questions: privacy@thesellingtable.com · abuse@thesellingtable.com