Security Policy

Berkshire Hathaway HomeServices Nevada Properties and Dr. Jan Duffy take system security and client privacy seriously. This page describes our security practices, how to report vulnerabilities, and how we protect your data when you use our Las Vegas real estate services.

Our Commitment to Security

At Berkshire Hathaway HomeServices Nevada Properties, we take the security of our systems and the privacy of our clients seriously. This page outlines our security practices and provides information for security researchers.

Reporting Security Vulnerabilities

If you've discovered a security vulnerability, we appreciate your help in disclosing it to us responsibly.

How to Report

What to Include

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any proof-of-concept code (if applicable)
  • Your contact information (optional)

Security Measures in Place

🛡️ Protection

  • • Cloudflare Turnstile CAPTCHA
  • • Rate limiting (Upstash)
  • • CSP headers
  • • HTTPS enforced
  • • Input sanitization

📊 Monitoring

  • • Sentry error tracking
  • • Vercel Analytics
  • • Automated security scans
  • • Weekly dependency audits
  • • Real-time alerts

🔐 Data Protection

  • • Encrypted connections (TLS 1.3)
  • • Secure API integrations
  • • Regular backups
  • • Access controls
  • • Audit logging

✅ Compliance

  • • GDPR ready
  • • CCPA compliant
  • • Fair Housing Act
  • • Nevada real estate laws
  • • WCAG 2.1 (accessibility)

Third-Party Services

We use trusted third-party services to provide the best experience:

  • Vercel: Hosting and deployment
  • Cloudflare: CDN, security, and edge computing
  • Follow Up Boss: CRM and lead management
  • RealScout: MLS/IDX property data
  • Calendly: Appointment scheduling
  • Google Analytics: Website analytics
  • Sentry: Error monitoring
  • Anthropic: AI assistance (Claude)

Each service maintains its own security practices and compliance certifications.

Responsible Disclosure Policy

We Promise

  • ✅ We will respond within 48 hours
  • ✅ We will keep you updated on our progress
  • ✅ We will credit you for the discovery (if desired)
  • ✅ We will not take legal action against good-faith researchers
  • ✅ We will work with you to understand and resolve the issue

Out of Scope

Please do not report the following (not considered vulnerabilities):

  • Publicly accessible information (e.g., property listings)
  • Social engineering attacks
  • Physical security issues
  • Denial of Service (DoS) attacks (we have rate limiting)
  • Spam or abuse reports (contact support instead)
  • Issues in third-party services (report to them directly)

Your Security

To protect your information when using our site:

  • Ensure you're on the correct domain: sienalasvegas.com
  • Look for the padlock icon (HTTPS)
  • Don't share sensitive information via email
  • Use strong, unique passwords if creating an account
  • Keep your browser and OS updated
  • Be cautious of phishing attempts

Questions?

For general questions about our security practices:

Dr. Jan Duffy

Berkshire Hathaway HomeServices Nevada Properties

Email: info@sienalasvegas.com

Phone: (702) 500-1942