Every promise below is implemented in code, tested in CI, and visible to you in the product. No marketing fluff — just what we actually do, every time you log in.
What this means in practice
Every agent profile shows a Property Services Regulatory Authority licence number — checked against the public PSRA register before any listing goes live.
Live zxcvbn strength meter on every signup. The most-leaked passwords (incl. country and brand variants) are rejected server-side, not just client-side.
New accounts confirm via a 6-digit code with a 30-minute expiry. Resend on demand. We never silently trust an email-as-identity claim.
When your account is accessed from an IP we've never seen for you, you get an instant transactional email with a one-click "Wasn't me — secure my account" link.
Every account has a /account/security page with the last 20 sign-ins (device, IP, time) and a single-click "Sign out everywhere" that revokes all active sessions immediately.
Every password-change email includes a 24-hour emergency link that, in one click, rotates the password to an unguessable value and emails the legitimate owner a fresh reset link.
Listing copy is stored with at-rest encryption so an exfiltrated database dump doesn't expose your draft pricing language or seller motivations.
Your viewing history, saved searches, and offers are GDPR-compliant and never sold. Period. The full data-export and right-to-deletion endpoints are live on /privacy.
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more