Skip to content
Real Estate Investing Platform x ScaleSec Client Story

Real Estate Investing Platform

Helping Investing Platform Navigate and Comply with Hundreds of Data Privacy Laws
Financial Services, Real Estate
New York, NY
Real Estate Investments


Research, report and provide guidance to ensure data privacy compliance under all state and federal laws, covering encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements.


US data privacy law is complicated and ever-changing. When an investment platform wanted to ensure compliance across various US states, they partnered with ScaleSec. Within only a few months, ScaleSec reviewed thousands of disparate state and federal requirements against existing policies, processes, and cloud infrastructures to ensure PII and other sensitive data were protected, no matter the location.

ScaleSec helped a real estate investing platform achieve secure and compliant cloud infrastructure, enabling it to support its growth and provide a safer environment for their users.

Services Provided

ScaleSec began by gathering information about the types of data collected, what the data was used for, and how and for how long it was stored, transmitted, shared, and deleted. Concurrently, the customer developed a list of all current US states of operation, as well as those states targeted for expansion through 2025. Given various sources and means of gathering information (direct from consumer, financial institutions, publicly available data), assessment, storage, and transmission of data was complicated and difficult to categorize.

Once ScaleSec understood the data content and how it was managed, ScaleSec reviewed the company’s existing compliance programs (policies, procedures, frameworks) against the thousands of separate state-level privacy requirements within the US. Using a state-by-state approach, ScaleSec identified which of these many laws would serve as the national baseline for each area of data protection. These functional areas included such topics as encryption, data access/deletion rights, data retention, third party transmission and storage, and logging/monitoring requirements. When ScaleSec understood how the compiled requirements related to the customer’s business model and architecture, current security programs were evaluated for compliance.

The final report provided guidance to ensure data privacy compliance under all applicable state and federal laws, including a one-page summary that gave clear, concise steps needed to reach compliance. The report also provided a state-by-state review, making it easier to understand the impact of adding or subtracting geographical service areas and markets.

Results / Impact / Highlights

The company can now more easily plan their expansion strategy while fully integrating cloud security best practices, ensuring a highly-scalable, yet easy to change, data privacy stance. Rather than spend hours checking work against disparate laws, the cloud engineering team can now easily deploy in new areas with confidence. Substantial updates to the privacy policy and internal information security procedures provide a clear standard that’s easily communicated to customers, partners, and internal stakeholders, such as legal teams. Not only are they certain they’re protecting data to legal standards, but they can now communicate this to external stakeholders to instill confidence in their services.

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.