StellarClose LLC · Security stellarclose.com

Trust · Privacy · Engineering Reality

How we protect your data, your documents, and your transactions.

StellarClose LLC operates Mrs. Nudgely (AI transaction coordination), Arkeio (encrypted document vault), and StellarSign (electronic signing). This page documents the actual security controls in place — not aspirations — verified against our running configuration.

Self-hosted on DigitalOcean and our colocated GPU server. No AWS, no Gmail, no closed-source AI vendors except Anthropic Claude for natural-language reasoning.

Open-source software, owned-and-operated infrastructure, and a constitutional commitment to never sell customer data. One-click cancellation. 24-hour breach-notification policy.

Network & Web Layer

How requests reach us, safely.

Every visitor connection is encrypted, every header is hardened, and every request passes through a web application firewall before reaching the application.

  • EncryptionTLS 1.2 and TLS 1.3 only. Older protocols (SSLv3, TLS 1.0, TLS 1.1) are disabled.
  • CertificatesLet’s Encrypt, automatically renewed. HTTP traffic is 301-redirected to HTTPS.
  • HTTP Strict Transport Security1-year max-age with includeSubDomains; eligible for preload list.
  • Content Security PolicyPer-domain CSP restricting script, style, font, image, and connect sources.
  • Other security headersX-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy denies camera, microphone, geolocation, and payment APIs.
  • Web Application FirewallModSecurity with the OWASP Core Rule Set, applied to all production traffic.
  • Rate limitingPer-endpoint limits: authentication 5/sec, sensitive endpoints 5/sec, login page 3/sec, with bursts and 429 responses on excess.

Authentication & Identity

Who you are, and how we know.

User passwords are never stored in plain text. Sensitive flows require multi-factor verification. Sessions expire.

  • Password hashingPBKDF2-SHA512 with 210,000 iterations and a 16-byte random salt per user.
  • Legacy migrationOlder 1,000-iteration password hashes are automatically upgraded on the next successful login.
  • Multi-factor authenticationMFA via email or SMS for sensitive flows (sign-up confirmation, signing, account changes).
  • Session tokensCryptographically random tokens with server-side expiration.
  • Mutual accountabilityCalendar task completion endpoint is restricted to the user-interface only; automated processes and AI sessions cannot mark tasks complete.

Mrs. Nudgely — AI Transaction Coordination

The coordinator side.

Mrs. Nudgely sends emails, makes calls, tracks deadlines, and coordinates with title companies and lenders on your behalf. Every interaction is logged, every outbound action is gated.

AI transparency

Every party who interacts with the system is informed they are communicating with AI. We will never deceive anyone into thinking they are speaking with a human.

Outbound trigger allowlist

Every email send must declare a recognized workflow trigger. Unknown triggers are blocked at the relay before any message leaves our infrastructure.

Prompt-injection sanitizer

External content (emails, attachments, web pages) is scrubbed for known injection patterns before it reaches any AI inference call.

Phone identity verification

Inbound and outbound voice calls require a per-agent phone code — a two-word phrase the agent sets and can change anytime.

Communication log

Every email, call, and message is logged, timestamped, and stored in your vault. Your record of who said what, and when.

Wire-fraud guarantee

Mrs. Nudgely will never send wire-transfer instructions. Any such message claiming to be from us is fraudulent.

Arkeio — Encrypted Document Vault

Where every document lives.

Signed agreements, transaction documents, communication histories. Encrypted at rest, integrity-verified, audit-logged.

  • EncryptionAES-256-GCM at rest with a unique encryption key per file.
  • Key derivationHKDF-SHA256 derives each per-file key from a master secret using a per-file salt.
  • Integrity verificationSHA-256 fingerprint computed on every file at upload; verified on every download.
  • Vault passwordSeparate authentication layer (PBKDF2-SHA256, 100,000 iterations) independent of the main application.
  • Audit logAppend-only log captures every read, write, delete, and access event with IP address, user-agent, timestamp, and structured details.
  • Retention7-year minimum retention on signed agreements, aligned with US accounting record-keeping requirements.

StellarSign — Electronic Signing

Signatures that hold up.

Per-transaction service agreements are signed electronically with multi-factor verification, recorded consent, integrity hashing, trusted timestamps, and a tamper-evident audit chain.

  • Per-signer access tokensCryptographically random 48-byte URL-safe tokens, single-document scope.
  • Multi-factor verificationEmail-delivered code required before the signing surface is rendered.
  • Recorded consentVersioned consent disclosure shown and timestamped before any signature can be applied.
  • Per-event metadataIP address and user-agent captured for every signer event (view, consent, MFA verify, signature).
  • Document integritySHA-256 hash computed on the document before and after signing; both hashes stored.
  • Trusted timestampsRFC 3161 timestamps applied at signature application and document completion.
  • Hash-chained audit logEach audit event stores the hash of the previous event. Any modification anywhere in the chain is mathematically detectable.

Database & Backups

Where the data sits, and how we get it back.

  • DatabasePostgreSQL on DigitalOcean Managed Database. SSL/TLS required for every connection.
  • CredentialsStored in environment files outside the source repository. No service-account passwords in code.
  • Database backupsDaily dumps encrypted with AES-256-CBC and PBKDF2 before upload to off-site storage.
  • Vault backupsFiles (already AES-256-GCM encrypted on disk) synced to Backblaze B2 off-site storage. Multi-region rollout in progress.
  • Restore-testsWeekly automated restoration verifies backup integrity and decryptability.

Operational Practice

What we do every day.

  • Health monitoringAutomated checks every 5–15 minutes against websites, mail fleet, vault API, signing API, and database connectivity.
  • Change managementDiagnose-before-deploy and show-changes-before-making-them are codified as Constitution Articles 11 and 14.
  • Breach notification24-hour customer notification commitment on any incident affecting customer data.
  • Data ownershipWe never sell customer data. One-click account deletion exports your complete data and removes it from our systems.
  • Open-source preferenceWe use open-source tools wherever possible and self-host on owned infrastructure (DigitalOcean and our own GPU server). Anthropic Claude is the one closed-source dependency.

Honest disclosure — what we have not yet done

We do not overstate. Here is what is on the roadmap but not yet complete:

  • SOC 2 Type II audit — readiness self-assessment is complete; we have not yet engaged an external auditor.
  • ISO 27001 — readiness review is on the roadmap.
  • External penetration test by a third-party security firm — planned, not yet engaged.
  • Public bug-bounty program — we accept good-faith vulnerability reports today, but do not currently run a paid bounty.

Vulnerability reports: please email donna@stellarclose.com. We commit to acknowledge within 48 hours, investigate in good faith, and credit reporters who follow responsible-disclosure practice.