Trust & Security

European data residency. Institutional security. Absolute independence.

Maklor is built on the principle that your firm's data belongs exclusively to your firm. Hosted in the EU, engineered for nFADP (revDSG) compliance, and completely independent of property portals.

Download Security Whitepaper View Compliance Docs

Data Residency · The Jurisdiction

Hosted in Europe. Protected by the nFADP.

We do not route your mandates, client relationships, or financial documents through global cloud providers where jurisdiction is ambiguous. Maklor's data is hosted in the European Union — in Tier-III+ data centres in Stockholm, Sweden — a jurisdiction the Swiss Federal Council recognises as providing adequate protection under the nFADP. Your data never leaves the EU/EEA and is never exposed to US jurisdiction or foreign data-access laws.

01EU-Hosted Infrastructure
Operated on Tier-III+ data centres in Stockholm, Sweden (EU/EEA).
02No US Data Exposure
Hosted in the EEA — recognised as adequate under the nFADP. Never replicated to US jurisdiction.
03Absolute Data Portability
Your firm owns the data. Export your entire relational database, document vault, and client history in standard formats at any time. No lock-in.
04Swiss Hosting on Request
Enterprise clients who require data residency in Switzerland can have their environment provisioned on Swiss soil on demand.

Compliance & Privacy

nFADP (revDSG) by design, not as an afterthought.

Swiss real estate requires handling highly sensitive personal and financial documentation — from debt register extracts to inheritance filings. Maklor's architecture was built from day one to comply with the strictest interpretations of the nFADP, ensuring your firm's compliance posture is bulletproof.

01Granular Consent Management
Automated tracking of marketing and communication consent for all buyer and seller contacts.
02Automated Data Retention
Configurable policies to automatically archive or purge data based on cantonal legal retention requirements.
03Strict Access Controls
Role-based permissions ensure agents only access the data relevant to their active mandates and assigned leads.
04Enterprise DPA
A comprehensive, pre-vetted Data Processing Agreement is provided for immediate legal review during enterprise onboarding.

Security Architecture

Enterprise-grade protection for high-stakes transactions.

A single mandate can represent millions in commission and decades of client trust. Maklor applies institutional-grade security standards to protect every document, voice note, and financial record.

Cryptography01
Encryption at Rest
AES-256 for all stored documents, databases, and backups.
Encryption in Transit
All data in motion secured via TLS 1.3.
Key Management
Customer-managed encryption keys available on the Enterprise tier.
Identity & Access02
Enterprise SSO
Full SAML 2.0 and OIDC support (Okta, Azure AD, OneLogin).
Mandatory MFA
Enforceable multi-factor authentication for all team members.
Session Control
Configurable idle timeouts and IP-whitelisting for office networks.
Audit & Chain of Custody03
Immutable Audit Logs
Every view, edit, export, and share is logged with a precise timestamp and user ID.
Document Provenance
Track exactly when a sensitive extract was uploaded, who viewed it, and when it was deleted.
AI & Data Isolation04
Zero Data Monetization
Your data is never aggregated, anonymized, or sold to third parties.
Closed-Loop AI
Our AI never uses your firm data, client contacts, or off-market signals to train external, public-facing models. Your intelligence stays yours.

AIREA · The Agentic Liability Boundary

Architecturally constrained. By design.

AIREA prepares the work; it cannot act on its own. The boundary is enforced in the architecture — not merely in policy — so the legal and reputational risk of autonomous AI never reaches your firm.

AI behind the agent. Never instead of the agent.

01It cannot send
AIREA cannot autonomously send emails or messages. Every communication waits for your explicit approval.
02It cannot sign
It cannot sign mandates or commit your firm to any obligation. The signature is always yours.
03It cannot advise
It does not give legal advice. It surfaces evidence and prepares the file; the judgment remains with the agent.
04Closed-loop processing
Your firm's data is processed in a closed-loop environment and is never used to train public, third-party AI models.

Independence · The Zero-Conflict Guarantee

We are not a portal. We have no conflict of interest.

The largest risk to an agency's data is giving it to a platform that also sells advertising to your competitors, or owns the portals where you list. Maklor is an independent operating system. We do not own a portal, we do not sell lead routing, and we do not monetize your network.

No Portal Ownership
We do not compete with your distribution channels, and we favor no specific portal in our export logic.
No Data Harvesting
Your signals, contacts, and transaction data are never shared with third-party marketers or portal groups.
Portal-Agnostic Export
We generate perfect XML and media files for the main listing portals, keeping you in total control of your publishing strategy — without relying on their restricted APIs.

Enterprise Readiness

Built for the scrutiny of enterprise compliance teams.

For regional brokerages and multi-office firms, Maklor provides the administrative controls and documentation required by your IT and legal departments.

Customizable Role-Based Access Control (RBAC)
Single Sign-On (SSO) & SCIM Provisioning
Downloadable Security Whitepaper & Penetration Test Summaries
Dedicated Data Processing Agreement (DPA) & NDAs
SLA-backed uptime (99.9%) and incident response protocols
Dedicated Customer Success & Security Liaison

Security Review

Review our security posture.

Download our technical security whitepaper, or request a direct review with our infrastructure team to discuss your firm's specific compliance requirements.

Download Security Whitepaper (PDF) Request Security Review