Your listings, your sellers, your data — protected.
Showing Bell handles seller contact details, lockbox instructions, and buyer information every day. Here is exactly how it’s protected — in plain English, not a compliance brochure.
Encrypted, everywhere
Everything rides Cloudflare’s global edge network.
HTTPS-only — every connection encrypted in transit
Strict transport security (HSTS) enforced browser-side
Enterprise DDoS protection at the edge
Account security
Sign-in is boring, in the good way.
Passwords hashed with an industry-standard algorithm — never stored readable
Sessions in HttpOnly, Secure, SameSite cookies
Email verification on every new account
Single-use, expiring password-reset links
Rate limits on sign-in, signup, and reset attempts
Secure links, not guessable URLs
Approval and feedback links are cryptographic, not clever.
256-bit random tokens on every approval, manage, and feedback link
Tokens stored only as SHA-256 hashes — a database leak reveals no usable links
Links expire on a schedule and die after use
Lockbox and entry details are shared only after a showing is approved
Hardened in the browser
Defense in depth against web attacks.
Content-Security-Policy on every page
Clickjacking blocked (frame embedding denied)
Cross-origin request forgery rejected at the edge
Account and token pages excluded from caches and search engines
Payments by Stripe
Card data never touches our servers.
Checkout and billing hosted by Stripe (PCI-DSS Level 1)
We store no card numbers — only a subscription reference