// Trust & Security Report
HouseCanary, Inc.
AI-powered real estate data, valuations, analytics, and brokerage platform. Products include: Property valuations and CMAs, Market forecasts and analytics, Property data APIs, Real Estate Agent Solutions (CanaryAI), Customer Engagement Platform for lenders, and 50-state investment property search platform. Operates as a licensed real estate brokerage under HouseCanary and ComeHome brands.
Certifications held
2
Maturity
Enterprise
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on housecanary.com“We undergo annual SOC 2 audits, which demonstrates the effectiveness of our control environment. (Vendor self-attestation on its own blog; the vendor does not use the literal label 'Type II,' but recurring annual audits of the operating effectiveness of the control environment align with a Type II report rather than a point-in-time Type I.)”
Verify on housecanary.com“Our Information Security Management System adheres to the rigorous ISO/IEC 27001:2013 standard. (Vendor states adherence to the standard on its own blog; it does not publish a named certificate, registration number, or accredited certifying body, so this is self-attested alignment rather than a verified third-party certification.)”
> Show 7 unconfirmed / not-held certifications
source: housecanary.comNo public evidence of a SOC 2 Type I report specifically. HouseCanary's own blog states only 'We undergo annual SOC 2 audits, which demonstrates the effectiveness of our control environment' and does not reference a point-in-time Type I report. The prior claim of an 'independent external assessment certifying its customer data management as SOC 2 Type I and II compliant' and of Enterprise-plan SOC 2 reports by request does not appear anywhere on the cited source page.
source: housecanary.comPrivacy policy reviewed (ComeHome Privacy Policy) contains CCPA disclosures but no GDPR-specific language or data processing agreement found in public documentation. No evidence of GDPR-specific compliance framework or adequacy determinations.
source: housecanary.comHouseCanary is a real estate data and analytics platform, not a healthcare provider or covered entity. HIPAA does not apply to this product category. No HIPAA compliance mentioned or required.
No public evidence of PCI DSS compliance certification found. Payment processing compliance not addressed in publicly available documentation.
source: housecanary.comNo public evidence of ISO 27017 certification. Only ISO 27001:2013 mentioned for information security management.
No public evidence of ISO 27018 certification found in vendor documentation.
No public evidence of FedRAMP authorization. HouseCanary serves commercial real estate sector, not U.S. federal agencies.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not specified. No data residency, data center location, or geographic processing information found in public documentation.
No explicit policy found regarding whether customer data is used to train AI models. HouseCanary's APIs are described as available for customers to 'train AI models' but no clarification on whether customer data fed to HouseCanary services trains HouseCanary's own models. Privacy policy makes no mention of AI model training restrictions or customer data usage for model improvement.
// Security controls
Data Encryption
Customer data is encrypted using modern protocols to safeguard privacy (vendor does not publicly specify a key length such as 256-bit)
housecanary.comVulnerability Management
Regular penetration testing identifies and eliminates vulnerabilities in web applications and APIs
housecanary.comIncident Response & Business Continuity
Regular testing of business continuity and incident response plans to ensure minimal disruption during unforeseen events
housecanary.comAVM Quality & Bias Testing
Racial disparate testing conducted monthly to identify disparities across racial demographics; random sample testing and reviews of AVMs; addresses Section 1125 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (AVM regulations)
housecanary.comData Accuracy & Quality Control
Both AI-driven and manual quality control systems, with continuous testing and third-party monitoring to maintain accuracy and reliability (vendor does not publicly specify a quarterly cadence)
housecanary.com// Products & data scope
data: Property data, valuations, CMAs, propensity-to-list data for verified real estate agents
Subscription model with unlimited CMAs, built-in AI assistant. Agents must be verified to access.
data: 136M+ property records with valuations, CMAs, market forecasts, AI-driven analytics. Customizable delivery models.
Enterprise flexibility; used by investors, lenders, investment banks, capital markets firms. Supports API access for custom integrations.
data: 50-state search with customizable investment criteria; property analysis and evaluation tools
Designed for real estate investors to identify and evaluate properties. Proprietary search platform.
data: Loan volume and customer relationship management; digital engagement tools for mortgage lenders and servicers
Used by mortgage servicers for loss mitigation, valuation data, and asset management analytics.
data: Real estate listings, MLS data, consumer-facing home search
HouseCanary operates as a licensed real estate brokerage under ComeHome brand (trade name or subsidiary entity).
data: Property listing data syndication to Google
Integrates with Google's real estate listing platform for property visibility.
// What to watch
- Trust Center page returned 404 - security and compliance details may not be fully public or may require authentication/contact
- Privacy policy (ComeHome version) lacks GDPR-specific language despite apparent international customer base
- No explicit Data Processing Agreement (DPA) found in public documentation - GDPR-required for European customers
- AI training policy is undefined: no public evidence whether customer data is used to train HouseCanary's own AI models; terms state customers can use APIs to train models but no reciprocal restriction mentioned
- Cert claims corrected on QA: vendor's own blog states only 'annual SOC 2 audits' (no explicit Type I or Type II label) and 'adheres to' ISO/IEC 27001:2013 (no published certificate or certifying body). Prior draft's 'independent external assessment certifying SOC 2 Type I and II' and 'SOC 2 reports by request for Enterprise plans' were not found on the source and were removed as fabricated. Treat SOC 2 as Type II-style self-attestation and ISO 27001 as self-attested adherence, not independently verified certifications
- Data residency / geographic processing location not disclosed in public documentation
- No HIPAA, FedRAMP, PCI DSS, or specialized cloud security (ISO 27017/27018) certifications found - may be out of scope for real estate data platform, but worth confirming for specific use cases
- Identity confirmed: HouseCanary, Inc. is a real estate data & analytics vendor operating as licensed brokerage; not conflation risk
// At a glance
Pricing model
Subscription (agents/teams); Enterprise/Custom pricing for data APIs and platform access; pay-per-use available for some APIs
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on HouseCanary, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
housecanary.com