Security & trust

Multi-tenant by design. Isolated by default.

Every company's data is walled off at the database, not just the UI. Built for teams that take a tenant's deposit and an owner's books seriously.

Row-level tenant isolation

Postgres row-level security enforces separation per company on every query — not a filter in the app layer. Verified by a cross-tenant isolation test suite that runs in CI.

Roles & append-only audit log

A seven-role staff taxonomy with building-level scope, so people see only what their role should. Every meaningful action is written to an append-only audit log.

Electronic signatures with evidence

Native e-signing captures the signer, IP, timestamp, and a tamper-evident document hash, with a full signature audit trail and single-use signing links.

GDPR-ready data handling

Role-scoped access, per-company data controls, and support for access and deletion requests, built in for privacy regimes from the start.

Encrypted in transit

TLS everywhere with HSTS. API keys and secrets are stored hashed or in an encrypted vault — never in plaintext.

Managed cloud infrastructure

Runs on managed Postgres and a global edge platform with automated backups. See our sub-processors on the GDPR page.

Disclosure

Found something? Tell us.

We take reports seriously and respond quickly. Email security@propertynow.app with details and we'll get back to you.