Trust & Security

Responsible property service includes responsible data stewardship.

We document the safeguards behind our client portal and operating systems, test changes before release, preserve evidence, and communicate our assurance status without overstating it.

Safeguards in practice

Protection built into how we operate

Security is handled as an operating discipline: access, testing, recovery, accountability, and transparent reporting.

CONTROL 01

Role-scoped access

Portal access is tied to named members, defined roles, property scope, activation dates, expiration, and revocation controls.

CONTROL 02

Protected web sessions

HTTPS, secure cookies, browser security headers, anti-framing rules, and restricted browser capabilities protect portal sessions.

CONTROL 03

Auditable operations

Security controls carry owners, evidence, verification dates, due dates, and a recorded activity history.

CONTROL 04

Secure change process

Locked dependencies, automated tests, linting, vulnerability audits, and production builds are part of the release gate.

CONTROL 05

Encrypted recovery copies

Database and uploaded-file backups are encrypted, retained off site, and governed by a documented recovery procedure.

CONTROL 06

Incident readiness

Documented response procedures cover triage, evidence preservation, containment, recovery, communications, and corrective actions.

Verification record

What we have tested and observed

These results describe the reviewed production release as of July 14, 2026. They are evidence snapshots, not promises that risk can be eliminated.

Automated application testsAuthorization, lifecycle, security hardening, and operating workflows were exercised in the clean release.
185 passing
Dependency vulnerability auditThe reviewed locked dependency set was checked using the package ecosystem's vulnerability audit.
0 reported
Production browser protectionsCSP, HSTS, content-type, anti-framing, referrer, permissions, and cross-origin response policies were observed live.
Verified
Public vulnerability channelOur security contact file is published over HTTPS with a monitored mailbox and future expiration.
Available
Encrypted backup completionA fresh encrypted database and uploaded-file recovery copy was completed before the security schema rollout.
Observed
Assurance status

Clear about what is active—and what is next

We do not display certifications, seals, or audit claims that have not been independently earned.

Security control program
Active

A documented control register, evidence ledger, owners, due dates, and runbooks are operating.

Automated release testing
Active

Dependency audit, lint, unit tests, and production builds are part of the change process.

SOC 2
Readiness underway

No SOC 2 report has been issued. Controls and evidence are being organized for future independent readiness and examination.

Independent penetration test
Planned

No penetration-test attestation is currently claimed. Independent application testing and remediation review remain on the assurance roadmap.

Security certification
None claimed

We will identify the assessor, scope, and report period here if an independent certification or examination is completed.

Responsible disclosure

Concerned about a security issue?

Please send a clear description, affected URL, reproduction steps, and potential impact. Do not access other people's information, disrupt service, or include sensitive data in the report.

Report securely