Three layers of protection
Every enterprise buyer asks three questions. Here are the answers.
Organization Isolation
RLS ActivePortfolio A
12 properties · 4 users
Portfolio B
8 properties · 3 users
SELECT * FROM properties
WHERE org_id = auth.org()
AND user_role >= required_role
Every query filtered at database level — not application code
Your data never shares space with anyone else's.
Every customer's records — properties, financials, workflows — are isolated at the database layer. Not separated at the interface: separated at the query level. Your data cannot be seen, touched, or accidentally leaked to another organisation. Not by another tenant. Not by us.
Audit Log
Today · 24 eventsAlejandro promoted Maria to Manager role
Maria updated payout for booking #2847
Auto-generated monthly P&L for Portfolio A
Carlos logged in from San José del Cabo · iPhone
Every action is recorded. None of the records can be changed.
Every financial edit, every permission change, every workflow action creates an entry in an append-only audit log. Entries cannot be edited or deleted — not by administrators, not by our team. Alongside that, a four-role access matrix covers every operational domain: the right people see the right things, and your auditor can verify both.
Permission Matrix
4 roles · 13 controlsNothing consequential moves without a named approval.
High-stakes actions — financial approvals, vendor payments, lease changes — require a named authorised user to sign off. Your team proposes; your managers approve. Nothing reaches an owner, a tenant, or a vendor ledger without that sign-off. You decide who has that authority, and the audit log confirms it was used.
Architecture, verifiable
The security posture operators verify before they sign.
See how data isolation, an append-only audit history, and role-based access hold up to an institutional security review. Open, no request required to read.
Data Encryption
All Systems Activecard_last4: ••••
payout_amt: ••••••
↓ Decrypted only at point of use
AES-256 encryption protects every transaction and every record — in transit and at rest. Payment data never touches our servers. Stripe handles it end to end.
Start on a foundation you can trust
Every feature, every workflow, every report runs on the same security architecture. Start building on it.
