When you run a portfolio, the data in your management platform isn't just operational — it's financial, it belongs to your owners, and some of it carries legal weight. Before committing to any platform, a reasonable question is: what happens to it?
That question doesn't need a technical answer. It needs three clear, verifiable properties that you, as the operator, can confirm exist and can control.
Here they are.
1. You control who sees what
BasePro uses role-based access control, which means you decide which users can access which parts of your portfolio. A manager you bring in to oversee PORTFOLIO_A sees what you grant them — and nothing you haven't granted.
Consider this scenario: You add MANAGER_1 to PORTFOLIO_A with view-only access to financial records. They can review statements and check reconciliation summaries, but they cannot post transactions or modify records. When MANAGER_1 leaves the organisation, you remove their access. The change takes effect immediately — under a minute from your side. They no longer see anything.
That access lifecycle is entirely in your hands. No IT ticket required. No waiting on BasePro support. You grant, you revoke, you define the boundaries.
2. Every change is recorded
BasePro maintains an audit log that captures every record modification, across every user on your account. The log is non-alterable — entries cannot be edited retroactively. Each record links to the one before it, so the trail is continuous from your first day on the platform.
What this means in practice: if a transaction is updated, you can see who made the change, when they made it, and what the previous value was. If a vendor assignment is overridden, the original assignment and the override both remain in the log. If a question ever comes from an owner about a statement line item, the audit trail is the source of record — not a memory, not a thread in a chat.
You can generate a compliance report that exports a filtered, privacy-ready summary of your audit records for the period you specify.
3. Your data stays in the region you choose
BasePro offers EU and LATAM data residency options. If your regulatory context requires that tenant and financial data remain within a specific jurisdiction, you can select the residency option that matches at the time of account setup. Your data doesn't move regions without your explicit choice.
This matters in environments where data sovereignty is a compliance requirement — GDPR-aligned data handling for EU-based portfolios, and LATAM regional residency for operators whose owners or tenants sit under local data protection frameworks.
BasePro's compliance posture is GDPR-aligned, not certified — and the distinction is an honest one. Alignment means the platform is designed to support your compliance obligations; certification is an ongoing formal audit process. The Trust Center at /platform/security carries the full posture documentation: sub-processors, data processing agreements, and the current state of in-progress certifications.
What you can verify independently
The three properties above are operator-surface facts — things you can confirm and exercise from your account, not promises that require you to trust a marketing claim. You can test the access control system by adding and removing a test user. You can generate an audit export and review what it contains. You can confirm the data residency selection during your onboarding.
For the full security architecture documentation — sub-processors, DPA, compliance posture, and the in-progress certifications — visit the Trust Center.
If you have specific security requirements for your organisation that need a direct conversation, talk to the team.