Three layers of protection

Every enterprise buyer asks three questions. Here are the answers.

app.basepro.io

Organization Isolation

RLS Active

Portfolio A

12 properties · 4 users

+8

Portfolio B

8 properties · 3 users

+4
Row-Level Security Policy

SELECT * FROM properties
WHERE org_id = auth.org()
AND user_role >= required_role

Every query filtered at database level — not application code

Access Log
SELECT properties — Portfolio A
2s ago
BLOCKED — cross-org access attempt
4m ago
1
Infrastructure

Your data never shares space with anyone else's.

Every customer's records — properties, financials, workflows — are isolated at the database layer. Not separated at the interface: separated at the query level. Your data cannot be seen, touched, or accidentally leaked to another organisation. Not by another tenant. Not by us.

app.basepro.io

Audit Log

Today · 24 events
A
Permission ChangeJust now

Alejandro promoted Maria to Manager role

M
Financial Edit12 min ago

Maria updated payout for booking #2847

System1 hr ago

Auto-generated monthly P&L for Portfolio A

C
Login3 hr ago

Carlos logged in from San José del Cabo · iPhone

All entries cryptographically signed — tamper-proof
2
Your data

Every action is recorded. None of the records can be changed.

Every financial edit, every permission change, every workflow action creates an entry in an append-only audit log. Entries cannot be edited or deleted — not by administrators, not by our team. Alongside that, a four-role access matrix covers every operational domain: the right people see the right things, and your auditor can verify both.

app.basepro.io

Permission Matrix

4 roles · 13 controls
PermissionSAAdmMgrOps
Manage Properties
Manage Bookings
Manage Finance
Conduct Inspections
Generate Reports
Manage Team
Superadmin permissions immutable at database level
3
Your people

Nothing consequential moves without a named approval.

High-stakes actions — financial approvals, vendor payments, lease changes — require a named authorised user to sign off. Your team proposes; your managers approve. Nothing reaches an owner, a tenant, or a vendor ledger without that sign-off. You decide who has that authority, and the audit log confirms it was used.

Architecture, verifiable

The security posture operators verify before they sign.

See how data isolation, an append-only audit history, and role-based access hold up to an institutional security review. Open, no request required to read.

Data Encryption

All Systems Active
TLS 1.3 · AES-256-GCM
Data in transitTLS 1.3Encrypted
Data at restAES-256Encrypted
Database backupsAES-256Encrypted
File attachmentsAES-256Encrypted
guest_name: ••••••••••
card_last4: ••••
payout_amt: ••••••
↓ Decrypted only at point of use
Payment data handled by Stripe — never stored locally
Key RotationOn Schedule
Rotation intervalEvery 90 days
Next rotationJun 15, 2026
Automated backupsAES-256 · Daily

AES-256 encryption protects every transaction and every record — in transit and at rest. Payment data never touches our servers. Stripe handles it end to end.

256-bit SSL
GDPR-aligned
2FA Enabled
Immutable Audit Logs

Start on a foundation you can trust

Every feature, every workflow, every report runs on the same security architecture. Start building on it.