Architecture, verifiable

The full security architecture — on request.

See how row-level isolation, step-up reverification, hash-chain audit logging and per-org encryption hold up to an institutional security review. Request the full overview and we'll walk you through it.

Request the full overview Book a demo

Data Encryption

All Systems Active

TLS 1.3 · AES-256-GCM

Data in transitTLS 1.3Encrypted

Data at restAES-256Encrypted

Database backupsAES-256Encrypted

File attachmentsAES-256Encrypted

guest_name: ••••••••••
card_last4: ••••
payout_amt: ••••••
↓ Decrypted only at point of use

Payment data handled by Stripe — never stored locally

Key RotationOn Schedule

Rotation intervalEvery 90 days

Next rotationJun 15, 2026

Automated backupsAES-256 · Daily

AES-256 encryption protects every transaction and every record — in transit and at rest. Payment data never touches our servers. Stripe handles it end to end.

Organization Isolation

RLS Active

Portfolio A

12 properties · 4 users

Portfolio B

8 properties · 3 users

Row-Level Security Policy

SELECT * FROM properties
WHERE org_id = auth.org()
AND user_role >= required_role

Every query filtered at database level — not application code

Access Log

SELECT properties — Portfolio A

2s ago

BLOCKED — cross-org access attempt

4m ago

Data isolation happens at the database layer, not the interface. Your tenants, your financials, and your operations exist in boundaries that cannot be crossed — even by us.

app.basepro.io

Audit Log

Today · 24 events

Permission ChangeJust now

Alejandro promoted Maria to Manager role

Financial Edit12 min ago

Maria updated payout for booking #2847

⚙

System1 hr ago

Auto-generated monthly P&L for Portfolio A

Login3 hr ago

Carlos logged in from San José del Cabo · iPhone

All entries cryptographically signed — tamper-proof

Every financial edit, every workflow action, every permission change — recorded, timestamped, and tamper-proof. The record cannot be altered by anyone, including administrators.

app.basepro.io

ENTERPRISE-CO · COMPLIANCE TEAM

SOC 2 Type II — in progress · target Q1 2027

In Progress

Access controls · evidence collectedComplete

Encryption · verifiedComplete

Vendor risk · reviewingActive

Annual penetration test · scheduledPending

Last evidence sync · 14 min ago

GDPR-aligned · EU data-residency option. Architecture verifiable by your auditor, your security review, your privacy counsel.

256-bit SSL

GDPR-aligned

2FA Enabled

Immutable Audit Logs

Trust Center

Every document your procurement team needs.

Review our legal, security, and compliance posture documents — no gate, no request required. The same audit package enterprise buyers expect.

All systems live

Sub-processors

Every third-party vendor with access to your data — their purpose, what data they see, and where.

Service Level Agreement

Our uptime posture, support response targets, and contractual commitments at the enterprise tier.

Data Processing Agreement

How BasePro handles data on your behalf as a processor — security measures, sub-processor chain, and breach notification.

Acceptable Use Policy

What the platform is for, what it is not for, and how violations are handled.

Accessibility Statement

Our WCAG 2.1 AA posture — keyboard navigation, colour contrast, reduced-motion, and how to report gaps.

Compliance Posture

CFDI, ARCO / LFPDPPP, and GDPR-aligned practices — honest about what is live and what is rolling out.

Terms of Service

The legal terms governing your use of the BasePro platform and related services.

Privacy Policy

What personal data we collect, why, how long we keep it, and your rights under applicable law.

Cookie Settings

Which cookies the site sets, why, and how to manage or opt out of non-essential cookies.

Get notified when our sub-processor list changes.

We provide 30 days advance notice of material changes. One email per change — never marketing.

See the full security architecture

Share a few details and we'll open the complete overview — and set up a walkthrough with our team.

Business-protection deep-dive: financial precision, continuity, insurance and regulatory readiness
Compliance maturity roadmap, layer by layer
Documented for your auditor, security review and privacy counsel