Architecture, verifiable

The security posture institutional buyers verify at the database layer.

Row-level isolation enforced at the database tier, in two dimensions — organization-scope and property-scope. Cross-tenant boundaries cannot be probed. Step-up reverification for high-stakes actions. SHA-256 hash-chain audit log with multi-year retention. KMS envelope encryption with per-org keys. Data-residency selection at signup — US, EU, or APAC. Every layer documented for your auditor, your security review, and your privacy counsel.

Start Free Trial Book a Demo

Data Encryption

All Systems Active

TLS 1.3 · AES-256-GCM

Data in transitTLS 1.3Encrypted

Data at restAES-256Encrypted

Database backupsAES-256Encrypted

File attachmentsAES-256Encrypted

guest_name: ••••••••••
card_last4: ••••
payout_amt: ••••••
↓ Decrypted only at point of use

Payment data handled by Stripe — never stored locally

Key RotationOn Schedule

Rotation intervalEvery 90 days

Next rotationJun 15, 2026

Automated backupsAES-256 · Daily

AES-256 encryption protects every transaction and every record — in transit and at rest. Payment data never touches our servers. Stripe handles it end to end.

Organization Isolation

RLS Active

Portfolio A

12 properties · 4 users

Portfolio B

8 properties · 3 users

Row-Level Security Policy

SELECT * FROM properties
WHERE org_id = auth.org()
AND user_role >= required_role

Every query filtered at database level — not application code

Access Log

SELECT properties — Portfolio A

2s ago

BLOCKED — cross-org access attempt

4m ago

Data isolation happens at the database layer, not the interface. Your tenants, your financials, and your operations exist in boundaries that cannot be crossed — even by us.

app.basepro.io

Audit Log

Today · 24 events

Permission ChangeJust now

Alejandro promoted Maria to Manager role

Financial Edit12 min ago

Maria updated payout for booking #2847

⚙

System1 hr ago

Auto-generated monthly P&L for Portfolio A

Login3 hr ago

Carlos logged in from San José del Cabo · iPhone

All entries cryptographically signed — tamper-proof

Every financial edit, every workflow action, every permission change — recorded, timestamped, and tamper-proof. The record cannot be altered by anyone, including administrators.

app.basepro.io

ENTERPRISE-CO · COMPLIANCE TEAM

SOC 2 Type II readiness · 87% · 47 days to audit

In Progress

Access controls · evidence collectedComplete

Encryption · verifiedComplete

Vendor risk · reviewingActive

Annual penetration test · scheduledPending

Last evidence sync · 14 min ago

GDPR-compliant infrastructure with EU data-residency option. Architecture verifiable by your auditor, your security review, your privacy counsel.

256-bit SSL

GDPR Ready

2FA Enabled

Immutable Audit Logs

The Foundation

Your audit trail is the bedrock your books stand on.

Each financial mutation lands in a hash-chain log. Your committee, your auditor, and your books read from the same source.

Financial Precision Engine

// MONTHLY RECONCILIATION — Portfolio A · 23 bookings · March 2026

→finance.aggregate(portfolio: PORTFOLIO_A, period: MAR_2026, precision: 64-BIT)✓180ms

→banking.reconcile(accounts: [USD_4821, MXN_7293], tolerance: $0.01)✓340ms

→audit.variance.check(expected: $47,200.00, actual: $47,200.00, delta: $0.00)✓2ms

→reports.investor.generate(owners: 3, format: PDF, branding: CUSTOM)✓1.2s

→finance.certify(reconciled: true, precision: BANK_GRADE, signoff: AUTO)✓4ms

// $47,200 reconciled · $0.00 variance · 3 investor statements generated · 64-bit precision

Continuity Monitor

// HEALTH CHECK — System integrity verification · All regions

→backup.verify(last_run: 6h_ago, encrypted: AES-256, size: 4.2GB)✓120ms

→replication.status(primary: US-WEST-2, replica: REGION-SOUTH-1, lag: 12ms)✓12ms

→sla.monitor(current: 99.97%, target: 99.9%, period: ROLLING_30D)✓1ms

→failover.test(scenario: PRIMARY_DOWN, switch_time: 340ms, result: PASS)✓340ms

→recovery.validate(point_in_time: ENABLED, rto: 4min, rpo: 6h)✓80ms

// All systems nominal · 99.97% uptime · failover tested · 6h RPO confirmed

Maintenance Cost Analyser

// COST ANALYSIS — Monthly maintenance · PRP-104, Unit 3B

→costs.collect(work_orders: 12, timestamps: VERIFIED, categories: TAGGED)✓2.1s

→asset.history.export(unit: 3B, range: 24mo, maintenance: COMPLETE)✓450ms

→compliance.bundle(permits: VALID, occupancy: CURRENT, insurance: ACTIVE_POLICY)✓180ms

→maintenance.trend.build(q1: $2,400, q2: $1,800, q3: $2,100, forecast: STABLE)✓60ms

→report.package.seal(docs: 4, work_orders: 12, hash: SHA-256, tamper_proof: true)✓320ms

// Cost report assembled · 12 work orders · 24mo history · SHA-256 sealed · ready for review

Regulatory Compliance Engine

// TRANSACTION PROCESSING — Cross-jurisdiction booking · multi-zone tax

→tax.jurisdiction.detect(property: RESORT_VILLA, guest: FOREIGN_RESIDENT, currency: USD)✓8ms

→tax.local.calculate(vat: AUTO, withholding: AUTO, invoice: REQUIRED)✓12ms

→tax.foreign.withhold(treaty_status: VERIFIED, treaty_rate: 10%, form: QUEUED)✓24ms

→invoice.generate(certified: true, uuid: AUTO, format: SIGNED)✓1.4s

→compliance.adapt(rules_applied: 2_JURISDICTIONS, regulations: 4, conflicts: 0)✓3ms

// 2 jurisdictions · 4 regulations applied · invoice issued · 0 conflicts · fully compliant

Data Sovereignty Validator

// RESIDENCY AUDIT — Verifying data location compliance · All records

→data.residency.scan(records: 14_832, regions: [US-WEST-2, REGION-SOUTH-1])✓3.2s

→encryption.verify(at_rest: AES-256, in_transit: TLS-1.3, key_rotation: 90D)✓180ms

→transfer.audit(cross_border: 0, unencrypted: 0, policy_violations: 0)✓90ms

→data.classify(pii: ENCRYPTED, financial: ISOLATED, operational: STANDARD)✓1.1s

→sovereignty.certify(compliant: true, regions: APPROVED, next_audit: 90D)✓4ms

// 14,832 records verified · 0 policy violations · 0 cross-border leaks · certified compliant

Payment Security Pipeline

// VENDOR PAYMENT — CoolTech MX · Maintenance invoice · $450.00 USD

→payment.tokenize(processor: STRIPE, card_data: NEVER_STORED, pci: COMPLIANT)✓80ms

→vendor.access.verify(vendor: COOLTECH_MX, scope: [ASSIGNED_PROPERTIES_ONLY])✓12ms

→transfer.encrypt(channel: BANK_WIRE, protocol: SIGNED_VERIFICATION, amount: $450)✓240ms

→data.segregate(vendor_view: WORK_ORDERS_ONLY, financial: HIDDEN, pii: BLOCKED)✓6ms

→audit.log(payment: $450, vendor: COOLTECH_MX, method: WIRE, trail: IMMUTABLE)✓2ms

// Payment processed · PCI compliant · vendor scoped · $450 logged immutably

Every dollar accounted for. 64-bit decimal handling means your books reconcile to the penny — investor statements you can trust without a second opinion.

Security Architecture

Eleven controls, in production

Each layer documented and verifiable. The same checks your security team would run.

North America Compliance Focus

SOC-2-aligned controls, US state-level privacy laws (CCPA, CPRA), and USD-native financial precision. Infrastructure hosted in the United States.

Live Now

Start on a foundation you can trust

Every feature, every workflow, every report runs on the same security architecture. Start building on it.