Encrypted in transit and at rest
Every request is served over TLS. Data is encrypted at rest by our database provider (Supabase) and file storage backend.
Row-level security on every table
Each tenant's data is isolated by Postgres row-level security policies. Even if application code had a bug, the database refuses cross-tenant reads.
Magic-link auth for clients
Property owners and clients receive single-use, short-lived links instead of passwords. Nothing to remember, nothing to leak.
GDPR-friendly by default
EU-region hosting, an explicit sub-processor list, and a data-export and erase flow built in. See the Privacy Policy for the full breakdown.
Reporting a vulnerability
Found something? Email hola@portalservices.digital and we will reply within one business day. We do not run a paid bounty, but we are grateful and will credit you if you would like.