Security & Compliance

How we protect your building's data and why you can sleep soundly.

Isolated multi-tenant architecture

Each building has its own isolated database on our server. Your building's data is not stored together with another building's data and cannot be accessed by other users, regardless of plan.

Authentication & access

  • JWT expiring at 1 hour + 7-day refresh token
  • Passwords hashed with Argon2id (modern standard, GPU-attack resistant)
  • Rate limiting on all public endpoints
  • Audit log for every sensitive action

GDPR compliance

  • Explicit consent on first login
  • Configurable data retention (default 24 months)
  • Full personal data export right
  • Right to erasure ("right to be forgotten") executable from the app

Law 196/2018

  • Meeting notices with all legally required elements
  • Quorum calculated automatically per relevant articles
  • Minutes generated and sealed after each meeting
  • Resolutions archived with timestamp and digital signature

Audit log

Every action in the platform — creating an issue, voting, changing settings — is recorded in the audit log with timestamp, user and IP. The log is append-only (nobody can delete or modify records).

Backup & restore

Automatic daily database backup. Data is stored on EU infrastructure. Full restore in case of incident.

Security headers

  • Strict-Transport-Security (HSTS)
  • X-Frame-Options: SAMEORIGIN
  • X-Content-Type-Options: nosniff
  • Referrer-Policy: strict-origin-when-cross-origin
  • Restrictive Content-Security-Policy
  • Permissions-Policy
  • Cross-Origin-Resource-Policy
  • Cross-Origin-Opener-Policy

Want technical details?

Request a demo and you can put your technical questions to our team directly.

Request demo