How we protect your data
All data is stored on Supabase-managed infrastructure hosted on AWS in the eu-west-2 (London) region. Your data never leaves the European Union.
| Layer | Standard |
|---|---|
| Data in transit | TLS 1.3 on all connections |
| Data at rest | AES-256 encryption (Supabase/AWS managed keys) |
| File storage | AES-256 encrypted S3-compatible storage |
| Passwords | bcrypt hashed, never stored in plaintext |
Every database query is scoped to your account using Supabase Row-Level Security (RLS). This means:
| Control | How it works |
|---|---|
| Data isolation | Each landlord can only see their own data. This is enforced at the database level, not just the application level. |
| Authentication | Supabase Auth with secure session tokens. No passwords are ever transmitted or stored in plaintext. |
| File access | Document storage uses per-landlord path prefixes with authenticated access policies. |
| Admin access | Limited to the founding team. No customer-facing support staff have database access. |
We use Anthropic's Claude AI to process documents and power the chat assistant. Here is exactly what is and isn't sent to the AI:
Sent to AI
Never sent to AI
Anthropic does not train on your data
Under our commercial agreement with Anthropic, your data is processed only to generate a response and is not used to train or improve AI models. Anthropic's data processing terms comply with EU/UK GDPR requirements.
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond within 48 hours.
Email: security@propertyai.app
Please do not publicly disclose vulnerabilities before we have had a chance to investigate and fix them.
Questions about our security practices?