Security

Boring infrastructure, on purpose

Cleaning operations data is not glamorous, but losing it would ruin someone's month. We treat it accordingly.

Encrypted in transit and at rest

Every request is served over TLS. Data is encrypted at rest by our database provider (Supabase) and file storage backend.

Row-level security on every table

Each tenant's data is isolated by Postgres row-level security policies. Even if application code had a bug, the database refuses cross-tenant reads.

Magic-link auth for clients

Property owners and clients receive single-use, short-lived links instead of passwords. Nothing to remember, nothing to leak.

GDPR-friendly by default

EU-region hosting, an explicit sub-processor list, and a data-export and erase flow built in. See the Privacy Policy for the full breakdown.

Reporting a vulnerability

Found something? Email hola@portalservices.digital and we will reply within one business day. We do not run a paid bounty, but we are grateful and will credit you if you would like.

Security — Zapli