Security
Last updated: 19 June 2026
This page is maintained by EstateVera Ltd to answer common questions about how the EstateVera service handles your information. It is editable content, not an independent certification.
EstateVera handles sensitive landlord and tenant information. Below is a summary of the security controls we currently have in place. This is an honest description of enabled features, not a certification.
Authentication & access
- Email/password and Google sign-in via a managed identity provider.
- Passwords stored as salted hashes — never in plaintext.
- Per-user session tokens with rotation on sign-out.
- Role-based access; users can only see data within their own portfolio.
Data protection
- All traffic encrypted in transit with TLS 1.2+.
- Database and document storage encrypted at rest.
- Row-level security policies enforced at the database layer on every table containing customer data.
- Documents stored in a private bucket and served via short-lived signed URLs.
Platform & hosting
- Cloud-hosted in UK/EU regions where possible.
- Automated daily backups with point-in-time recovery on the primary database.
- Infrastructure managed by our hosting provider with their own SOC 2 / ISO controls — see their public trust pages.
Operations
- Production access restricted to a small number of engineers.
- Application errors are reported to monitoring tools that scrub credentials and access tokens.
- Dependencies are scanned regularly for known vulnerabilities.
Customer responsibilities
Security is shared. Please use a strong unique password, keep your sign-in details private, share access only with people who need it, and remove users who leave your organisation.
Report a vulnerability
Found a security issue? Please email security@EstateVera.app. We acknowledge reports within two working days and won't take legal action against good-faith research that follows responsible disclosure.
