Security & compliance
Compliance isnβt a checkbox we added later β itβs in the architecture: where your data lives, how itβs scoped, and how every message and role is handled.
Your data is hosted in a Canadian region (ca-central-1) so it stays in the country β a deliberate choice for PIPEDA-aligned handling.
We collect whatβs needed to run your rentals, keep it scoped to your account, and treat personal information in line with PIPEDA principles.
Every commercial email and SMS carries consent tracking and an unsubscribe path β consent is captured and honoured, not assumed.
Tenants, owners, managers, and admins each see only what their role allows β enforced on the server, not just hidden in the UI.
Every record is scoped to your account; cross-account access is a deliberate, audited platform-admin exception β never the default.
Sensitive views and actions are recorded, so thereβs a clear history of who did what and when.
Passwords are hashed, sessions are signed tokens, and email verification plus password reset are built in.
Deposit and rent-increase guidance follows the province β surfaced as tooling to help you stay onside (not legal advice).