Your data is safe with us
Your property and financial information is encrypted, isolated, and protected. We take security seriously so you don’t have to worry about it.
Security architecture — built in, not bolted on
Security is not a feature we added after launch. It is woven into every layer of the platform, from infrastructure to application logic. Every design decision begins with the assumption that your data must be protected by default.
Encryption everywhere
All data is encrypted at rest with 256-bit encryption and in transit with modern encrypted connections. Database volumes, backups, and file storage are encrypted using automatically managed keys. No data moves unprotected.
Tenant data isolation
Every organization’s data is isolated through row-level data isolation enforced at the database layer. One tenant’s queries can never access another tenant’s records. Isolation is enforced, not assumed.
Private network architecture
All services run inside a private network with no direct internet exposure. Databases, caches, and internal services are accessible only through private subnets. Public traffic passes through load balancers with advanced threat protection.
Authentication and access control
Identity is the first line of defense. LeaseBase uses secure identity management for authentication, with multiple layers of verification to ensure only authorized users access your data.
Secure identity management
User authentication is powered by industry-standard identity infrastructure using industry-standard authentication protocols. Support for Google SSO, multi-factor authentication, and secure password policies. Access tokens are short-lived and automatically refreshed.
Role-based access control
Every user is assigned a role (owner, tenant, vendor) with permissions scoped to their organization. Custom role claims are injected at token generation, ensuring access is enforced at every API call, not just at the UI.
Multi-factor authentication
MFA adds an additional verification step at login. Even if a password is compromised, unauthorized access is blocked. MFA support is built into the platform and available to all users.
Audit logging
All significant actions are logged with timestamps, user identity, and context. Login events, data access, configuration changes, and administrative actions are captured for accountability and compliance review.
Data protection at every layer
From the moment data enters LeaseBase to where it is stored and backed up, multiple layers of protection ensure nothing is exposed, lost, or accessible to unauthorized parties.
256-bit encryption at rest
All stored data — databases, files, and backups — is encrypted using 256-bit encryption with automatically managed and rotated keys. Even at the storage level, your data is unreadable without authorization.
Encrypted connections in transit
Every connection between your browser and LeaseBase, and between internal services, uses modern encrypted connections. API endpoints enforce HTTPS. Internal service-to-service communication uses encrypted channels within the private network.
Automated backups with point-in-time recovery
Our database performs continuous automated backups with point-in-time recovery. Your data can be restored to any second within the retention window. Backups are encrypted and stored redundantly across multiple availability zones.
No sensitive data in logs
Application logs are scrubbed of personally identifiable information, passwords, tokens, and financial data before being written. Log storage is access-controlled and retained according to defined policies.
Secure, reliable cloud hosting
LeaseBase runs on the same class of cloud infrastructure trusted by financial institutions and healthcare systems worldwide. Every component is designed for high availability, fault tolerance, and security.
Isolated compute environments
Services run on serverless containers with no shared servers. Each microservice runs in its own isolated compute environment. No SSH access, no persistent hosts, no server-level attack surface.
Private network architecture
All backend services, databases, and caches live inside a private network. Security groups and network access controls restrict traffic to only what is explicitly allowed. No public addresses on internal services.
Multi-zone availability
Our database replicates across multiple availability zones for fault tolerance. If one data center has an issue, your service continues uninterrupted. Infrastructure is designed for 99.99% uptime.
Payment security — we never touch card data
Financial transactions demand the highest level of security. LeaseBase delegates all payment processing to a PCI-certified payment infrastructure partner. Your tenants’ card and bank details never pass through or are stored on LeaseBase servers.
Highest-level payment certification
All card data is tokenized directly by our payment partner before it reaches our servers. LeaseBase never stores, processes, or transmits cardholder data. Our partner maintains the highest level of payment security certification, handling billions of dollars annually.
Secure bank transfer processing
Bank account verification and electronic transfers are handled entirely through our payment partner’s infrastructure. Account numbers are tokenized at the source. Payment confirmations and receipts are generated without exposing sensitive details.
LeaseBase never stores card numbers, bank account numbers, or payment credentials on our servers.
Security practices and compliance readiness
Good security is not just about technology. It requires disciplined engineering practices, regular review, and a commitment to continuous improvement. Here is how we operate.
Compliance readiness
LeaseBase is built following industry compliance frameworks for security, availability, and confidentiality. Our infrastructure and processes are designed to meet the requirements for formal compliance certification.
Dependency scanning
Every build pipeline scans dependencies for known vulnerabilities. Container images are scanned before deployment. Critical vulnerabilities block the release pipeline until they are resolved.
Secure development lifecycle
All code changes require peer review. Automated testing runs on every pull request. Infrastructure changes go through plan-and-apply review before deployment. No one person can deploy changes to production without review.
Secrets management
API keys, database credentials, and encryption keys are stored in a managed secrets vault with automatic rotation. No secrets in source code, environment files, or application logs. Access is audited and permission-scoped.
Incident response
Defined incident response procedures ensure rapid detection, containment, and resolution of security events. Monitoring and alerting are active around the clock. Post-incident reviews drive continuous improvement.
Data retention policies
Business records use soft-delete with full audit trails. Data retention follows defined policies aligned with legal and regulatory requirements. You maintain control over your data, including the ability to request export or deletion.
Security is not a checkbox. It is how we build.
Have a security question or need to report a concern? Contact us at security@leasebase.ai