Security & Data Residency

Data residency

Production data is hosted in the European Union (EU/EEA). We do not move your rental property data outside the EU for primary processing.

Backups and disaster-recovery copies remain within EU/EEA regions aligned with production.

Encryption

All traffic between your browser and Propria uses HTTPS (TLS).

Data at rest is encrypted on infrastructure volumes managed by our hosting provider.

Passwords are stored using industry-standard one-way hashing — never in plain text.

Access control

Authentication via secure tokens (Sanctum). Sessions can be revoked by administrators.

Role-based access: permissions limit which users can view buildings, payments, documents, or admin settings.

Private document and condition-report storage is not publicly accessible; signed URLs or authenticated API access only.

Bank connectivity

Bank transaction import uses Ponto (Isabel Group). Propria does not store your bank credentials; connection is delegated to Ponto under their security model.

Only transaction metadata needed for reconciliation is retained in Propria.

Operational security

Application dependencies are updated regularly. Security patches are prioritised for production.

Access to production systems is restricted to authorised personnel on a need-to-know basis.

Database access is not exposed to the public internet.

Backups & continuity

Automated backups support point-in-time recovery for operational incidents.

We maintain runbooks for restore and service continuity; RPO/RTO targets depend on deployment tier.

Incident response

Suspected security incidents are investigated promptly. Where GDPR requires, affected customers and the supervisory authority will be notified without undue delay.

Report a vulnerability or concern: info@propria.be

Your responsibilities

Use strong passwords, revoke access for departing staff, and enable least-privilege roles.

Ensure devices used for condition reports and document upload are patched and physically secure.