Your business data — and your customers’ — is protected by defense in depth, starting at the database.
Every business’s data is walled off at the database level using row-level security — not just app code. The application connects with a restricted, non-owner database role, so one business can never read or write another’s data, even in the event of an application bug.
All traffic is served over HTTPS/TLS. Data is stored on managed, encrypted-at-rest infrastructure, and sensitive fields (such as access codes) are additionally encrypted at the application layer.
Card payments are processed by Stripe and Square. We do not store raw card numbers — payment details are tokenized by the processor. Every amount is recomputed on the server, and payment state changes are race-safe and audited.
Roles within your business control who can see what — including optional masking of customer contact information from limited roles, and per-visit control over whether crews see gate/alarm codes.
Sensitive actions — settings changes, money movements, data resets — are recorded to an audit log so there’s always a trail of who did what.
Your data runs on managed Postgres with automated backups and point-in-time recovery, so it’s protected against accidental loss.
Owners can reset their own business’s test/operational data at any time from Settings → Danger Zone — a tenant-scoped action that shows exactly what will be cleared and kept and requires explicit confirmation. It only ever affects your own business.
Reporting a vulnerability
Found a security issue? Please email eli@trc207.com with the details and we’ll respond promptly. Please don’t publicly disclose until we’ve had a chance to fix it.
See also our Privacy Policy and Terms of Service.