Information Security Policy

This policy establishes LandlordPro's commitment to protecting the confidentiality, integrity, and availability of customer data and organizational systems. It defines the security practices, controls, and responsibilities governing how LandlordPro handles sensitive information — including consumer financial data processed through integrations with Stripe and other financial data providers.

This policy is reviewed annually or following any significant security incident or material change to the platform's architecture or data handling practices.

This policy applies to all production systems, infrastructure, data stores, third-party integrations, and customer data operated or processed by LandlordPro, LLC — including data received from Stripe and any other financial or identity data provider.

The Owner, Joshua Hicks, holds sole responsibility for information security decisions, risk assessment, and policy enforcement. Security risks are identified and mitigated through a combination of vendor security controls, infrastructure monitoring, and ongoing platform review.

Access to all production systems — including Supabase, Cloudflare, and Stripe — is restricted to authorized personnel only, protected by strong unique passwords and multi-factor authentication (MFA) where supported by the platform.

At the database layer, Row-Level Security (RLS) policies enforce strict data segregation between customers. No tenant can access another tenant's records. Access to administrative functions is role-scoped and enforced at both the API and database levels.

All data in transit between clients and LandlordPro servers is encrypted using TLS 1.2 or higher, enforced globally via Cloudflare. Unencrypted HTTP connections are rejected and redirected.

Customer data stored within Supabase (PostgreSQL) is encrypted at rest using AES-256 encryption provided by the underlying cloud infrastructure. Sensitive consumer financial data received from the Stripe API is stored exclusively within this encrypted environment and is never written to unencrypted storage.

LandlordPro actively monitors third-party dependencies, platform components, and infrastructure providers for end-of-life (EOL) status and disclosed vulnerabilities. Security advisories from Supabase, Cloudflare, Stripe, and other key vendors are reviewed as published and addressed in a timely manner.

Application dependencies are reviewed and updated on a regular cadence. Deprecated or EOL software components are identified and replaced as part of ongoing platform maintenance.

In the event of a suspected or confirmed security incident involving customer data, LandlordPro will respond systematically:

To report a suspected security issue: support@getlandlordpro.com

Customer data is retained for the duration of the active customer relationship. Upon account termination or a verified deletion request, customer data is removed from production systems in accordance with LandlordPro's Privacy Policy and applicable data privacy laws.

Financial transaction records may be retained longer where required by law (e.g., for tax or audit purposes), consistent with applicable legal obligations.

LandlordPro relies exclusively on industry-leading, compliance-certified infrastructure providers. Each vendor's security program is reviewed prior to integration and monitored for material changes.

LandlordPro maintains a Privacy Policy governing the collection, processing, use, and storage of consumer data. All users must accept the Terms of Service and Privacy Policy prior to using the platform, establishing explicit consent for data collection and processing activities.

Consumer financial data obtained through Stripe Financial Connections is used solely for the purpose of providing the LandlordPro service and is never sold or shared with third parties for advertising or unrelated commercial purposes.