1. System Security
Managed App takes system security very seriously and feel it’s important to protect your data. We have invested heavily to make sure this is the case.
- Your password is encrypted. So even if someone did gain access to the Managed App database, they would not be able to see your password and gain access to your account.
- All data is stored in a securely managed PostgreSQL database on Amazon AWS. This means there isn't a single simple database server that someone might forget to back up - it's a completely cloud based instance which is highly available and securely replicated
- Managed App is hosted in 3 different geographic locations, so if the Sydney data centre went off line, our site would still be live and protected.
- Following 12Factor security protocols around database connections and configurations.
- Credit card and banking details are tokenised (form of encryption) and are not stored on our database, but rather a PCI DSS compliant vault with our payment gateway.
2. System design
- System permissions have been set up very deliberately in a hierarchical structure; agencies are on-boarded by the Managed App implementations team, they are not allowed to on-board themselves. From here, the agency admin on-boards property managers and then property managers on-board tenants and landlords. This has been set up this way for better vetting of Managed App users and for better handling of banking information
- Permissions are also agency based - agencies can never see data or pages that belong to another agency.
- Similarly for properties, one owner can never see another owners properties, tasks or tenants. Even if a tenant or owner has a direct link URL to another property, they won't be able to access it. Users can only access pages on Managed App if they have valid Managed App credentials.
3. User Authentication
When you use Managed App, you have the option of using 2FA security to better secure your information. This means that even if someone learnt your password, they’d still need access to your phone to get a login code.
4. Forced Logouts
Any inactivity over 15 minutes will cause the system to automatically logout users. This is deliberate, for cases such as shared devices or forgetting to logout within shared / open plan offices or other areas where a user’s device is not physically safe.
5. Internal Controls
Managed App personnel have very strict internal controls. Our team always identify users seeking support, with security questions. Any requests to change passwords or banking details are backed up with two-to-operate procedures enforced with technology and verified with the agency customer.
We welcome questions about the security of our system so please don't hesitate to contact us on [email protected] for further information.