Group 65Go to Managed App
All Collections
Support & Troubleshooting
Privacy & Security
System Security & Data Privacy

System Security & Data Privacy

If you're wondering about what makes the Managed App so secure and how we handle and protect data privacy this is the place.
Thom Richards avatar
Written by Thom Richards
Updated over a week ago

1. System Security

Managed takes system security very seriously and have invested heavily to make sure system infrastructure & protocol is the best it can possibly be.

Infrastructure:

  • All the information that you use to log in with is encrypted. So even if someone did gain access to the Managed database, they would not be able to see your password and gain access to your account.
  • All data is stored in a securely managed PostgreSQL database on AWS. This means there isn't a single simple database server that someone might forget to back up - it's a completely cloud based instance which is highly available and securely replicated
  • The Managed App is hosted in 3 different geographic locations, so if the Sydney data centre went dark, our site would still be live and protected.
  • Following 12Factor security protocols around database connections and configurations.
  • All access to servers is via UBIKey 2 factor authentication, and location based private keys. No direct access to any server - you must first access an interim secured server shell.
  • Credit card and banking details are tokenised (form of encryption) and are not stored on our database, but rather a PCI DSS compliant vault with our payment gateway. 

2. System design

  • System permissions have been set up very deliberately in a hierarchical structure; agencies are on-boarded by the Managed App on-boarding team, they are not allowed to on-board themselves. From here, the agency admin on-boards property managers and then property managers on-board tenants and landlords. This has been set up this way for better vetting of Managed App users and for better handling of banking information - only a landlord and tenant can enter their own banking details. No one at Managed App or the real estate agency is handling credit card or banking details.
  • Permissions are also agency based - agencies can never see data or pages that belong to another agency.
  • Similarly for properties, one owner can never see another owners properties, tasks or tenants. Even if a tenant or owner has a direct link URL to another property, they won't be able to access it. Users can only access pages on Managed App if they have valid Managed App credentials.

3. Very soon

User authentication

Rather than brute force, hacking occurs more often with fraudulent users. To combat this, Managed App will require 2nd factor authentication (security questions, authenticator apps and text message verification). Additionally Managed App will have more complex password requirements (caps and different character use).

We welcome questions about the security of our system so please don't hesitate to contact us on [email protected] for further information.

Did this answer your question?