Last updated: September 10, 2025

At Tenantum, safeguarding landlord and tenant data is core to our product. We combine strong encryption, strict access controls, and trusted infrastructure to keep your information safe.

✅ Our Security Practices

Data Encryption

  • Data in transit is protected with HTTPS (TLS 1.2+).

  • Sensitive secrets and credentials are stored encrypted.

  • We use modern hashing for passwords and session tokens.

Authentication & Access Control

  • NextAuth handles secure sign-in, session management, and token rotation.

  • Role-based access (Owner, Tenant) follows least privilege.

  • Configurable session timeouts and device/session revocation.

Infrastructure Security

  • App hosting on Vercel with global edge network, isolation, and automatic patches.

  • Static assets and selected workloads hosted on Hostinger where applicable.

  • Strict environment-variable hygiene; no secrets committed to code.

Payment Security

  • We do not store card details on Tenantum servers.

  • All payments are processed by Paystack and Dodo Payments, which handle PCI-DSS requirements.

  • Webhooks are verified; payment events are audit-logged.

Backups & Resilience

  • Automated database backups and point-in-time recovery (PITR) where supported by our DB provider.

  • Disaster recovery runbooks to minimize downtime.

Monitoring & Logging

  • Centralized logs for auth, billing, and key actions (e.g., lease uploads, payment updates).

  • Alerting on anomalous activity and critical errors.

Privacy & Compliance

  • Personal data is processed according to our Privacy Policy.

  • GDPR/CCPA-aligned controls (export/delete on request) where applicable.

  • Data is not sold or shared with third parties for advertising.

Tenant & Landlord Protections

  • Segregated tenant/landlord views; no cross-property data leakage.

  • Audit trails for sensitive changes (payments, leases, permissions).

  • Optional 2-step verification flows using your identity provider stack.

Sub-Processors (Core)

  • Vercel – Application hosting & edge network.

  • Hostinger – Static hosting / DNS & email services (as applicable).

  • Paystack – Payment processing.

  • Dodo Payments – Payment processing.

We review sub-processors periodically and will update this list when changes occur.

Incident Response

  • Defined triage/severity levels and on-call escalation.

  • Post-incident reviews with remediation tracking.

  • User notifications if legally required.

Responsible Disclosure

If you believe you’ve found a security issue, please email support@tenantum.com. Include reproduction steps and relevant headers/logs. We review and respond promptly. Please avoid public disclosure until we’ve resolved the issue.

Commitments We Don’t Make (to keep things honest)

  • We don’t claim PCI-DSS certification ourselves; our payment partners handle that scope.

  • We don’t claim blanket compliance in every jurisdiction; laws vary. We’ll work with you to meet your obligations.

FAQs

Do you store payment card data?
No. Card data is handled by Paystack and Dodo Payments.

Can I export or delete my data?
Yes—contact us via support@tenantum.com and see our Privacy Policy for details.

Where is my data hosted?
Your app runs on Vercel’s global infrastructure; static assets or DNS/email may use Hostinger, as configured.

Contact

Questions about security? Reach our team at support@tenantum.com

Tenantum Logo

Property management made simple for landlords, property managers, and tenants.

English

PRODUCT

COMPANY

LEGAL

Tenantum © 2025, All rights reserved.