Your data is treated like
the financial asset it is.
You trust LandlordIQ with mortgage balances, rental income, expense records, and tax documents. Here's exactly how we protect that data — in plain English, without buzzword padding.
How we protect your data
Six layers of security
Security isn't a single feature — it's built into every layer of how LandlordIQ stores, transmits, and accesses your data.
Encrypted at every layer
Your financial data is encrypted at rest using AES-256 — the same standard used by financial institutions. All data in transit between your browser and LandlordIQ is protected by TLS 1.3. We enforce HTTPS across every endpoint, with no fallback to unencrypted HTTP.
- At rest
- AES-256 encryption
- In transit
- TLS 1.3
- Passwords
- bcrypt hashed, never stored in plaintext
Enterprise-grade cloud infrastructure
LandlordIQ runs on AWS (Amazon Web Services) in the US-East region — the same infrastructure trusted by banks, healthcare organizations, and government agencies. AWS maintains SOC 2 Type II, ISO 27001, and PCI DSS compliance. Your data never leaves US soil.
- Provider
- Amazon Web Services (AWS)
- Region
- US-East (Virginia)
- Compliance
- SOC 2 compliant infrastructure
You only see your own data
LandlordIQ enforces row-level security in the database — every query is scoped to the authenticated user's account. There are no shared database rows between users. It is architecturally impossible to accidentally expose one landlord's data to another.
- Model
- Row-level security (RLS)
- Auth
- JWT + server-side session validation
- API
- Every route verifies resource ownership
Receipts stored in isolated buckets
Every uploaded receipt, lease document, or file is stored in an isolated AWS S3 bucket dedicated to your account. Files are never publicly accessible. When you (or LandlordIQ) needs to display a file, we generate a signed URL that expires in 15 minutes — the file cannot be accessed after that window.
- Storage
- Isolated AWS S3 buckets per account
- Access
- Signed URLs with 15-minute expiry
- Public
- Never — no public file URLs exist
We never see your card details
All payment processing is handled by Stripe — one of the world's most trusted payment infrastructure providers. LandlordIQ never receives, processes, or stores your credit card number, CVV, or bank account details. Stripe handles the entire payment flow and maintains PCI DSS Level 1 compliance.
- Processor
- Stripe (PCI DSS Level 1)
- Card data
- Never seen or stored by LandlordIQ
- We receive
- Subscription status only
Found a vulnerability? Tell us.
We take all security reports seriously. If you discover a potential security issue in LandlordIQ, please report it to us directly before disclosing publicly. We'll investigate promptly, communicate openly, and credit researchers who responsibly disclose valid vulnerabilities.
- security@landlordiq.com
- Response
- Within 24 hours
Full checklist
Everything we do to protect you
All data encrypted at rest with AES-256
All data encrypted in transit with TLS 1.3
Passwords bcrypt-hashed — never stored in plaintext
Row-level database security — users only access their own data
Every API route validates resource ownership before responding
Uploaded files stored in isolated S3 buckets, never public
Signed file URLs with 15-minute automatic expiry
Payment card data never seen or stored by LandlordIQ
Stripe PCI DSS Level 1 certified payment processing
AWS SOC 2 compliant infrastructure
Data hosted exclusively on US servers
Regular security reviews and penetration testing
Responsible disclosure program with 24-hour response
Powered by trusted infrastructure
Found a security issue?
Report it to our security team before disclosing publicly. We respond within 24 hours.
Try LandlordIQ free.
Know your numbers by tonight.
Add your first property in under 2 minutes. No accounting knowledge required, no credit card needed.
Free plan · No credit card · No time limit