Trust
Security at PG360
Last updated: 21 June 2026
Row-level security (RLS)
Every table is protected by Postgres row-level security. Owners and staff can only read their own properties; tenants can only read their own room, bills and complaints. Isolation is enforced in the database, not just the UI.
Data residency — India
Your database, authentication and files are hosted in the Mumbai (ap-south-1) region, keeping data within India for compliance and privacy.
Authentication
Logins are handled by Supabase Auth with securely hashed passwords. Sessions use httpOnly cookies; the service-role key never reaches the browser.
Encryption
All traffic is served over HTTPS (TLS), with HSTS enabled. Payment screenshots and documents are stored privately with scoped access.
Least privilege
Staff get only the access their role needs. Sensitive operations run server-side after an explicit role check.
Report an issue
Found a vulnerability? Please email contact@pg360.software — we take reports seriously and will respond quickly.