1. Our Commitment
Security is foundational to Credaxe. We handle sensitive property management data, resident personal information, and financial records. We take that responsibility seriously and apply industry-standard security practices across our infrastructure, product, and team.
2. Infrastructure Security
- Hosting: Credaxe is hosted on SOC 2-compliant cloud infrastructure with physical security, redundancy, and 24/7 monitoring.
- Encryption in transit: All data between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest: Sensitive data stored in our databases is encrypted at rest using AES-256.
- Network controls: Firewalls, VPCs, and access control lists limit exposure of internal systems.
3. Application Security
- Authentication: Multi-factor authentication is available and encouraged for all accounts. Passwords are hashed using industry-standard algorithms.
- Role-based access control: Permissions are enforced at the data level. Users only see what their role allows.
- PII masking: Resident personally identifiable information can be masked for roles that do not require full access.
- Audit logging: All significant actions within the platform are logged and available to authorized administrators.
- Session management: Sessions expire after inactivity and can be invalidated remotely.
4. Organizational Security
- Background checks are conducted for employees with access to production systems.
- Access to customer data is granted on a need-to-know basis and reviewed regularly.
- Security awareness training is conducted for all team members.
- We maintain an incident response plan and test it periodically.
5. Incident Response
In the event of a security incident affecting your data, Credaxe will notify affected customers within 72 hours of becoming aware of a breach, as required by applicable law. We will provide details of the nature of the incident, data affected, and steps taken to contain and remediate it.
6. Responsible Disclosure
If you discover a potential security vulnerability in Credaxe, we encourage responsible disclosure. Please report it to all@credaxe.com with a description of the issue and steps to reproduce it. Do not exploit the vulnerability or access data beyond what is necessary to demonstrate it.
We commit to:
- Acknowledging your report within 5 business days
- Keeping you informed of our investigation progress
- Not taking legal action against good-faith security researchers
We do not currently operate a bug bounty program, but we do recognize security researchers who help improve the platform.
7. Third-Party Assessments
Credaxe undergoes periodic third-party security assessments. Customers with Enterprise agreements may request access to our security documentation under NDA.