Security

Last updated 21 June 2026

Security and data isolation are core to EstateOps. This page summarises the measures we use to protect your data. Security is continuous, and we keep improving our practices.

Data isolation

The platform is multi-tenant with strict, database-enforced isolation. Row-Level Security ensures each estate can only access its own data, and that residents and service partners see only what their role permits (for example, a partner sees only the jobs assigned to them).

Access control

• Role-based access (admin, manager, resident, service partner) governs every action.
• Sensitive operations are enforced in the database, not just hidden in the interface.
• Administrative access to customer data is on a need-to-know basis and is logged.
• Key changes, such as closing a work order, are stamped with who made them and when.

Encryption

Traffic between your device and the Service is encrypted in transit using HTTPS/TLS. Data is stored with our infrastructure providers using their encryption-at-rest protections.

Infrastructure and payments

• Hosting and content delivery via Vercel; database, authentication and storage via Supabase.
• Payments are handled by Paystack. EstateOps never sees or stores full card details.
• Provider platforms maintain their own backup and resilience measures.

Responsible disclosure

If you believe you have found a security vulnerability, please report it to us privately at privacy@estateops.ng and give us a reasonable chance to investigate and fix it before disclosing publicly. We appreciate responsible reports and will acknowledge them.

Contact

Security questions: privacy@estateops.ng.