For tenants
You only ever see your own home. Your data is private, and never sold.
LetTrack is a compliance product — which means false claims about security are a liability we won't take. Everything on this page is either live in the platform today, or clearly labelled as roadmap.
Mapped against ISO 27001:2022, NIST CSF 2.0 and OWASP ASVS. Independent third-party certification is on the pre-launch roadmap below.
You only ever see your own home. Your data is private, and never sold.
A tamper-proof record you can use to prove compliance, later.
Client data is isolated per organisation, and audit-ready by default.
You see only the job assigned to you — nothing else about the property or tenant.
Fourteen controls that are switched on for every customer, today. Each shows the plain-English benefit, the technical detail, and how it maps to recognised frameworks.
Every record knows which organisation, role and user is allowed to touch it — and the database enforces it.
You only ever see the world that belongs to you — your home, your properties, or the job you've been assigned. Row-Level Security is enforced at the database layer (organisation_id + membership), so app bugs can't leak cross-tenant data.
Each role gets exactly the access it needs and nothing more. A 9-role hierarchy is enforced in RLS policies; contractors are scoped to assigned jobs only.
The "you can't see other people's data" rule isn't trusted — it's proven. Around 35 automated RLS contract tests attempt cross-tenant access on every release and must pass before code ships.
Documents are private by default. Right to Rent — the highest-stakes data we hold — gets the strongest lock.
Your files can't be reached by a guessed or shared link. No public storage buckets are used; everything sits in private buckets, with a separate locked store reserved for Right to Rent.
A document link works only for you, and only briefly. Signed URLs are generated by the server after a permission check; raw storage paths are never exposed to the browser.
The most sensitive ID and immigration data gets the strongest lock. Stored in a separate bucket with 5-minute links; share code and date of birth are field-level encrypted via pgcrypto, with a key the application never reads, held in a vault.
If something happens, you can prove what happened — and to whom.
An honest, unchangeable record of who did what — useful for proving compliance. Every change is written to an append-only audit_log; database triggers physically block edits and deletes; records carry actor, organisation, action, entity and changed fields.
Test environments can't accidentally email real people; every real email is logged. Sending is dry-run by default; each delivery is recorded with recipient and status.
What's on the wire is sealed. What grants power lives where the app can't see it.
Everything you send and receive is sealed in transit. HTTPS/TLS is enforced via HSTS (preload) plus hardening headers (CSP, X-Frame-Options DENY, nosniff, Referrer-Policy, Permissions-Policy).
Powerful keys never touch your browser or our application code. Secrets live in server config only; the most powerful database key is restricted to back-office jobs; the Right to Rent encryption key lives in a vault.
Trusted, standard sign-in via Supabase Auth with JWT sessions: email + password (minimum length enforced), magic link, or Google. Two-factor authentication is on the roadmap below.
EU-hosted, under strong data-protection law, with a tight third-party footprint.
Your data sits inside the EU, under strong data-protection law. Hosted on AWS Ireland (EU region) and covered by UK–EU data-protection adequacy. UK residency is on the roadmap if customers require it.
Clear privacy rights, a published privacy policy, defined retention periods, and stated controller/processor positions — LetTrack acts as processor for data uploaded by landlords and agencies. Data-subject-request structures are in place.
Your data isn't sold or scattered across vendors. We use Supabase (data and storage), Resend (email), Stripe (payments, currently off), and Sentry (error alerts). No onward data sharing.
These items are not yet live. They sit on the pre-launch roadmap, and are presented here in full — so you can hold us to them when they ship.
A second lock on your account even if a password leaks.
Data held in the UK, not only the EU, for customers that need it.
Files checked for malware before anyone opens them.
Request deletion or export of your data, and it happens — end-to-end.
DPO appointed, ICO registration, processor agreements signed and tracked.
Confirms an account belongs to the person who owns the email address.
More sensitive fields individually locked, like Right to Rent already is.
Old data removed on schedule; disputed data preserved automatically.
Fast, correct notification if anything ever goes wrong.
Third-party proof, not just our word.
We'd rather have the conversation than oversell. Reach out and we'll walk you through any of the controls above — or the gaps still on the roadmap.