EU data residency

Core customer databases, ledger assets, and parsing pipelines run exclusively in AWS Region eu-west-3 (Paris, France).

Encryption everywhere

Data is encrypted at rest with AES-256 and in transit with TLS 1.3, meeting European technical requirements.

Isolated workspaces

Each customer's data is segregated by workspace with attribute-based tenancy, so environments stay separate.

Immutable audit trail

Cryptographic logs record interactions, edits, and matching confirmations, so reporting stays defensible.

Cookie-less by design

No tracking, marketing, or behavioural cookies. Local storage is limited to active session authentication tokens.

GDPR alignment

We operate as a European entity under the GDPR, with a designated Data Protection Officer and a signed DPA available.

Infrastructure & hosting

PropertyOne is hosted on Amazon Web Services in eu-west-3 (Paris). Our sovereignty commitment applies to core storage and processing; the limited data shared with subprocessors outside the EU/EEA is covered by the safeguards described in our Privacy Policy.

  • Region: AWS eu-west-3 (Paris, France) for core databases and ledger data.
  • Encryption: AES-256 at rest, TLS 1.3 in transit.
  • Subprocessors: AWS (hosting) and Postmark (transactional email), with international transfers governed by Standard Contractual Clauses. See the Privacy Policy.

Access & data protection

Access to customer data is restricted and role-based. Administrators control who in their organisation can reach a workspace and what they can do, and every action is captured in the audit trail.

  • Authentication: per-user credentials, no shared logins, with administrator-managed permissions.
  • Data ownership: customers own their data; Novola acts as processor under the DPA.
  • Retention & deletion: data is exportable for 90 days after termination, then deleted or anonymized subject to legal retention. See the Privacy Policy.

Incident response

In the event of a personal data breach affecting customer data, we notify affected workspace administrators without undue delay, and in any event within 72 hours of becoming aware where feasible, with the information they need to meet their own obligations as data controller.

Compliance & documentation

For prospects and customers evaluating PropertyOne, the following documents describe how we handle data and what we commit to contractually:

Reporting a vulnerability

If you believe you have found a security vulnerability in PropertyOne, please report it to security@ppty.one. We investigate all legitimate reports and appreciate responsible disclosure. For data protection questions, contact our Data Protection Officer at dpo@ppty.one.