Security at UnitHub

Encryption

All data transmitted to and from UnitHub is protected with industry-standard encryption:

• 256-bit SSL/TLS encryption on all connections - the same level used by banks
• HTTPS enforced across the entire platform - no unencrypted access allowed
• Encryption at rest for all stored data in our databases
• Secure token storage with encryption for API keys and OAuth tokens

Payment Security

UnitHub uses Stripe for all payment processing:

• PCI DSS Level 1 certified - the highest level of payment security certification
• We never see your card details - card data goes directly to Stripe's secure servers
• Fraud detection powered by Stripe Radar machine learning
• 3D Secure authentication supported for additional verification

Your credit card information is never stored on our servers. All payment data is handled exclusively by Stripe.

Infrastructure Security

UnitHub is built on enterprise-grade cloud infrastructure:

• Supabase - Enterprise PostgreSQL database with row-level security (RLS)
• Vercel - Global edge network with 99.99% uptime SLA
• Automatic backups - Daily database backups with point-in-time recovery
• DDoS protection - Built-in protection against distributed denial of service attacks
• WAF (Web Application Firewall) - Protection against common web vulnerabilities

Data Isolation

Your data is completely isolated from other users:

• Row-level security (RLS) - Database policies ensure you can only access your own data
• Multi-tenant architecture - Complete logical separation between accounts
• Secure authentication - Google OAuth or secure password hashing with bcrypt
• Session management - Secure, HTTP-only cookies with automatic expiration

Access Controls

We implement strict access controls:

• Principle of least privilege - Staff only have access to systems they need
• Audit logging - All administrative actions are logged and monitored
• No shared passwords - Individual accounts for all team members
• Regular access reviews - Periodic review of access permissions

Your Data Rights

You have complete control over your data:

• Data export - Download all your data in machine-readable format anytime
• Account deletion - Delete your account and all associated data permanently
• Data portability - Take your data with you if you leave
• No data selling - We never sell your personal information to third parties

For more information about your privacy rights, see our Privacy Policy.

Compliance

UnitHub is designed to comply with major privacy regulations:

• GDPR compliant - EU General Data Protection Regulation
• CCPA compliant - California Consumer Privacy Act
• Global privacy standards - Designed to meet privacy requirements in the US, UK, EU, Australia, Canada, and beyond

AI Processing Security

Our AI features (lease extraction, maintenance categorization) are powered by OpenAI with security safeguards:

• Data not used for training - Your data is never used to train AI models
• Encrypted transmission - All AI API calls use encrypted connections
• Minimal data exposure - Only necessary information is sent for processing
• No data retention by AI - OpenAI does not retain your data after processing

Report a Security Issue

If you discover a security vulnerability, please report it responsibly:

We appreciate security researchers who help keep UnitHub safe. We will acknowledge receipt within 24 hours and work with you to understand and address the issue.