ARentivue·Legal

Security Overview

Effective June 29, 2026

Security is built into Rentivue by design. This overview summarizes the principal safeguards; it is informational and not a contractual commitment.

Authentication

  • Password sign-in with hashing, account lockout, and rate limiting.
  • Optional time-based one-time password (TOTP) two-factor authentication.
  • Session expiration and effective revocation on password change.

Tenant isolation

Every record is scoped to a single company. Queries and operations are filtered by the active company, so one organization cannot read or modify another’s data.

Access control

Role-based permissions are enforced on every server operation; the interface hides what a role cannot do, and the server rejects it regardless. Mutations and sensitive reads are recorded in an immutable audit log.

Encryption

  • Encryption in transit (HTTPS/TLS).
  • Highly sensitive fields encrypted at rest with authenticated encryption (AES-GCM).

File storage

Documents are private by default and delivered through short-lived signed links, never public URLs. Access re-checks permission and confidentiality at delivery time.

Backups

Databases are backed up on a recurring schedule with retention, supporting recovery.

AI safety

AI output is draft-only and requires human review and approval before it is sent or relied upon. See the AI Disclaimer.

Responsible disclosure

If you believe you have found a security issue, please contact us promptly and avoid accessing data that is not yours. We appreciate good-faith reports.

These documents are provided as templates to support launch and are not legal advice. Have qualified counsel review and adapt them before relying on them. Return to sign in.