Role-based access
The product is designed around scoped views so users only see records relevant to their role and property access.
Current posture
The platform is being positioned for controlled rollout, not a vague “trust us” launch.
Current product work includes role-specific access, secure sessions, protected file delivery, audit visibility, backup tooling, and operational readiness checks. Production controls still need to be confirmed for each live environment and commercial rollout.
Access and sharing controls
Because the platform holds tenant, owner, contractor, and property-manager records, access control is treated as a core product concern rather than a cosmetic one.
Protected sessions
Secure sign-in, reset flows, account status controls, and scoped access are intended to reduce casual oversharing and stale-account drift.
Operational audit trail
Messages, notices, visits, approvals, exports, uploads, and other sensitive actions are designed to leave a visible operational trail rather than vanishing into side channels.
Backups, recovery, and export
Trust is weaker when recovery is only assumed. TenancyOps is intended to make backup, restore, and export posture visible.
Operational backups
The current product includes backup and restore tooling so recovery can be rehearsed and evidenced instead of treated as a promise only.
Export expectations
Customers should be able to export operational records and use offboarding processes that do not trap them inside unclear ownership.
Current limits
Remote-storage architecture, environment-specific retention, and final production support commitments still need to be confirmed in the live deployment and customer paperwork.
Incident and privacy-breach response
The intended posture is not “incidents never happen.” It is that incidents are handled with an actual response path.
Contain first
Preserve evidence, stop ongoing unauthorised access or disclosure, and identify affected agency and role scope quickly.
Assess impact
Determine what records were affected, whether delivery or sharing reached unintended people, and what remediation is required.
Communicate and record
Record the event, determine notification obligations, and communicate through the privacy/support route instead of improvising under pressure.
Urgency matters
For potentially notifiable privacy breaches, the response path should aim for fast escalation and early notification decisions rather than treating a serious breach like an ordinary support ticket.
Notification privacy
App and email notifications help users act quickly, but they should not leak unnecessary personal detail into lock-screen previews or shared inboxes.
Safer posture
Notify users that an update is available in TenancyOps, then require sign-in to view the detailed record inside the correct role-based scope.
What to avoid
Avoid putting sensitive tenancy, maintenance, or inspection detail into previews that could be seen by the wrong person before the user opens the app.
Support and rollout contact
Security and trust questions should have a clear route before an agency depends on the platform for daily operations.
Current route
Security, privacy, and rollout questions currently route through admin@tenancyops.com.
Production expectation
Before production onboarding, customers should receive named support contacts, privacy contact details, and the customer-specific contract pack.
Important limits
This page is a public summary, not legal advice and not a claim of perfect security. Production controls, data processors, response targets, and contractual remedies still need to be confirmed in the final customer pack and live environment.