FeaturesOverviewLeasesFinanceMaintenanceTenantsPricingAboutBlogDocs
Sign inFree trial
Security

How we protect your customer data

Your data security is a priority. Here’s what we do to keep your account, documents, and tenant information safe.

Our approach

Security at every layer

From login to file storage to where the app runs, we apply consistent security measures.

Hashed passwords

We never store your password in plain text. All passwords are hashed using industry-standard algorithms so that even we cannot see them. Only you can access your account with your password.

Cloudflare R2 for file storage

Documents and files are stored in Cloudflare R2. R2 is built for durability and performance. Access to files is strictly controlled and never public by default.

Signed, temporary links

When you or your tenants need to download a file, we generate signed, time-limited URLs. Links expire after use or after a short window, so documents cannot be shared or leaked via old links.

Hosted on Railway (Google Cloud)

The togetha application runs on Railway, which is powered by Google Cloud infrastructure. You benefit from enterprise-grade reliability, physical security, and compliance practices used by Google worldwide.

Encryption in transit and at rest

Data is encrypted in transit using TLS. Sensitive data at rest is protected so that your property and tenant information stays confidential.

Ongoing security practices

We follow security best practices, keep dependencies up to date, and design features with privacy and data protection in mind so you can focus on managing properties.

Role-based access control

Team members only see and do what their role allows. Permissions are configurable per user so you control who can manage properties, view finances, or access sensitive data.

Audit logs

We keep a record of who did what and when. Audit trails help you meet compliance requirements and investigate any issues with full visibility into account activity.

Secure sessions

Sessions are protected with secure, HTTP-only cookies and time out after inactivity. You can sign out everywhere from one place if a device is lost or shared.

Rate limiting & abuse prevention

We throttle and block suspicious or excessive requests to protect your account from brute-force attacks, credential stuffing, and other automated abuse.

Regular encrypted backups

Your data is backed up regularly and stored encrypted. We use backups to recover from incidents and to support business continuity.

Two-factor authentication (2FA)

Where supported, you can add a second step to sign-in (e.g. an app or code) so that even if a password is compromised, your account stays protected.

Questions about security?

We’re happy to discuss our security practices or compliance requirements. Get in touch.

Contact usPrivacy Policy