Bank-level security. Built in from day one.
Your property data and financial transactions are protected by the same standards used by Nigerian commercial banks — because your rent income is as valuable as what's in your account.
httpOnly JWT sessions
Session tokens stored in httpOnly, sameSite=strict, secure cookies — immune to XSS attacks. Not accessible from JavaScript.
Organisation-scoped data
Every database query is scoped to your organisation ID. Your tenants, properties, and financials are never accessible to other landlords.
HMAC-verified webhooks
Paystack, Flutterwave, and partner webhooks verified with SHA-256 signatures before processing — no spoofed payment confirmations.
SCUML AML compliance
Fully compliant with EFCC's Special Control Unit against Money Laundering requirements for real estate platforms.
Full audit logging
Every user action — login, data change, payment, approval — is timestamped and permanently logged for compliance and governance.
Rate limiting
Login, OTP, search, and payment endpoints are rate-limited per IP and per user — preventing brute-force and enumeration attacks.
Regulatory compliance
Porchplus is built to meet Nigerian and West African regulatory requirements for property management platforms.
SCUML Registration
Special Control Unit against Money Laundering — mandatory for real estate businesses transacting above CBN thresholds.
NDIC-backed escrow
Security deposits held with NDIC-insured partner financial institutions.
NDPC Data Protection
Nigeria Data Protection Commission compliance — data stored in Nigeria, consent managed, and breach protocols in place.
CBN payment compliance
All payment flows via CBN-licensed payment processors (Paystack, Flutterwave). No unregulated money movement.
Your property business. Fully protected.
Security isn't a feature. It's the foundation.