Security

How Rental Guru protects rental operations.

A security overview for account access, role-based dashboards, protected actions, data boundaries, connected apps, event logs, and responsible disclosure.

Last updated: June 14, 2026
This page summarizes Rental Guru's current security posture, operating practices, and responsible disclosure process.

Security Overview

Rental Guru is built for a rental workflow where public discovery and protected operations must coexist. Public visitors can view published listings, while sensitive actions such as applications, messaging, lease activity, maintenance, payments, vendor work, and admin operations require authenticated access and appropriate role permissions.

Our security approach focuses on role-based access, data scoping, secure communication, operational logging, safe integrations, and responsible handling of account and workflow data.

Role-Based Access Control

Rental Guru separates access by role. Tenants, property owners, managers, vendors, admins, and super admins should each see only the dashboards, records, and actions appropriate to their responsibilities.

Frontend menus, dashboard routes, protected actions, API access, and connected app launches should align with the user's role and organization context.

Tenants should only access their own applications, leases, messages, payments, documents, and maintenance requests.

Managers should only access assigned properties, tenants, applications, tours, messages, maintenance, and vendor workflows.

Vendors should only see assigned jobs, authorized bid opportunities, job messages, proof uploads, and payout-related task status.

Admins and super admins receive broader visibility for operations, monitoring, audit, support, and governance.

Authentication and Account Protection

Protected Rental Guru workflows require login. Authentication helps ensure that sensitive actions are tied to a known account and that dashboard information is not exposed to public visitors.

Users are responsible for safeguarding their login credentials, using strong passwords, limiting shared devices, and reporting suspected account compromise promptly.

Never share passwords, session tokens, API keys, or private login links.

Use unique credentials for Rental Guru and avoid reusing passwords across services.

Administrators should remove access when a team member no longer needs it.

Data Scope and Privacy Boundaries

Security is not only about login; it is also about making sure users see the correct data. Rental Guru workflows are intended to keep tenant, property, vendor, application, lease, payment, message, and maintenance records scoped to the correct account, property, organization, or assignment.

Direct URL access should not expose data outside the user's permissions. If a user attempts to open a restricted page or action, the product should respond with a clean permission or login message rather than raw system errors.

Secure Integrations and Connected Apps

Rental Guru may connect to internal modules and external service providers for operations such as messaging, maintenance routing, data import, AI assistance, documents, maps, payments, analytics, or event delivery.

Integration security depends on validating the source, limiting what data is sent, protecting credentials, recording delivery status, and preventing normal users from accessing internal operational systems directly.

Internal apps should be hidden from normal users unless their role explicitly allows access.

Gateway and audit records should preserve traceability for important cross-app events.

Secrets and API keys should be stored securely and never exposed in frontend code or public reports.

Monitoring, Logging, and Audit Trails

Rental operations need traceability. Rental Guru may keep logs for authentication activity, workflow events, application status changes, tour requests, maintenance updates, vendor assignments, message delivery, admin actions, integration delivery, and security diagnostics.

Audit logs help teams understand what happened, who acted, when a change occurred, and whether a workflow was delivered successfully.

Infrastructure, Backups, and Availability

Rental Guru uses operational practices intended to support service availability, backup recovery, secure deployment, monitoring, and issue response. Specific infrastructure controls may vary by environment and deployment configuration.

We monitor platform health, investigate service issues, and maintain recovery practices so rental workflows can be restored quickly when operational incidents occur.

Responsible Disclosure

If you believe you have found a security vulnerability, please report it responsibly through the contact page. Do not access, modify, delete, copy, disclose, or disrupt data that does not belong to you.

Reports should include a clear description, affected URL or workflow, reproduction steps, screenshots if safe, and your contact information. Please avoid including passwords, secrets, tokens, or other sensitive values in reports.

Do not test against accounts, tenants, properties, vendors, or organizations you do not own or have permission to access.

Do not perform denial-of-service testing, social engineering, spam, phishing, or data exfiltration.

Give us reasonable time to investigate and remediate before public disclosure.