Row-level data isolation
Every record is fenced at the Postgres database with Row-Level Security (forced) — not just hidden in the UI. Your portfolio's data is structurally separated from everyone else's.
Security
Built for your most sensitive numbers.
Your portfolio's books and bank activity are about as sensitive as data gets. Here are the mechanisms that protect them — described plainly, with no certifications we haven't earned.
The mechanisms
How your data stays yours
Multi-factor authentication
Turn on opt-in two-factor authentication (TOTP) with any authenticator app, so a password alone can't open your books.
Immutable audit log
Sensitive changes are recorded append-only, so the history can't be quietly rewritten — what happened stays on the record.
Encrypted in transit & at rest
All traffic runs over TLS/HTTPS, and your data is stored in a managed Postgres (Supabase) with encryption at rest.
Bank connections you control
Bank feeds are read-only via Stripe Financial Connections. We never see or store your online-banking password, and you can revoke access anytime.
Least-privilege roles
Owners, managers, accountants, and external tenant, vendor, and PM portals each see only what their role allows — nothing more.
Your data, exportable anytime
A full export is always one click away. There's no lock-in — your books are yours to take with you.
Preparation, not filing
We never transmit returns to the IRS. We make your books CPA-ready; you and your CPA make the final call.
Infrastructure
Where it runs
Rentals Ledger is hosted on Supabase (managed Postgres) and Vercel. Bank connectivity is handled by Stripe Financial Connections in read-only mode. We're an indie product building in public, and we describe our security the same way: honestly. We don't claim SOC 2, PCI, ISO, or any audit or certification we haven't completed — what you see above are the mechanisms actually in place.
Sensitive numbers, handled with care
Reserve your Founding price for $9 and put your books somewhere built to protect them.