Security & compliance

Architected for stewardship.

HOAxis is the system of record for your community's governance decisions. We treat that responsibility the way we'd want our own association's data treated — with hard isolation, full auditability, and no surprises about where it lives or who can see it.

🔐

Isolation

Schema-per-tenant Postgres

Every HOAxis tenant gets a dedicated Postgres schema. Queries are routed to the right schema by host-resolution middleware before they reach the application code. Cross-tenant SELECTs aren't prevented by application logic — they're refused by the database.

Each tenant: own schema name, own search_path
Per-tenant postgres.js client, per-schema lock keys
Tenant's board credentials cannot reach platform.*
Platform operator session is a separate cookie

📝

Accountability

Immutable audit logs

Every mutation — homeowner action, staff action, system event — appends a row to an audit log with the actor, the entity, the field, and the before/after values. The platform layer keeps a separate audit log of operator actions across tenants. Logs are append-only.

Field-level diffs inside the tenant
Platform-wide log for operator actions
Every API mutation logs an event
Searchable / filterable in the operator console

👤

Identity

Authentication and access control

Staff accounts can enroll in time-based one-time-password 2FA using any authenticator app. Multi-role per user (a Treasurer can also be an ARC Member). Symmetric account lockout on repeated failed sign-ins with admin-clearable counters.

iron-session cookies, secure + httpOnly + sameSite
Per-user TOTP enrollment
Multi-role assignments
Failed-attempt counters + lockout window

📤

Portability

Your data is yours

Standard Postgres. No proprietary file formats. Full CSV + JSON export at any time, including all audit logs. If you ever leave HOAxis, you walk away with everything — and we destroy our copy on request, evidenced in our SOC 2 report.

CSV + JSON export of every table
Includes audit logs
Cancellation deletes within 30 days
No proprietary data formats

🌐

Network

TLS everywhere

Edge-network TLS for all customer traffic. Database connections require TLS (sslmode=require). Service-to-service calls within our infrastructure use mutual TLS or scoped service tokens.

TLS 1.2+ to the edge
sslmode=require on Postgres
No insecure HTTP fallbacks
Vercel-managed certificate rotation

🧯

Recovery

Backups and incident response

Hosted Postgres providers (Vercel Postgres, Neon, Supabase) provide point-in-time recovery. We document our incident response playbook and notify affected tenants within 72 hours of any confirmed incident — well within most disclosure regulations.

Provider-managed daily backups
Point-in-time recovery (PITR)
Documented incident response plan
Tenant notification within 72 hours

Architecture

How a request from your homeowner reaches your data.

Step 01

Edge TLS

Vercel edge terminates TLS and routes by host.

Step 02

Middleware

Resolves the tenant slug + schema from the host. No DB call on implicit subdomains.

Step 03

Tenant headers

Sets x-hoaxis-tenant-schema; downstream code never touches another tenant.

Step 04

Schema-scoped query

postgres.js client with search_path bound at connection time.

Step 05

Audit append

Every mutation also appends to the tenant's audit log before returning.

Compliance posture

What we're working on, what's already in place.

Schema-per-tenant isolation

Live

Enforced at the Postgres connection level.

Field-level audit log

Live

Tenant audit log + platform audit log.

TLS in transit

Live

Vercel edge + sslmode=require on Postgres.

Encryption at rest

Live

Provided by managed Postgres.

Per-user 2FA (TOTP)

Live

Optional for staff; enforceable by Board policy.

Point-in-time recovery

Live

Provider-managed daily backups + PITR.

Customer-controlled data export

Live

CSV + JSON, including audit logs.

SOC 2 Type II

In progress

Audit window opening 2026; expect issuance late 2026.

Penetration test (annual)

In progress

Scheduled first independent test 2026.

HIPAA BAA

Planned

Not applicable today — HOA data is not PHI.

GDPR / international hosting

Planned

US-only today; EU residency planned for 2027.

Item	Status	Notes
Schema-per-tenant isolation	Live	Enforced at the Postgres connection level.
Field-level audit log	Live	Tenant audit log + platform audit log.
TLS in transit	Live	Vercel edge + sslmode=require on Postgres.
Encryption at rest	Live	Provided by managed Postgres.
Per-user 2FA (TOTP)	Live	Optional for staff; enforceable by Board policy.
Point-in-time recovery	Live	Provider-managed daily backups + PITR.
Customer-controlled data export	Live	CSV + JSON, including audit logs.
SOC 2 Type II	In progress	Audit window opening 2026; expect issuance late 2026.
Penetration test (annual)	In progress	Scheduled first independent test 2026.
HIPAA BAA	Planned	Not applicable today — HOA data is not PHI.
GDPR / international hosting	Planned	US-only today; EU residency planned for 2027.

Need our most recent security questionnaire response, DPA, or subprocessor list? Reach out — we ship those within one business day.

Need the long-form security questionnaire?

We'll fill it out.

Board liability counsel asking for an SBOM, a DPA, a subprocessor list? Reach out — we treat security review as a feature, not a chore.

Request a demo See pricing