Skip to content
Close
LOGIN
SEARCH
CONTACT
E-MAIL: sales@propertylm.ai
Sign up
Contact Sales
E-MAIL: sales@propertylm.ai
Sign up
Contact Sales
PropertyLM News Hub

Cyber Security Policy

Updated: December 2 2025

1. Purpose

PropertyLM is committed to providing a secure, resilient, and trustworthy platform for real estate professionals. This Cyber Security Policy outlines the key security principles, technical controls, and operational practices we use to safeguard the confidentiality, integrity, and availability of client data. It reflects our commitment to upholding modern security standards, operating transparently, and continuously strengthening our defence posture as threats evolve.

 

2. Scope

This policy applies to all users of the PropertyLM platform, as well as internal staff, contractors, and approved third-party partners who support the delivery of our services. It covers the full lifecycle of data processed by the platform, including collection, storage, transmission, usage, and deletion, across all infrastructure and cloud environments used by PropertyLM.

 

3. Data We Collect and Process

PropertyLM collects only the minimum personal information required to operate the Service effectively. This typically includes a user’s email address, username, and name, as well as analytics and application logs used to maintain platform performance and security. We do not store payment card information; all financial data processing is handled independently by our PCI-compliant payment partner, Stripe.


All data collected by PropertyLM is processed in accordance with the New Zealand Privacy Act, SOC 2 principles, and industry best practices, ensuring that privacy, security, and responsible data handling remain core to our operations.

 

4. Data Storage and Hosting

All PropertyLM data is stored on enterprise-grade, multi-region cloud infrastructure located in Australian regions. This configuration provides geographic redundancy, high availability, and optimised performance for New Zealand users while ensuring data remains within jurisdictions with strong privacy protections. Our hosting partners operate under internationally recognised security certifications, including SOC 2, ISO 27001, and related frameworks.

 

5. Security Framework and Compliance

PropertyLM aligns its security and operational controls with SOC 2 Type II requirements and follows ITIL best practices for governance, change management, and incident processes. These frameworks guide how we assess risk, monitor systems, apply controls, document processes, and continuously improve our operations. While we may not disclose every internal control publicly, clients can be confident that PropertyLM is built on a mature foundation of security and operational discipline.

 

6. Authentication and Access Control

To ensure strong identity security, PropertyLM requires multi-factor authentication (MFA/2FA) for all users, and supports Single Sign-On (SSO) where available. Password standards follow modern security requirements, and access attempts are monitored for suspicious activity.

Internally, staff access is governed by Role-Based Access Control (RBAC). Access is strictly limited to what is necessary for each role, following the principle of least privilege. Engineering teams may only access systems required for development or troubleshooting. Support teams have limited visibility into customer accounts and only where permission is expressly given. Operational teams manage infrastructure health and uptime but do not have unrestricted access to personal data. All access is logged, reviewed periodically, and revoked when no longer required.

 

7. Vulnerability Management and Patching

PropertyLM operates a proactive vulnerability management program. Critical vulnerabilities, including zero-day threats, are assessed and patched as soon as practicable. Our engineering and operations teams use continuous monitoring tools to identify potential weaknesses at both the operating system and application levels.


Regular dependency checks, security reviews, and code scanning are built into our development lifecycle. Patching follows ITIL-aligned change management processes, ensuring updates are deployed safely, tested thoroughly, and documented appropriately. This approach allows us to maintain a secure platform environment while ensuring continuity for our users.

 

8. Data Encryption and Secure Transmission

All data transmitted between users and the PropertyLM platform is encrypted using modern transport protocols such as TLS 1.2 or higher. Data stored within our systems—including databases, backups, and logs—is encrypted using AES-256 encryption, one of the strongest commercially available standards.


Encryption keys are managed securely using industry-standard key management solutions, and access to those keys is restricted to authorised personnel only.

 

9. Incident Response

PropertyLM maintains a formal Incident Response Plan (IRP) that outlines how security events are detected, triaged, contained, and resolved. While the specifics of this plan are not publicly disclosed for security reasons, it is designed to align with SOC 2 and industry best practices.


If an incident occurs that affects customer data, users will be notified in accordance with legal requirements and our internal response procedures. We maintain a strong audit trail, conduct post-incident reviews, and implement corrective actions to prevent recurrence.

 

10. Backup and Business Continuity

To ensure resilience and data recoverability, PropertyLM follows a 3-2-1 backup model: three copies of data, stored across at least two types of media or systems, with one copy kept off-site or in a separate region.


We maintain nightly full backups and point-in-time recovery capabilities, allowing rapid restoration in the event of data loss or system failure. Backups are encrypted, monitored, and tested regularly as part of our business continuity strategy.

 

11. Shared Responsibility Model

Cybersecurity at PropertyLM is a shared responsibility between internal leadership, operational partners, and platform users. Our CISO oversees governance, compliance, and security strategy, while an external managed service provider (MSP) supports infrastructure, monitoring, and additional security operations. PropertyLM’s engineering team maintains application-level security, and all users are expected to take reasonable precautions such as protecting login credentials, enabling MFA, and complying with the platform’s Acceptable Use Policy.

 

12. User Security Responsibilities

To maintain the security of the overall system, users are expected to follow PropertyLM’s best practices and guidelines. This includes keeping login credentials confidential, enabling MFA (required), notifying us immediately of any suspected compromise, and ensuring that any data they upload or input is handled in accordance with applicable privacy laws. Users play a critical role in the shared defence of the platform.

 

13. Policy Review and Updates

This Cyber Security Policy is reviewed at least annually, or sooner if significant changes occur within our infrastructure, legal requirements, or risk landscape. Updated versions will be published on our website or provided to clients upon request. PropertyLM continually enhances its security posture as new technologies, threats, and best practices emerge.

 

14. Contact Information

For any security inquiries, assessments, or documentation requests, clients may contact:
📧 security@propertylm.ai
📧 support@propertylm.ai

webinar-03-unsplash

TIRED OF DIGGING THROUGH PROPERTY DATA?

Contact the sales team today and we will show you how our platform helps speed up your workflows.