Six pillars of platform security.
Every layer of the platform is built to a single security standard. There is no premium tier of protection. Every builder, every project, and every resident benefits from the same baseline.
Multi Tenant Isolation
Each builder operates inside a fully isolated tenant boundary. No data leakage between organisations, projects, or communities is possible by design.
AES 256 Encryption at Rest
All sensitive data is encrypted using the AES 256 standard on every database and storage volume across the platform.
TLS 1.3 in Transit
Every connection between client, server, and gateway uses TLS 1.3 with strong cipher suites and perfect forward secrecy.
Role Based Access Control
Six distinct roles with scoped permissions. Every action is permitted only when role, scope, and context align with policy.
Full Audit Logging
Every meaningful event is logged with actor, timestamp, action, and outcome. Trails are immutable and queryable.
India Data Residency
Data is hosted within India for builders who require local residency. Aligned with the Digital Personal Data Protection Act, 2023.
Six roles. Six scopes. Zero ambiguity.
Every user on the platform operates under a single role with a clearly bounded permission set. The intersection of role and project scope governs every API and UI action.
| Role | Scope | Primary Permissions |
|---|---|---|
| Super Admin | Platform wide | Full platform control, tenant provisioning, system configuration, global analytics |
| Builder Admin | Single project | Project setup, units, residents, staff, billing, compliance reports |
| Chairman / Secretary | Single community | Resident approval, governance polls, official notices, work order oversight |
| Gate Guard | Gate operations | Visitor verification, OTP and QR validation, entry and exit logging |
| Commercial User | Commercial unit | Office access management, staff registration, facility scheduling |
| Resident | Own household unit | Visitor approval, amenity booking, billing, complaints, communications |
The builder owns the data. Always.
REOS is licensed software, not a data brokerage. The builder retains permanent ownership of resident, unit, and operational data. The platform earns through licensing fees and never by selling or analysing community data for third party purposes.
Builder controlled data infrastructure
Data is stored within the builder’s isolated tenant. Export and migration paths are available on request at any time.
No advertising and no data sales
REOS does not host advertising and does not sell, share, or monetise community data with any external party.
Resident consent baked in
Every resident agrees to a clear data policy at onboarding. Visibility, withdrawal, and deletion rights are honoured per the policy.
Right to migrate
Builders can request full data export in standard formats and migrate away from the platform without retention penalties.
Security details, on a call.
Our team can walk through the technical architecture, audit posture, and data handling in depth with your security and compliance leads.