Proprietas
Security

Trust by Default. Not by Add-On.

Estates compliance data sits next to legal and clinical data on the sensitivity register. Proprietas is built for that: UK/EU hosting, encryption at rest and in transit, multi-tenant isolation enforced in the data layer, documents parsed in-house, and an audit log on every change. Where we're not yet certified, we say so.

The posture

What's in Place, Today.

Plain facts about how the platform handles your data. Where we're working toward certification, we say so, with no badges we don't hold.
UK / EU Hosting

Your application database runs on Railway (UK London region / EU); uploaded documents live in Cloudflare R2 (EU only); daily encrypted backups are kept 30 days in-region. Data at rest stays in the UK/EU. The few sub-processors that involve US processing (AI extraction, billing, edge delivery) are listed in full on the sub-processors page, each under EU Standard Contractual Clauses and the UK IDTA.

Encryption at Rest & in Transit

TLS in transit. Sensitive personal data such as contractor identifiers and lease tenant details is encrypted at the column level with AES-256-GCM, on top of provider disk and bucket encryption. Documents are served only through short-lived signed URLs (15-minute expiry), never public links.

Documents Parsed In-House; AI Used Sparingly

Every PDF is parsed on our own infrastructure: text extraction and OCR for scanned pages run locally, so the file itself is never sent to any third-party AI. Most documents are then classified and read by deterministic logic with no external AI at all. Only where AI extraction is genuinely needed does the extracted text (never the file or page images) go to Anthropic over TLS, and results are cached so the same content is never re-processed.

Multi-Tenant Isolation, Enforced in the Data Layer

Every record carries an organisation ID and every query is scoped to it; a query for another organisation's data returns zero rows. One customer's data is structurally invisible to another: not policy, plumbing.

Audit Log on Every Change

Every compliance, lease, contractor, work-order and billing write produces an audit event (actor, before, after, IP, user-agent) in the same database transaction as the change itself. Exportable as an audit pack for your insurer, Ofsted, CQC or an ISO auditor.

MFA & Session Security

Multi-factor authentication is mandatory for organisation admins. Sessions are httpOnly, secure, same-site cookies, revocable server-side, and invalidated automatically when a user's role changes.

Least-Privilege Access

Contractors and tenants see only their own jobs and data, enforced at the API guard layer. Internally, production access is limited to the founding team on a least-privilege basis; we formalise and expand these controls as the team grows.

Published Sub-Processors & a Signed DPA

Every third party that touches your data is listed with its purpose, data categories, jurisdiction and transfer mechanism, and we give account admins 30 days' notice before adding one. A signed Data Processing Agreement (UK GDPR Article 28) is part of sign-up, before any personal data is stored.

Built for

Sectors That Carry Real Data-Protection Liability.

Different buyers, same underlying posture. The differences are in tier features (single-tenant deployment, MFA policy), not in the base security model.
MAT Trusts

DfE Cyber Security Standards for Schools expect MFA, encrypted backups and supplier-risk assessment: in place today, with an audit pack that maps to them.

DfE-aligned
cyber standards
Care Home Groups

GDPR Article 32 plus CQC data-protection expectations: published sub-processor list, encryption at rest, a documented retention schedule, and a data-protection contact.

GDPR + CQC
evidence pack
Managing Agents

Per-client data isolation enforced in the data layer. Your client A's data is invisible to client B: not by policy, by query scope.

100%
client data isolation
NHS Trusts

A DSPT-aligned posture: UK/EU hosting, encryption everywhere, audit logging on every change, published sub-processor register. Single-tenant deployment available on Enterprise where a DPIA requires it.

DSPT-aligned
posture

The Questions Every DPIA Asks.

If your procurement pack has a question we haven't covered here, email security@proprietas.app and we'll answer in writing.

Built So the DPO and the Estates Lead Can Sign the Same Document.

14-day trial. UK/EU hosting at every tier, a signed DPA as part of sign-up, and single-tenant deployment available where procurement requires it.

Security & Data Residency | Proprietas