Managator

    Enterprise-Grade Security, Built In

    Managator is built with security at its core. Every layer of the platform is designed to protect your data and your tenants' information.

    Authentication & Access Control
    • Two-factor authentication (2FA) via authenticator apps like Google Authenticator and Authy
    • Role-based access control with five distinct permission levels
    • Automatic account lockout after failed login attempts
    • Strong password enforcement with complexity requirements
    • Session management with automatic expiration and invalidation on password changes
    API & Network Protection
    • Rate limiting on all endpoints to prevent abuse
    • Security headers enforced across the platform (HSTS, CSP, X-Frame-Options, and more)
    • All data transmitted over TLS 1.2+ encryption
    • HTTPS enforced on every connection
    Infrastructure Security

    Managator is hosted on the cloud infrastructure powered by Google Cloud Platform:

    • SOC 2 Type II certified, independently audited security controls
    • ISO 27001 certified, international standard for information security management
    • AES-256 encryption at rest for all stored data
    • TLS 1.2+ encryption in transit for all network communication
    • Automatic backups and disaster recovery
    • Infrastructure monitored 24/7
    Data Privacy
    • Tenant and financial data is isolated per organization
    • Session-based authentication, no tokens stored in browsers
    • Password hashing with bcrypt (industry standard)
    • No third-party tracking or data sharing

    AI-Powered, Privacy-First

    Managator's AI features are built with security at their core. Every interaction is protected by multiple layers of safeguards to keep your data safe.

    Data Protection
    • Personal information (emails, phone numbers, SSNs) is automatically stripped before being sent to any AI model
    • Applicant identities are anonymized during AI-assisted triaging
    • AI has no memory between sessions, your data is never retained or used for training
    Access Controls
    • AI management tools are restricted to authorized roles only
    • Every AI interaction is logged with full audit trails, including user, endpoint, timestamp, and token usage
    • Audit logs are available to platform administrators for compliance review
    Input Safeguards
    • Message size and volume limits prevent abuse
    • Prompt injection attacks are actively blocked, the AI will not follow instructions that attempt to override its security rules
    • All user inputs are sanitized before processing
    Scoped Intelligence
    • The AI assistant can only access data within your account, it cannot see or reference other users' information
    • AI cannot execute code, run database queries, or access system internals
    • Responses are limited to property management guidance within your permissions