Security & Data Protection

Security Overview

Pickspace is designed to help property managers, owners, tenants and partners operate securely across payments, documents, communications and AI-powered workflows. Security is built into how we engineer, deploy and operate the platform — from infrastructure and access control to how AI features handle inputs and outputs.

Infrastructure Security

Pickspace runs on hardened, managed cloud infrastructure with isolated environments for production, staging and development. Network access to production services is restricted, and administrative changes flow through reviewed deployment pipelines.

Encryption in Transit

All traffic to Pickspace web, mobile and API endpoints is served over TLS 1.2+ with modern cipher suites. Internal service-to-service communication uses authenticated, encrypted channels.

Encryption at Rest

Customer data stored in Pickspace databases, object storage and backups is encrypted at rest using industry-standard algorithms (AES-256 class). Encryption keys are managed by our cloud provider's key management service.

Authentication & Access Control

Pickspace supports secure authentication for end users and internal staff, with password hashing, session management and protections against common credential attacks. Administrative access is limited to authorized personnel.

Role-Based Permissions

Customer accounts can scope access using role-based permissions, so that staff only see the properties, units, leads and documents they need. CRM and admin workflows enforce role checks on every sensitive action.

Admin Controls & Audit Trails

Sensitive administrative actions are logged with actor, timestamp and target, enabling internal review and investigation. Audit-relevant events feed centralized logging.

Payment Security & Tokenization

Pickspace integrates with regulated payment providers and uses tokenization so that raw card numbers and bank credentials are not stored on Pickspace systems. Payment instruments are represented by provider-issued tokens scoped to the originating account.

Payment Data Handling

Payment integrations are designed so that cardholder data is captured directly by the regulated payment provider, tokens are stored in place of sensitive fields, and Pickspace minimizes its exposure to cardholder data.

Data Protection & Privacy

Pickspace is designed to support data-protection requirements drawn from frameworks such as GDPR and U.S. state privacy laws. See the Privacy Policy for details on what we collect and how we use it.

AI Chatbot Abuse Protection

The Pickspace AI chatbot ships with abuse-resistant defaults designed to keep costs predictable and protect downstream LLM providers.

• Per-message size limits to reject oversized payloads before reaching the model
• Per-conversation history limits to bound context size
• Server-side validation of message structure and content
• Spam and suspicious-link filtering on inbound user messages

Rate Limiting & Spam Prevention

Durable per-IP rate limiting protects public AI and form endpoints against flooding. Lead submission flows go through a server-side function with validation; anonymous direct inserts into customer-data tables are not permitted.

Monitoring & Logging

Pickspace centrally collects application, infrastructure and edge logs. Suspicious patterns trigger alerts that are reviewed by the engineering team.

Vendor & Integration Security

We evaluate subprocessors and integration partners (payments, accounting, CRM, AI, email, analytics) for security posture and contractual safeguards before enabling them in production.

Incident Response

Pickspace maintains an internal incident-response process covering detection, containment, customer notification when required, and post-incident review. Suspected security issues should be reported to the contact below.