Security Policy

Leasily takes reasonable steps to protect personal information and tenancy records from misuse, interference, loss, unauthorised access, modification, and disclosure. Security controls are designed for a software platform used by landlords, tenants, partners, and support staff.

No online service is absolutely secure. This policy summarises public-facing controls and responsibilities rather than disclosing sensitive internal security details.

Leasily uses authenticated accounts, role-based workspace access, server-side authorisation checks, provider authentication controls, and audit history to help limit access to the records a user is authorised to use.

Users must protect passwords, sessions, email accounts, devices, browser storage, and any authentication factors. You must tell us promptly if you suspect unauthorised account access or misuse.

Leasily relies on specialist providers for infrastructure, database, file storage, authentication, email, payment, signing, monitoring, and related services. We aim to use reputable providers with security controls appropriate to the service they provide.

Payment credentials and mandate setup for payment-enabled workflows are handled by Stripe and banking rails. Leasily stores payment identifiers and status records, not raw bank-login credentials.

Security safeguards may include access restrictions, environment-variable secret management, logging, audit records, provider-level encryption and network protections, rate limits, idempotency controls for payments, circuit breakers for provider outages, and review of high-risk account lifecycle requests.

Staff or support access to operational data is limited to what is reasonably needed for support, security, compliance, investigation, or platform operation.

• Use strong, unique passwords and protect your email account.
• Do not share accounts or invite people who should not access tenancy records.
• Check recipient details before sending documents, notices, payment links, or tenant invitations.
• Download and store critical legal, tax, insurance, tribunal, and tenancy records where required.
• Report suspected security issues, unauthorised access, or mistaken disclosure promptly.

If you believe you have found a security issue affecting Leasily, contact info@leasily.com.au with enough detail for us to investigate. Do not access, copy, change, destroy, disclose, or exfiltrate data that is not yours.