Security you can trust.

We protect landlord and tenant data with layered controls, continuous monitoring, and a clear path to report vulnerabilities or incidents.

Platform Security Measures

  • SSL encryption for all data in transit (HTTPS)
  • Secure password storage with salted hashing and session controls
  • Role-based access control with permission restrictions
  • Input validation and protection against common attacks (e.g., SQL injection, XSS)
  • File upload restrictions with malware scanning
  • Infrastructure firewalls, hosting hardening, and network monitoring

Payment Security

All subscription payments are processed securely via Stripe. ManageLet does not store your credit card information on our servers, and all transactions follow PCI-DSS standards.

Data Backup and Recovery

  • Automated daily backups of user data
  • Encrypted, secure storage to prevent unauthorized access
  • Recovery procedures to ensure continuity in case of service disruption

Access Control & Account Security

  • Secure, session-based authentication for all users
  • Admin-level permissions for sensitive operations
  • Multi-device login monitoring and account lockout for suspicious activity
  • Encouragement of strong, unique passwords and two-factor authentication where supported

Responsible Disclosure & Reporting

If you identify a potential security vulnerability or incident, report it as soon as possible. The fastest route is email: security@managelet.co.uk. You can also use the contact form on the website if email is not available.

  • Expected response: We acknowledge reports within 2 business days and provide a progress update within 10 business days.
  • Information to include: Summary, affected URLs or areas, steps to reproduce, impact, and your contact details.
  • Responsible disclosure: Please avoid public disclosure until we have assessed and fixed the issue, and do not access or exfiltrate customer data beyond what is needed to validate the risk.

Breach Notification Commitments

Where required, ManageLet will notify HM Revenue & Customs of security incidents within 72 hours of becoming aware of a breach related to MTD services, and will notify the Information Commissioner's Office within 72 hours of becoming aware of any personal data breach.

Incident Response Process

ManageLet operates a defined incident response process to ensure all security incidents are promptly identified, contained, and investigated. Incidents are assessed for impact, including any involvement of personal data, and escalated internally to a designated security contact responsible for coordinating response and regulatory notifications.

Limitations

ManageLet implements reasonable security measures; however, we cannot guarantee complete protection against all cyber threats, data loss, or unauthorized access. Users remain responsible for safeguarding login credentials and sensitive information.