Your property portfolio is sensitive. This page tells you exactly what we do to protect it - no vague promises, just the actual measures we've put in place. Neporti is operated by neporti app, a wholly owned subsidiary of DoorES Ltd.
Everything between your browser and our servers is encrypted using TLS 1.2 or higher. If you try to access Neporti over plain HTTP, we redirect you to HTTPS automatically.
Your password is hashed with bcrypt before we store it. We can't see it, we can't recover it, and nobody else can either - not even us.
Your data is stored and processed on servers physically located in the United Kingdom. It doesn't leave without your say-so.
Payments go through Stripe. Your card number, CVV, and expiry date go directly to them - they never pass through our servers.
Every form has a CSRF token - a security check that prevents other websites from submitting forms on your behalf without you knowing.
Logging out clears your session immediately. Remember-me tokens rotate on each use and expire after 7 days.
You can only see your own data. Every property, financial record, compliance certificate, and issue is tied to the account that created it - there's no route through the app to access someone else's data.
Admin accounts have elevated access for operational reasons and are protected by separate credentials. We log admin actions.
We keep our dependency footprint small and review it regularly for known vulnerabilities. Neporti is built on Symfony - a mature, widely-deployed PHP framework with its own dedicated security team and a clear public process for reporting and fixing vulnerabilities.
If there's ever a breach that puts your data at risk, we'll:
If you think you've spotted a security issue in Neporti, please email security@neporti.co.uk before going public with it. We'll acknowledge your report within 2 business days and work with you to fix it. We just ask for a reasonable window to sort things out before any public disclosure.
We don't run a bug bounty programme right now, but if you'd like credit for a responsible disclosure, just say so - we're happy to acknowledge it.
Email us at security@neporti.co.uk.