neporti
Features Compliance For tenants Pricing Contact
Log in Start free
Security

How we look after your data

Last updated: 1 June 2026  ·  Questions? security@neporti.co.uk

Your property portfolio is sensitive. This page tells you exactly what we do to protect it - no vague promises, just the actual measures we've put in place. Neporti is operated by neporti app, a wholly owned subsidiary of DoorES Ltd.

HTTPS everywhere

Everything between your browser and our servers is encrypted using TLS 1.2 or higher. If you try to access Neporti over plain HTTP, we redirect you to HTTPS automatically.

Passwords we can't read

Your password is hashed with bcrypt before we store it. We can't see it, we can't recover it, and nobody else can either - not even us.

Data stays in the UK

Your data is stored and processed on servers physically located in the United Kingdom. It doesn't leave without your say-so.

We never see your card

Payments go through Stripe. Your card number, CVV, and expiry date go directly to them - they never pass through our servers.

Form protection

Every form has a CSRF token - a security check that prevents other websites from submitting forms on your behalf without you knowing.

Sessions that expire

Logging out clears your session immediately. Remember-me tokens rotate on each use and expire after 7 days.

Access control

You can only see your own data. Every property, financial record, compliance certificate, and issue is tied to the account that created it - there's no route through the app to access someone else's data.

Admin accounts have elevated access for operational reasons and are protected by separate credentials. We log admin actions.

Dependencies and code

We keep our dependency footprint small and review it regularly for known vulnerabilities. Neporti is built on Symfony - a mature, widely-deployed PHP framework with its own dedicated security team and a clear public process for reporting and fixing vulnerabilities.

If something goes wrong

If there's ever a breach that puts your data at risk, we'll:

  • Tell the ICO within 72 hours of finding out - as UK GDPR requires.
  • Email affected users as quickly as possible, explaining what happened, what data was involved, and what we're doing about it.

Found a vulnerability?

If you think you've spotted a security issue in Neporti, please email security@neporti.co.uk before going public with it. We'll acknowledge your report within 2 business days and work with you to fix it. We just ask for a reasonable window to sort things out before any public disclosure.

We don't run a bug bounty programme right now, but if you'd like credit for a responsible disclosure, just say so - we're happy to acknowledge it.

Any other questions?

Email us at security@neporti.co.uk.

© 2026 neporti · ICO registered (ZC172855) · Foundations by ouvlo.com
Privacy Terms Security Contact Home