Security

Your data security is our top priority

Enterprise-Grade Security

At MXBuildium, we implement industry-leading security measures to protect your property management data. Our multi-layered security approach ensures that your information remains safe, private, and accessible only to authorized users.

Data Encryption

In Transit

  • • TLS 1.3 encryption for all data transmission
  • • 256-bit SSL certificates
  • • Secure API endpoints
  • • HTTPS-only connections

At Rest

  • • AES-256 encryption for stored data
  • • Encrypted database backups
  • • Secure file storage
  • • Regular encryption audits

Infrastructure Security

Cloud Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure with 99.9% uptime SLA. Our servers are distributed across multiple geographic regions for redundancy and disaster recovery.

Network Security

Protected by enterprise-grade firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). Regular vulnerability scanning and penetration testing.

DDoS Protection

Advanced DDoS mitigation to ensure service availability even under attack. Real-time monitoring and automated response systems.

Access Control

Multi-Factor Authentication (MFA)

Required for all accounts, with support for authenticator apps and SMS verification.

Role-Based Access Control (RBAC)

Granular permissions system ensuring users only access data relevant to their role.

Session Management

Automatic session timeout, secure token handling, and anomaly detection.

Audit Logging

Comprehensive logging of all system activities and access attempts.

Compliance & Certifications

SOC 2 Type II

Annual audits verifying our security, availability, and confidentiality controls.

GDPR Compliant

Full compliance with European data protection regulations.

CCPA Compliant

California Consumer Privacy Act compliance for user data rights.

PCI DSS

Payment Card Industry Data Security Standard for payment processing.

Data Backup & Recovery

Your data is automatically backed up multiple times per day, with backups stored in geographically distributed locations. Our disaster recovery plan ensures:

  • Daily automated backups with 30-day retention
  • Point-in-time recovery capabilities
  • Cross-region backup replication
  • Regular backup restoration testing
  • 4-hour Recovery Time Objective (RTO)
  • 15-minute Recovery Point Objective (RPO)

Incident Response

We maintain a 24/7 Security Operations Center (SOC) to monitor, detect, and respond to security incidents. Our incident response process includes:

  1. Immediate detection and alerting
  2. Rapid containment and mitigation
  3. Thorough investigation and root cause analysis
  4. Customer notification within 72 hours
  5. Post-incident review and improvement

Employee Security

All MXBuildium employees undergo:

  • Background checks before hiring
  • Regular security awareness training
  • Signed confidentiality agreements
  • Principle of least privilege access
  • Annual security refresher courses

Third-Party Security

All third-party vendors and service providers are carefully vetted and must meet our security standards. We conduct regular security assessments of all vendors who have access to customer data.

Vulnerability Management

We maintain a comprehensive vulnerability management program:

  • Automated vulnerability scanning (weekly)
  • Annual third-party penetration testing
  • Bug bounty program for responsible disclosure
  • Regular security patches and updates
  • Proactive threat intelligence monitoring

Report a Security Issue

If you discover a security vulnerability, please report it to our security team:

Email: security@mxbuildium.com

PGP Key: Available upon request

Please do not disclose security vulnerabilities publicly until we have had an opportunity to address them.

This security information is current as of November 20, 2025. We continuously improve our security practices and may update this page without notice.