Property Passport UK
Back to Home

Security & Trust

Last updated: 14 January 2026 • Version 1.0

Property Passport UK is designed as a national-scale digital property record. Security, integrity, and auditability are foundational to the platform — not add-ons.

We take the protection of property data, personal data, and system integrity extremely seriously and design our systems in line with modern best practice for regulated digital infrastructure.

Our Security Philosophy

Property Passport UK is built on four core security principles:

  • Least privilege access – users and systems only have access to what they strictly need
  • Defence in depth – multiple independent layers of protection
  • Auditability by default – every meaningful action is logged and traceable
  • Property-centric integrity – the record of the property must remain trustworthy over time

Security decisions are made with the assumption that the platform may be relied upon by homeowners, conveyancers, lenders, surveyors, and public bodies.

Digital Infrastructure Security

Property Passport UK is a cloud-native platform hosted in professionally managed UK/EU data centres operated by industry-leading providers.

Core infrastructure protections include:

  • Secure, access-controlled cloud environments
  • Segregated production, staging, and development systems
  • Encrypted storage at rest using industry-standard encryption (AES-256 or equivalent)
  • Encrypted data in transit using TLS (HTTPS)
  • Environment-level secrets management (no credentials stored in code)

Infrastructure is designed for resilience, redundancy, and availability, with no single point of failure.

Application & Platform Security

Authentication & Access Control

  • Secure user authentication using modern identity standards
  • Role-based access control (RBAC) aligned to user type (owner, buyer, professional, etc.)
  • Permission-based sharing controlled explicitly by the user
  • Session management and protection against common attack vectors

Data Isolation

  • Logical separation of user accounts and property records
  • Strict enforcement of access rules at the database and application layers
  • No "shared" user access — permissions are explicit and auditable

Audit Trails & Activity Logging

Every meaningful action within the platform is logged. This includes (where applicable):

  • Record creation and updates
  • Document uploads and changes
  • Permission grants and revocations
  • Access by authorised third parties
  • System-level events relevant to data integrity

Audit logs are append-only and designed to support transparency, dispute resolution, professional reliance, and regulatory review.

Data Integrity & Property Record Protection

Property Passport UK is designed to preserve the long-term integrity of the property record. Key measures include:

  • Append-only data models for verified or authoritative records
  • Versioning of documents and structured data
  • Clear separation between user-supplied content and verified third-party or public data
  • Safeguards to prevent silent deletion or alteration of historical records

This ensures that the property's history remains reliable, even as ownership changes.

Third-Party & Public Data Sources

Where Property Passport UK displays data sourced from third parties or public bodies (for example, government registries or energy performance data):

  • The data remains governed by the source provider's terms
  • Property Passport UK does not alter authoritative source data
  • Access and display are logged and controlled

Secure Development Practices

Our engineering practices are designed to minimise risk and improve reliability:

  • Code changes reviewed before deployment
  • Separation of duties between development and production environments
  • Dependency management and regular updates
  • Secure configuration of hosting and services

We do not embed credentials, secrets, or private keys in client-side code.

Monitoring & Incident Response

Property Passport UK employs continuous monitoring to detect abnormal activity, including:

  • Application-level error monitoring
  • Infrastructure health and performance monitoring
  • Alerts for suspicious or unexpected behaviour

In the event of a security incident:

  • We act promptly to contain and assess the issue
  • Affected users will be notified where required by law
  • Incidents are reviewed to prevent recurrence

Data Protection & Privacy Alignment

Security controls are designed to support compliance with UK data protection law, including:

  • Protection of personal data against unauthorised access
  • Data minimisation where possible
  • Support for deletion or restriction requests, subject to legal and property-record obligations

For full details, please see our Privacy Policy.

Certifications & Standards (Current & Planned)

Property Passport UK is built to align with recognised security frameworks and standards.

  • We follow principles consistent with ISO 27001 and Cyber Essentials
  • Formal certification will be pursued as the platform scales and as appropriate for the stage of operation
  • We do not claim certifications unless formally obtained

Your Role in Security

Security is a shared responsibility. You should:

  • Use strong, unique passwords
  • Keep your account credentials secure
  • Grant access to third parties carefully
  • Notify us promptly of any suspected unauthorised access

Transparency & Ongoing Improvement

Security is not static. We regularly review and improve our controls as:

  • The platform evolves
  • Usage grows
  • Regulatory expectations develop

Contact & Security Reporting

If you believe you have discovered a security vulnerability or incident, please contact us responsibly:

Email: security@propertypassport.uk

We appreciate responsible disclosure and will investigate all credible reports.