PropIQ Track Security Policy

Last Updated: April 2026

1. Overview

PropIQ implements industry-standard cybersecurity measures to ensure confidentiality, integrity, and availability of all user data.

2. Authentication

• OAuth 2.0 via Google Sign-In
• Session tokens with 24-hour expiration
• No passwords stored
• Server-side validation on every request

3. Encryption

• TLS 1.2+ for all data in transit
• AES-256 for data at rest
• HTTPS enforced on all endpoints

4. Infrastructure

• Enterprise-grade cloud hosting
• Network isolation and firewalls
• DDoS protection
• Automated encrypted backups

5. Application Security

• Input validation and sanitization
• Protection against SQL injection, XSS, CSRF
• Rate limiting on API endpoints
• Regular dependency vulnerability scanning

6. Incident Response

Immediate containment, user notification within 72 hours of confirmed breach, root cause analysis, and post-incident review.

7. Compliance

• Australian Privacy Act 1988 & APPs
• OWASP Top 10 guidelines
• App Store & Play Store security requirements

8. Contact

Report a vulnerability (48-hour response time)