Features Pricing About Security Contact
Book a demo See pricing

Security

How Opcie protects your rental business data — from architecture decisions to daily operations.

Core principles

Data isolation per business

Every business on Opcie has its own isolated data space. Your customers, assets, rentals, and documents are never mixed with another business — even on the same platform.

Least-privilege access

Users only see and do what their role permits. Permissions are scoped per business, so being an owner of one business doesn't grant access to another.

Explicit actions

Destructive operations require confirmation. Sensitive actions (like deleting a customer or removing a team member) require password re-authentication.

Infrastructure & encryption

Cloud infrastructure

Opcie runs on Google Cloud Platform (Firebase, Cloud Functions, Cloud Run). Data is stored in Firestore and Cloud Storage with Google's infrastructure-level security.

Encryption at rest

All data stored in Firestore and Cloud Storage is encrypted at rest using Google-managed encryption keys by default.

Encryption in transit

All communication between clients (web and mobile apps) and the platform uses TLS encryption. No unencrypted data leaves or enters the system.

Operational safeguards

Authentication

Firebase Authentication handles user identity. Support for email/password and OAuth providers. Session management with automatic token refresh.

  • Re-authentication for sensitive operations
  • Token-based session management
  • Automatic session expiry

Authorization

Firestore Security Rules and Cloud Functions enforce access control server-side. Client-side role checks are always backed by server-side validation.

  • Server-enforced business-level access
  • Role-based permissions (owner, admin, staff)
  • Per-business role scoping

Secure media uploads

Photos, documents, and condition-check images are uploaded through authenticated Cloud Functions with type validation. Direct storage access is not exposed.

Protected deletes

Deleting customers, assets, or business data requires explicit confirmation and, in many cases, re-authentication. Accidental data loss is prevented by design.

What we don't do

  • We don't sell your data or your customers' data
  • We don't share business data between tenants
  • We don't use your business data for analytics, ads, or training
  • We don't expose direct database or storage access to clients
  • We don't allow silent destructive operations — everything is explicit

Questions about security?

If you have specific security requirements or questions about how your data is handled, we're happy to discuss them in detail.

Contact us Privacy policy