The Building Stack Feature Deep Dive series was designed to help you use our platform at its fullest. In each article, we will put a specific feature of our software under the microscope and explain every single detail to you.

In this article, we will be taking a look at the security measures that were put in place to protect the data you enter into the Building Stack platform.

As a company dealing with a lot of personal data, including banking information, Building Stack has to follow the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) regarding the protection of your information. But to us, data security is more than just something we are forced to do. It is a commitment that we make to safeguard our customers’ information.

Our Privacy Policy describes the way we handle and protect personal information. Here is an overview of what it contains, as well as a breakdown of our security infrastructure.

What do we consider “personal information”?

As per our Privacy Policy, personal information refers to any information that can be used to personally identify an individual. This includes:

  • People’s names and ages
  • Physical and e-mail addresses
  • Work, home and mobile phone numbers
  • Financial information such as credit card and bank account numbers

This definition applies to almost all of the information you input in your Building Stack account.

What Building Stack does

Why we collect your data

The main reason for which we collect personal information is to provide you with the property management user experience, features and support services our platform was designed to offer. However, we may also collect your information for the following purposes:

  • To send you updates, notices, surveys and other information regarding the Building Stack platform
  • To prevent fraud, identity theft or any illegal use of the platform
  • To fix bugs and system issues
  • To settle disputes or assist investigations

Building Stack also collects browsing data such as your IP address, your browser and your operating system. We do this to analyze our platform’s usage and improve our services.

A cookie is a technology that saves information about your browsing activity. Building Stack uses cookies to offer you a better overall experience on our website. For example, you can thank cookies for remembering your login information, allowing you to access your property information faster.

You can refuse cookies by changing your browser settings, but keep in mind that this may prevent you from using certain features of our platform.

How we protect your data

We have put physical, electronic and managerial procedures in place to protect your sensitive information.

Secure servers: Every single bit of information that you input in Building Stack, whether it’s about a property, a tenant, an employee or a lease, is stored on our cloud-based servers hosted by Microsoft Azure.

Local storage: All of our servers are physically located in Canada. This means that your data never leaves the country, and remains under the protection of the PIPEDA.

Backups: We make daily backups of the information stored on Building Stack’s servers, and we also have geo-redundant storage, meaning the data is kept in two different physical locations to prevent loss.

Data encryption: All the data transmitted to and from our servers, including passwords, property information and credit card details, is encrypted using the industry-standard Secure Sockets Layer (SSL) protocol.

Protection of payment information: We work hard with our payment processing partners like Paysafe and Plaid to make sure that your data stays secure at every step of every transaction.

How we share your data

Under certain circumstances, we might share your data with our reliable third parties in order to offer you certain services. Here is what we share with our trusted partners:

  • Payment processors: We may send your payment and bank information to the companies who enable the online payment capabilities of Building Stack.
  • Credit check provider: We send potential tenants’ e-mail addresses to a third party, who will contact them directly to perform a credit check at your request.
  • Listings websites: If you connect your Building Stack account to any listings website, your building and unit details will be shared with your listing account and published on your behalf.
  • Custom websites: All the information you choose to include on your customized Building Stack websites will be published online and publicly available.
  • Legal requirements: We might share some information with the appropriate authorities or government entities, if it is made necessary by a law or court order. 

Do we ever sell your data? No.
Do we ever share your data without your consent? No.
Do we ever use your data for marketing purposes? No.
Do we ever use your data to personally identify individuals? No.
Do we do everything we can to keep your data safe? Yes, at all times.

What you can do

You play a major role in the protection of your own data. The tips and tricks below will help you keep your account information away from malicious use.

Your password: It is the first layer of security for the data on our platform. Your password must have a minimum of 6 characters, including at least one number and one capital letter. Never write your password anywhere, and don’t share it with anyone.

One account, one user: Your Building Stack account is personal, and you should not share it with anyone else. Luckily, you don’t need to: just create a separate account for each member of your organization by sending them an e-mail invitation.

Access management: Building Stack allows you to be in full control of your team’s access to the information. As an administrator, you decide who is allowed to create an account within your company, and you can revoke that access whenever you want. Through the role settings, you can decide exactly what everyone can see and do on the platform.

Tenant access: To some extent, you can also decide how your tenants use the platform. You can choose what documents they are able to view from their portal. You can prevent them from creating tickets, or even block their account altogether if they are being abusive.

Best practices:

  • If you have difficulty remembering your passwords, use a password management application (for example, Apple’s Keychain) that will create and store safe passwords for all your online accounts.
  • Do not leave your computer unattended while you are logged into the Building Stack platform in a public place.
  • Make sure you are using a secure Internet connection before logging into Building Stack.
  • If you are using a shared or public computer, don’t forget to log out of your account when you are done. It is also recommended that you clear the browser’s cache.
  • Be mindful of social engineering. The Building Stack team will never ask you to share your account password by e-mail or on the phone. Do not hesitate to contact our support team if you think you received a fraudulent message from someone who claims to be with Building Stack.

What happens if I delete my account?

Tenant users

Your property manager may retain your personal information on their company account. It will still receive the same security treatment as the rest of our clients’ data. If you want your property manager to remove your information from our servers, contact them directly.

Employee users

Your information could remain on our servers for up to 30 days after the deletion of your account. We can also delete it immediately, at your request. However, please note that we may retain some transactional data for tax and regulatory compliance purposes.

If you have any more questions about Building Stack’s security, do not hesitate to contact our support team at support@buildingstack.com.