EasyInspect handles sensitive tenancy records, compliance documentation, and agency data. Security is not an afterthought — it is a core architectural requirement. This page documents every measure in place to protect your agency, your clients, and your data.
Where your data lives, how it moves, and how it is protected at every layer of the infrastructure stack.
All data — inspection reports, property records, tenant information, and user credentials — is stored exclusively on servers located within Australia. No data is transferred or stored offshore.
All communication between your browser, the EasyInspect app, and our servers is encrypted using TLS 1.3. Older, vulnerable protocols (TLS 1.0, 1.1, SSLv3) are disabled.
All data stored in our databases is encrypted at rest using AES-256. Backups are encrypted with the same standard. Encryption keys are managed separately from the data they protect.
EasyInspect enforces HTTPS on all connections with HTTP Strict Transport Security (HSTS) headers, including subdomains. Browsers are instructed to only connect via HTTPS for 12 months.
Security controls built into the application itself to prevent common attack vectors including XSS, CSRF, injection, and automated abuse.
Strict Content Security Policy headers prevent cross-site scripting (XSS) attacks by controlling which scripts, styles, and resources can be loaded. Inline scripts from unknown sources are blocked.
All API endpoints are rate-limited. The agency registration endpoint is restricted to 5 submissions per hour per IP address. Automated abuse attempts are detected and blocked silently.
Multi-layer bot detection is implemented on all public forms, including honeypot fields (invisible traps that only automated bots trigger) and behavioural analysis to distinguish humans from scripts.
All user input is validated at the API layer using strict Zod schemas, then sanitised server-side to strip HTML, script tags, and injection payloads before any data is stored or processed.
Cross-Site Request Forgery (CSRF) protection is implemented using the double-submit cookie pattern. State-changing requests are validated to ensure they originate from legitimate EasyInspect sessions.
X-Frame-Options and Content Security Policy frame-ancestors directives prevent EasyInspect pages from being embedded in iframes on malicious third-party sites.
EasyInspect is designed to meet Queensland tenancy legislation requirements and produce documentation that holds up under regulatory scrutiny.
Inspection reports generated by EasyInspect are structured to meet the documentation requirements of the Residential Tenancies and Rooming Accommodation Act 2008 (QLD).
All inspection records include timestamped audit trails, photo evidence metadata, and structured condition reports formatted for use as evidence in QCAT tribunal proceedings.
Entry condition reports are generated in a format consistent with the Form 1a requirements under Queensland tenancy legislation.
Each agency operates in a completely isolated tenant environment. Your data, reports, and property records are never accessible to other agencies. Tenant isolation is enforced at the database layer.
Security is not a one-time implementation. These are the ongoing operational practices that keep EasyInspect secure as the platform evolves.
Database backups are performed daily with a 30-day retention period. Backups are stored in a separate, geographically isolated location within Australia and tested regularly for integrity.
Suspicious request patterns — including path traversal attempts, SQL injection signatures, and XSS payloads — are logged and flagged for review. Anomalous activity triggers automated alerts.
API keys, database credentials, and third-party integration secrets are managed via environment-level secrets injection. No credentials are stored in source code or version control.
All third-party dependencies are audited for known vulnerabilities. High and critical severity vulnerabilities are patched or overridden as part of the standard development process.
If you discover a security vulnerability in EasyInspect, we ask that you report it responsibly by contacting us directly at [email protected] before any public disclosure. We commit to acknowledging your report within 48 hours and working with you to resolve the issue promptly. We do not pursue legal action against researchers acting in good faith.
SECURITY DOCUMENTATION — LAST REVIEWED MARCH 2026