Manor Keeper is built for landlords who need reliable financial tracking. We take security seriously and use industry-standard practices to protect your data. This page explains how we handle bank connections, what data we store, and our approach to encryption and security.
Bank connections through Plaid
We never see or store your bank login credentials. Manor Keeper uses Plaid, a trusted third-party service used by Venmo, Betterment, and thousands of other financial apps, to connect to your bank.
When you connect a bank account:
- You authenticate directly with your bank through Plaid's secure interface
- Your username and password never pass through Manor Keeper's servers
- Plaid provides Manor Keeper with a secure access token that allows us to fetch transaction data
- We only receive read-only access to transaction history — we cannot move money or change account settings
- You can revoke access at any time by disconnecting the bank account in Manor Keeper or through your bank's security settings
What we receive from Plaid: Transaction descriptions, amounts, dates, and account balances. We use this data to automatically categorize expenses and populate your financial reports.
Data we store
Manor Keeper stores the information you need to manage your rental properties:
- Account information: Your name, email, password (hashed and salted), and account preferences
- Property data: Property addresses, unit details, lease terms, and tenant contact information you enter
- Financial records: Transaction history (imported or manually entered), categorizations, receipts, and reports you generate
- Plaid tokens: Encrypted access tokens that allow us to sync transactions from connected banks
- Usage data: Basic analytics to improve the product and troubleshoot issues (pages visited, features used, error logs)
What we do not store: Bank login credentials, full credit card numbers (payment processing is handled by Stripe), or sensitive documents you don't explicitly upload to Manor Keeper.
Encryption and data protection
Data in transit: All data transmitted between your browser and Manor Keeper's servers is encrypted using industry-standard TLS (HTTPS). This prevents interception by third parties.
Data at rest: We are actively working to enhance our encryption practices:
- Current state: Database stored on secure cloud infrastructure with access controls and regular backups. Passwords are hashed using bcrypt. Plaid access tokens are encrypted.
- Roadmap: We are evaluating database-level encryption and field-level encryption for sensitive data (Social Security numbers if we add that feature, uploaded documents, and additional financial details). We'll update this page as we roll out these improvements.
Access controls and monitoring
- Authentication: Secure password requirements, optional Google OAuth, and session management to keep unauthorized users out
- Authorization: Role-based access ensures you only see data for properties and organizations you own or are invited to
- Monitoring: We log access patterns and monitor for suspicious activity (unusual login locations, failed authentication attempts)
- Staff access: Manor Keeper team members have limited, audited access to production data for support and debugging purposes only
Infrastructure and compliance
Hosting: Manor Keeper is hosted on secure cloud infrastructure with automatic security updates, redundancy, and regular backups. We use reputable providers with SOC 2 and ISO 27001 certifications.
Compliance: We follow best practices for data protection and are committed to transparency:
- HTTPS-only connections in production
- Regular dependency updates to patch security vulnerabilities (via Dependabot and Brakeman)
- Rate limiting on authentication and sensitive endpoints to prevent abuse
- Ongoing security reviews and improvements as the platform grows
Third-party services
Manor Keeper integrates with trusted third-party services to provide key features:
- Plaid: Bank connection and transaction syncing (read-only access)
- Stripe: Payment processing for subscriptions (we don't store full credit card numbers)
- Google OAuth: Optional sign-in via Google (if you choose to use it)
- Cloud hosting providers: Secure infrastructure and database hosting
Each of these services has its own security practices and compliance certifications. We carefully vet our partners and only share data necessary to provide the service.
Your responsibilities
Security is a shared responsibility. To keep your account secure:
- Use a strong, unique password for Manor Keeper
- Enable two-factor authentication on your email account (since password resets go through email)
- Don't share your Manor Keeper login credentials with others
- Review connected bank accounts periodically and disconnect any you no longer need
- Report any suspicious activity or security concerns to us immediately
Incident response
In the unlikely event of a security incident or data breach, we will:
- Investigate and contain the issue immediately
- Notify affected users as required by law and as soon as we understand the scope
- Work with relevant authorities and security experts to address the root cause
- Update this page and our security practices to prevent future incidents
Questions or concerns?
If you have questions about Manor Keeper's security practices or want to report a security vulnerability, please contact us through the support channels in the product or via the contact information on our website. We take all security reports seriously and will respond promptly.
Last updated: June 28, 2026 · For more information about how we handle personal data, see our Privacy Policy.