Back to letter

Security & Data Protection

CPI Escalator is designed to be a trusted tool for property owners and operators. This page describes, in plain language, the general security practices we use to protect access to the Service and handle data responsibly.

Authentication

  • Passwordless sign-in. The Service may support email-based sign-in links and optional third-party sign-in (such as GitHub), depending on configuration. We do not ask you to create or store a CPI Escalator password.
  • Session-based access. Access to account features is tied to an authenticated session. Sessions are intended to be time-limited and may expire automatically.
  • Sensitive actions are validated. Where applicable, access to sensitive actions (for example, account-only pages or billing-related actions) is validated using authenticated session context rather than relying only on browser state.

Payments & billing

  • Third-party payments. If payments are enabled, payment processing may be handled by a third-party provider such as Stripe. CPI Escalator does not store full payment card numbers.
  • Access controls. Billing-related flows are designed to require authentication and appropriate authorization checks.

Application & API protection

  • Operational safeguards. We use standard operational safeguards intended to reduce abuse and keep the Service reliable (for example, monitoring and defensive controls where appropriate).
  • Transport security. The Service is intended to be served over HTTPS to protect data in transit.
  • Server-side processing. Core calculations and document generation are designed to run on the server for consistency and integrity.

Administrative access

  • Limited admin access. Authorized administrators may access certain information for operational, security, auditing, or support purposes. Admin access is limited and does not change ownership of your data.

Questions or concerns

If you have security questions or need to report an issue, contact NorthSchema@outlook.com.