Back to home

Security and compliance

Security and trust | Kaukcio

How Kaukcio protects accounts, rental documents, subscription payments, and digital signing workflows.

June 2, 2026

1. At a glance

Kaukcio handles landlord and tenant data, so security is treated as part of the product rather than an afterthought. The goal is to make access, documents, signing, and subscription payments clear and controllable.

  • Protected actions use two-factor verification.
  • Access to properties, contracts, payment statuses, and documents is checked against landlord and tenant relationships.
  • Private documents are delivered through time-limited download links after access checks.
  • Subscription card collection is delegated to Stripe payment components.
  • Digital signing workflows are supported through a SignatureAPI integration.

2. Account protection and access

  • Users can sign in with email/password, Google, or Facebook.
  • Protected API actions may require two-factor verification, such as one-time codes, PIN flows, or WebAuthn where supported.
  • Sessions have a limited lifetime, and authorization checks are enforced on the backend.
  • Access decisions are based on the landlord-tenant relationship, property, and contract context.

3. Data, documents, and storage

Kaukcio processes data needed to operate the service: account data, contact data, property and rental data, payment statuses, documents, and security-event logs.

  • The service is configured to use HTTPS endpoints.
  • Rental documents are stored in S3-compatible document storage.
  • Private files are not exposed through general public links; access-checked, time-limited links are used instead.
  • Users can request export or deletion of their rental data and documents.

4. Payments

Subscription payments are handled by Stripe. Kaukcio is not designed to store card numbers in its own database; subscription card details are collected through Stripe payment interfaces.

Rent payment features focus on payment statuses, records, and related documents. Where a payment method or automation is not yet available, we do not present it as a completed capability.

5. Digital signing and contracts

Kaukcio supports template-based contracts and uploaded PDF agreements. Digital signing workflows are supported through SignatureAPI, and signed files are returned to Kaukcio document storage.

The exact eIDAS signature level depends on the signing provider configuration and the legal requirements of the specific contract. We only claim a qualified, advanced, or lawyer-approved signature level where that has been separately confirmed.

6. Logging, auditability, and protection

  • The backend uses structured logging and redacts sensitive authentication fields, tokens, passwords, and one-time codes.
  • Audit data is recorded for two-factor verification and signing events.
  • API rate limits help reduce abusive or excessive traffic.
  • Server-side validation checks incoming requests before they are processed.

7. Privacy, GDPR, and subprocessors

Personal data is handled with GDPR and Hungarian data-protection rules in mind. Users can submit access, rectification, deletion, restriction, objection, and portability requests.

  • Key providers include Stripe, AWS/S3-compatible storage, Firebase Hosting/Firestore components, SignatureAPI, and email delivery providers.
  • Processors receive only the data needed to operate the service.
  • For DPA or privacy questions, contact info@kaukcio.hu or support@kaukcio.hu.

8. Backups, incidents, and contact

We build the service so operational errors and security events can be handled. Specific backup, restore, and availability commitments can be discussed for customer requirements where needed.

If you suspect a security or privacy incident, email info@kaukcio.hu or support@kaukcio.hu and include Security in the subject. Please include the affected account, time, screenshots, or log details where available.