Bienvenido
Security

Security & privacy

Trust is the product. Here is how we earn it — with audited infrastructure, encryption everywhere, and zero data sales.

ISO 27001 certified infrastructure

Our cloud and database providers are audited to the ISO/IEC 27001 information security standard.

Encrypted databases

All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

No data sales, ever

Bienvenido does not sell, rent, or share resident data with advertisers — period.

WhatsApp verification, not passwords

Every account is tied to a phone number you already trust. No password databases to leak, no credential stuffing, no friction at sign-in. Sessions are short-lived and revocable from your settings.

Encryption at rest and in transit

Databases and backups are encrypted at rest with AES-256. Every connection between the app, our servers and the database uses TLS 1.3. Secrets and tokens are stored in a managed key vault — never in plain text.

ISO 27001 certified providers

Bienvenido runs on cloud and database providers that hold ISO/IEC 27001 certification, with SOC 2 Type II reports on file. Infrastructure is hosted in tier-1 data centers with 24/7 physical security, redundant power and continuous backups.

We store what's needed — nothing more

Names, phone numbers, house assignments and visitor logs. No GPS tracking, no contacts upload, no advertising profiles, no third-party trackers in the app.

Clear role separation

Superadmins manage the neighborhood. House admins manage their household. Residents see only their own house. Row-level security is enforced in the database itself — not just in the app — so a bug in one screen can't expose another house's data.

House creation needs a one-time code

A house can only be created when a superadmin and the first resident verify together with a one-time security code. No one joins your house by mistake, and no one is added without a verified WhatsApp number.

Continuous monitoring and updates

We patch dependencies weekly, run automated vulnerability scans on every release, and monitor logs 24/7 for anomalies. Suspicious sign-in attempts are rate-limited and surfaced to admins.

Our commitment to your community

Your neighborhood's safety depends on trust. We apply the latest industry security practices, work only with certified providers, and treat resident data as if it were our own family's.