Is customer data isolated by village/home?
- Yes. Each home is isolated as its own tenant in Firestore.
- Access control is enforced by both Firestore rules and server-side token claims.
- Cross-home data access is blocked by default.
Legal Centre
Procurement FAQ
These are direct answers to the most common procurement questions from retirement village operators.
Are passwords and codes stored securely?
- Yes. Passwords, resident PINs, and staff/admin personal codes are stored as salted hashes.
- Authentication endpoints enforce rate limiting and timing-safe credential checks.
- Shared-device sessions include inactivity timeout protection.
Do we get formal legal and security documents before procurement?
- Yes. The Legal Centre includes the Customer DPA, Security Schedule, Support/SLA, Subprocessor Register, Backup Policy, and Monitoring setup.
- These documents are versioned with effective dates for procurement review.
- Security and privacy responsibilities are clearly split between Apworth and the customer operator.
Can we export data if needed?
- Yes. Customer data exports can be provided in machine-readable formats such as JSON or CSV on request.
- Retention and deletion controls are documented in the platform privacy and legal policies.
- Backup and restore objectives are defined, including target RTO and RPO.
What support commitments are provided?
- Paid production support includes severity definitions, response targets, and update cadence.
- The default hosted availability target is 99.5% monthly uptime.
- Critical incidents are handled under the documented incident-response process.