fourplex
Join Waitlist

Security

How we protect your HOA's data

Security

Last updated: April 22, 2026

A plain-English look at where your data lives, who can see it, and how it's protected.

Your money is handled by Stripe, not us

When members pay dues by credit card or bank transfer, those details go straight to Stripe — the same payment company trusted by companies like Shopify, Lyft, and Peloton. Card numbers and bank account details are never stored on Fourplex servers. Stripe is certified to the highest industry standard for handling payments (PCI DSS Level 1). Stripe's handling of payment data is governed by Stripe's Privacy Policy.

Your data is encrypted

All communication between you and Fourplex is encrypted in transit using HTTPS. All data we store is encrypted at rest using AES-256 — the same encryption standard used by banks and the US government. Sensitive credentials like bank-linking tokens get an additional layer of application-level encryption on top of that.

Everything is hosted in the United States

Fourplex's servers, databases, backups, and payment processing all live in the United States. Your HOA's data doesn't leave the country.

Sign in without passwords, with optional two-factor authentication

We don't store passwords — which means we can't lose them. Sign-in uses a one-time magic link emailed to you. For additional protection, any user — board member or regular member — can enable two-factor authentication in their account settings.

Your HOA's data is isolated from every other HOA

Every HOA on Fourplex has its own space in our database, enforced by the database itself (not just by our app code). Board members see their community's data. Members see what their board has shared with them. Nobody else can access it.

Daily automated backups

Your records are backed up automatically every day, so a mistake or accident never means starting from scratch.

Built on trusted infrastructure

We partner with industry leaders for our core infrastructure, and the providers we rely on maintain SOC 2 Type 2 and PCI DSS certifications — meaning their security practices are independently audited every year. This lets a small team like ours offer the same security posture as much larger companies.

What we don't do

  • We don't sell your data.
  • We don't share your HOA's data with advertisers.
  • We don't store your members' bank account or credit card numbers.
  • We don't display ads on any Fourplex site or inside the app.

Found a security issue? Let us know.

We welcome responsible disclosure from security researchers and customers. Email security@getfourplex.com and we'll respond within two business days.