Airea
How it worksToolsPricingFor businessesSign inLive Demo!
Security

Security overview

Last updated 1 July 2026

Your client and listing information matters. Every claim on this page is true of how Airea is actually built today — we deliberately do not claim certifications we don't hold. Here's how Airea protects your data.

Your data is isolated

Every agent's data is separated at the database level using PostgreSQL row-level security, enforced for the application's restricted database role and tested so that no account can read or write another account's data. Isolation is enforced by the database itself, not just by application code.

Payments are handled by Stripe

Card payments go directly to Stripe (a PCI-DSS Level 1 provider) through their hosted checkout. Airea never sees or stores your card number — we hold only your subscription status and a Stripe reference.

Everything is encrypted in transit

All traffic is served over HTTPS/TLS via Cloudflare, which also provides network-level DDoS protection.

Accounts and sign-in

  • Passwords are hashed with scrypt and a per-password salt — we never store them in plain text.
  • You can sign in with Google or Microsoft (OAuth 2.0).
  • Session tokens are random and hashed at rest; cookies are HTTP-only and secure.
  • Password-reset and invite links are hashed, single-use and expiring.

Access control and auditing

  • Role-based access controls what each user can do.
  • Sign-in attempts and key account actions are recorded in an audit log.
  • Sensitive endpoints are rate-limited.

Backups

Your data is backed up daily and copied offsite, encrypted (AES-256), to Cloudflare R2 — and we've tested restoring from it.

Hosted in New Zealand

Airea is hosted in New Zealand, which keeps your data onshore. Some global providers (Cloudflare, Stripe, Google, Microsoft) process limited data offshore to deliver their part of the service — see our subprocessors list.

Privacy

Airea is built to align with the New Zealand Privacy Act 2020. See our privacy policy and subprocessors list. We do not sell your data or use your content to train external AI models.

Compliance — a straight answer

Airea is a young product. We are transparent about where we are:

  • Payments are PCI-DSS compliant (via Stripe).
  • Built to align with the NZ Privacy Act 2020.
  • We have not yet undertaken SOC 2 or ISO 27001 certification. These are on our roadmap as we grow.

If your agency has specific security requirements, contact [email protected]— we're happy to share detail and complete reasonable security questionnaires.

Reporting a vulnerability

Found a security issue? Please email [email protected]. We'll acknowledge and work with you to resolve it; please don't publicly disclose until it's fixed.

Airea

One listing in, a month of on-brand marketing out. The all-in-one marketing and ops platform for real estate agents. Built by Above the Fold in Aotearoa New Zealand.

Product
How it worksToolsMade in AireaPricing
Get started
Start for $29.95/moRequest a demoSign in
Company
Above the Fold[email protected]Aotearoa New ZealandPrivacy policyTerms of serviceSecuritySubprocessors
© 2026 Airea by Above the Fold. All rights reserved.Turn one listing into a month of marketing.