Every action is gated by the user's role. Tenants, staff, branch admins, super admins, and developers see only what they need.

Data is scoped to the branch a user belongs to. Branch admins cannot see other branches' data unless they are the super admin.

Government ID files and KYC documents are stored privately. Only authorised admins can view them.

New tenant accounts unlock only after admin approval, preventing unauthorised access.

Google login is used for tenants. Admin and staff accounts use platform-managed credentials with secure session handling.

Sensitive information like WiFi credentials is shown inside the Tenant App rather than sent over WhatsApp, where it could be forwarded.

Access to sensitive operations such as deletes, KYC viewing, and bulk exports is restricted and logged.