Get the app
Security

Real protection, plainly stated.

We won't claim certifications we don't have. Here's exactly how Ettihad protects a community's money and data.

Sign-in
  • Passkeys — phishing-resistant, no password to leak
  • Multi-factor authentication (MFA)
  • One-time recovery codes for safe account recovery
Permission model
  • Manager-only actions are gated to the manager
  • Residents see their own units and announcements
  • Sensitive actions require explicit confirmation
Secret-ballot voting
  • Individual votes stay private
  • Results are tallied without exposing who voted how
  • Proposals open and close on a clear schedule
Per-community data isolation
  • Each community's data is isolated from others
  • Members only reach the communities they belong to
Audit trail
  • Key actions are logged with who and when
  • Managers can review the history of changes
Storage & limits
  • Data is stored encrypted
  • Rate limiting protects against abuse

Security isn't a checkbox here.

We won't expose the internals — but here's the discipline behind them.

Layers, not a single lock
Phishing-resistant sign-in, per-action permissions, per-community data isolation, encrypted storage, and rate limiting — working together.
Thousands of automated tests
Every release is gated by thousands of automated tests across our platform.
We attack our own system
A dedicated security suite continuously simulates real attacks — auth bypass, account takeover, privilege escalation, data-isolation breaches, and AI prompt-injection.
Guardrails that block mistakes
Automated build checks refuse to ship a money-touching action that isn't audited, or an endpoint that isn't permission-checked.
Your account

Sign in the modern way.

Passkeys, two-factor authentication, one-time recovery codes, and a device list you control — all in the app.

Your account
Your privacy
Your privacy

You decide what neighbors see.

Hide your email or phone number from other residents — your contact details are yours to share.

  • Hide your email from the rest of the community
  • Hide your phone number from the rest of the community
  • Managers can still reach you for what matters
What we don't claim
No certification badges we haven't earned No “end-to-end encryption” marketing No uptime or SLA promises we can't guarantee
Built by a founder from European banking — a career spent building secure, bank-grade payment systems. Security and reliability are where we come from.