Data Security and Privacy

Snug takes data security and privacy very seriously, with best practice policies and procedures in place. This Data Security and Privacy article should be read in conjunction with our terms published at:  snug.com/terms

 

Given the sensitive information and attachments provided in rental applications, to further reduce risk to real estate businesses and provide a market-leading customer experience, Snug is enhancing features for our clients, customers and rental community. Together we can keep the rental community safe online.

 

Snug has best practices in place:

• Snug systems are password protected and limited to authorised admin users
• Snug renter application data is stored in Australia with Amazon Web Services
• Snug customer data is encrypted so can not be read by unauthorised parties
• Snug has data backup redundancy and best practice technical controls for access
• Snug keeps audit and log records to detect unauthorised behaviour
• Snug engages external consultants for periodic risk assessment
• Snug engages intrusion detection and system security scanning software
• Renters can delete their data at any time, or request deletion of their Snug Profile

Snug has implemented further enhancements:

• Enhance login (Released: Feb 2022)
• Auto Withdraw of applications (Released: April 2022)
• Team user management & deletion (Released: April 2022)
• Sensitive Information and Document Policy (Rollout Oct 2022)
• 2 Factor login (Oct/Nov: Dec 2022)
• Login Activity notifications (Oct/Nov: 2022)

 

Best Practice for Property Managers & Renters

10 key steps to staying safe online:

1. 1. Regularly virus scan all hardware and software
   2. Regularly install the latest software updates
   3. Limit computer software instals to those authorised by your company's IT
   4. Change passwords regularly eg. every 3 months
   5. Immediately remove staff that have left the business from the systems
   6. Don't share passwords or logins
   7. Don’t download sensitive documents to local computers or desktop
   8. Train staff about types of scams, phishing, malicious downloads and around privacy act obligations
   9. Promote online safety to your clients and customers
   10. Be aware of the latest online safety, current scams and report suspicious activity: https://www.cyber.gov.au/

 

Auto Withdraw - how it works

"Withdraw" application is currently available on the platform for Renters and Property Managers. 

Snug is turning on time based automation to save you time and reduce the open apps, data exposure in your team dashboard. 

• Shortlist applications to get 28 days access - shortlisted older than 28 days are subject to Auto Withdraw (for applications received on or after Saturday 16 April 2022 are subject to Auto Withdraw 28 days later ie. 14 May 2022)

• Process Applications to a Pre-Approved status to get 14 days access - eg. move to stages ‘New’ or ‘Review’ ie. less than Pre-Approved will be subject to Auto Withdraw (for applications received on or after Saturday 16 April 2022 are subject to Auto Withdraw 14 days later ie. 30 April 2022). To keep applications accessible, property managers should progress the application to either stages: ‘Approve, Offer or Accept’

• Declined applications are accessible up to 7 days from Declined date.

• All Applications older than 60 days will be Auto Withdrawn (for applications created on or after Saturday 9 April 2022 ie. Auto withdraws 8 June 2022) regardless of processing status. Applications older than 60 days will be made available to Admins for applications Marked as Leased.
• Applications that are Marked as Leased are available ongoing to Admin Users within the Team.

 

Sensitive Information & Document Policy 

Property managers collect sensitive information and documents to assess rental applications.  This information is generally required to be sighted to verify identity and affordability as part of due diligence but is not required to retained in whole original format. Snug has a Sensitive Information and Document Policy to reduce risk by redacting and deleting such information.

• Sensitive Information will be hashed and display the last few digits only eg. ####345 or month and year of birth eg. ## May 1972
• Sensitive Documents such as Identity and Income documents will be deleted.  A reference to the attachments provided by the renter will be in the application details for consumer tribunal, dispute or insurance purposes
• Sensitive Information & Documents over 60 days since upload by the renter will be subject to hash and deletion under this security policy

Sensitive Information includes:

• Date of Birth
• ID document numbers
• Income

Sensitive Documents include:

• Primary ID documents
• Secondary ID documents eg. utility bill
• Income documents: payslips, bank statements, Centrelink
• Other Documents uploaded eg. Land Title
• Student ID, Student Letter of Offer

 

Common questions

Q. What is the benefit to a property manager of these changes?

A. Snug helps reduce business risk as applications will be automatically withdrawn and access to sensitive details will be removed and sensitive documents will be digitally shredded.

 

Q. How do I keep an application accessible?

A. Within 14 days, progress the application to the processing stage. For instance, the “Pre-Approve” stage will allow you to keep the application accessible for up to 28 days. Approved Applications are available up to 60 days.

 

Q. What happens to Sensitive Information & Documents?

A. Digital shredding will remove ID numbers from the visual display and download the application PDF. Any sensitive uploaded documents, eg. Passport image, will be removed and no longer accessible. A record of the document uploaded by the renter, file name, date and time will be recorded.

 

Q. Why is Snug doing this?

A. Data security is a key concern for renters and a risk for real estate businesses.

 

Q. Downloaded applications 

A. Sensitive information and documents will be hashed and removed from downloaded PDF applications immediately and will not be displayed.