The operating layer runs on infrastructure controlled by the building owner. Apareé operates within scoped service accounts, against a defined behavioral specification, with no access to data the building has not explicitly granted. Security is not a feature of the operating layer — it is a property of the ownership model.

Data governance

Resident data is owned by the building. The operating layer stores it in the building's cloud tenancy under the building's identity provider. Access to resident records is gated by role-based permissions defined in the deployment agreement. Apareé's bureau staff have no standing access; bureau access is opportunistic, scoped, audited, and revocable by the owner at any time.

Encryption and access control

Data at rest is encrypted using keys held in the owner's key management service. Data in transit is encrypted end-to-end between the resident app, the edge gateway, and the cloud. Service-to-service authentication uses short-lived tokens scoped to specific operations. The principle is consistent across the stack: the smallest possible privilege, the shortest possible duration, the clearest possible audit trail.

Compliance posture

The operating layer is designed to operate under GDPR and equivalent regional data-protection regimes. Residents have rights of access, correction, portability, and erasure; the operating layer exposes these rights as first-class workflows. Data residency follows the building — a building in the EU runs on EU-hosted infrastructure with EU-resident data, regardless of which bureau operates the warranty. Detailed compliance documentation is provided as part of the deployment package.