We raise the bar for platform security.
4 minutes reading time.
We’re proud to introduce a major security upgrade across our entire platform: Content Security Policy (CSP).
Our goal is simple: to provide a secure building management platform — affordable for anyone and without selling your data to third parties. Therefore, CSP is an important step as we prepare to connect bank accounts and enable automatic payment processing. Continue reading to learn what this update means for you.
What is CSP protection?
Every website is built from three main parts: structure (HTML), design (CSS), and functionality (scripts). On most websites, these elements are loosely connected, which can create security risks.
Content Security Policy (CSP) adds an extra layer of protection. It strictly controls where scripts and design elements are allowed to load from. If someone attempts to inject malicious code into our website, CSP automatically blocks it.
In simple terms: even if someone tries to tamper with the website, unauthorized scripts cannot run.
Why is this important?
CSP is a relatively modern security standard and is not yet widely implemented. Only around 14–20% of the top 1 million websites implement some form of CSP.
As our platform grows and begins handling more sensitive data — including bank account connections through our partnership with finAPI — strengthening our security was essential. That’s why we paused feature development temporarily to implement CSP first.
Why wasn’t this implemented earlier?
CSP limits certain development flexibility, which can slow early-stage innovation. During our startup phase, rapid iteration was important. Now that the platform is publicly available and security demands are increasing, implementing CSP became the right priority.
Over the past months, we have seen increasing automated attempts to probe our systems. Staying ahead of potential threats is critical — especially before enabling bank integrations.
Implementing CSP affected more than 2,500 internal components, including pages, scripts, and media assets. The scope was larger than expected, and some parts of the public beta were temporarily impacted. We appreciate your patience during this transition.
Some financial pages are currently still offline while we finalize our automated payment infrastructure. They will return shortly.
If you encounter any issues, please contact us. Your feedback helps us improve.
