Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.propops.app/llms.txt

Use this file to discover all available pages before exploring further.

13 April 2026
Trial account badges, reauthentication improvements, PII key rotation, and dashboard enhancements.

New features

The dashboard now displays a trial account badge when applicable, controlled by your role permissions. This gives administrators clear visibility into which accounts are operating under a trial licence.
Administrators can now rotate PII encryption keys without downtime. The platform re-encrypts all protected fields in place, keeping your data secure while meeting key management best practices under UK GDPR. Learn more on the GDPR compliance page.
Archived job documents are now automatically purged once they exceed your configured GDPR data retention period. This keeps storage clean and ensures you stay compliant without manual housekeeping. See the GDPR compliance page for details.
GDPR data subject reports now include only relevant case notes and activity logs scoped to the specific tenant, and are encrypted at rest. The report layout has been updated for clarity, with new sections covering purpose and scope in line with UK GDPR requirements.

Updates

The reauthentication prompt now includes a password visibility toggle for easier entry, along with additional anti-bot protections to strengthen security during sensitive actions.
The jobs-by-type widget on the dashboard now displays additional details including the assigned agent, contractor, and job creator, making it easier to triage work at a glance. See the dashboard overview.
Audit logs now capture failed reauthentication attempts, guard activity, and document approval events, giving administrators a more complete picture of platform activity. See the audit log page.
The automated data cleanup process has been extended to include orphaned case notes, improving data hygiene and reducing unnecessary storage usage.
The experimental AI-assisted analysis in financial reports has been removed. Financial reports continue to work as before, now without the AI badge and related controls, for a cleaner and more focused reporting experience. See the financial features page.

Bug fixes

Resolved an incomplete script tag that could cause display issues on the email verification and IP verification pages.
Unsent IP verification PIN records are now automatically removed during the login process, preventing stale records from accumulating and potentially causing verification delays.
9 April 2026
New email templates, brand management improvements, API error handling, and bug fixes.

New features

PropOps now includes a broader set of branded email notifications covering onboarding reminders, password breach alerts, password reset and change confirmations, payment updates, quote-ready notices, user lifecycle events (created, deleted, blacklisted, role changed, status changed), video processing updates, and webhook security alerts. All templates follow the same clean, branded layout as existing emails. See the full list on the email system page.
Self-hosted deployments can now pull a pre-built production Docker image directly, removing the need to build containers locally. This simplifies new installations and ensures every deployment starts from a verified, consistent image. See the Docker setup guide for details.
API requests that hit an unauthorised or not-found route now return structured JSON error responses instead of generic HTML pages. This makes it easier for integrations to handle errors programmatically.

Updates

The sidebar and layout now automatically adjust text colour based on your uploaded logo’s contrast, so light logos display correctly on dark backgrounds and vice versa. No manual tweaking required. Learn more in the brand management guide.
You can now set a custom “from” name and email address for all outbound emails, giving recipients a clearer indication of who the message is from. See the email configuration guide.
Authentication failures now produce clearer, more structured log entries, making it easier for administrators to diagnose login issues.
Cleaned up unused code, optimised tenant detail filtering, simplified attachment file type handling, and improved overall code consistency across the platform.

Bug fixes

Fixed an issue where encrypted personal information was not being decrypted in security report API responses, causing some fields to appear as unreadable text.
Fixed a display issue where durations showed “1 days” instead of “1 day”.
6 April 2026
Permissions export/import, Docker improvements, and a downloadable permissions template.

New features

You can now export your full permission configuration — every role and account type — as a JSON file, and import it back on another instance or environment. This makes it straightforward to back up your permission setup, transfer settings between staging and production, or audit your configuration offline. Find it under Admin → Settings → Permissions using the new Export and Import buttons in the toolbar. See the user management guide and permissions template reference for details.
A default permissions template is now available covering all 551 permission keys across five roles and two account types. Use it to bootstrap a new installation, restore defaults, or review the complete permission structure. Download it from the permissions template page.

Updates

The Docker configuration now includes an entrypoint script that automatically creates required directories (uploads, extensions) with correct ownership and permissions on first boot. This reduces manual setup steps for new self-hosted installations. See the self-hosting guide for the updated instructions.
Updated lodash to 4.18.1 and @xmldom/xmldom to 0.8.12, addressing minor security and compatibility improvements.
5 April 2026 — Release 2026.04
Security hardening, job lifecycle enhancements, and infrastructure improvements.

Security Hardening

Strengthened data protection controls with comprehensive encryption-at-rest coverage across all core platform entities, ensuring alignment with UK GDPR, the Data Protection Act 2018, and ISO 27001 obligations.
Extended consistent data protection handling to a broader set of API endpoints, ensuring personally identifiable information is handled uniformly across the entire platform surface.
Applied data protection controls to user activity logs, email logs, and system communications, reinforcing the platform’s GDPR compliance posture and reducing the risk of inadvertent PII exposure in operational records.
Updated the data retention schedule for job records to align with UK statutory requirements. The previous short-term expiry window has been replaced with a retention period consistent with financial and property regulation obligations.
Introduced automated checksum generation for all release artefacts, enabling independent verification of deployment package integrity prior to installation. This provides an additional assurance layer for self-hosted deployments.
Corrected a serialisation defect in error response logging that affected the integrity of log records produced by authentication and access-control error paths. Log output now consistently reflects the structured format expected by downstream monitoring tooling.

Features

Introduced a comprehensive job archiving capability, enabling organisations to transition completed jobs to a permanent read-only archive state. Archived jobs retain their full history, audit trail, and attachments and remain fully searchable, but cannot be modified or reopened outside of a formal recall process.
Enhanced the job archive and purge utility to automatically identify and remove orphaned address and tenant records that become disassociated following bulk archiving operations. This maintains referential integrity across the data model and eliminates the need for manual database housekeeping.
Extended the platform design system with additional colour tokens for dark mode interfaces, improving visual consistency and accessibility across low-light display variants on all supported devices.
Introduced an automated workflow that identifies and reports inactive repository branches on a scheduled basis, supporting repository hygiene and reducing the long-term maintenance burden for engineering teams.

Performance

Upgraded the container base image to PHP 8.5, delivering runtime performance improvements and extended security patch coverage. All self-hosted deployments should update to the latest image to benefit from these improvements.
Corrected the staging deployment workflow to preserve Docker configuration files during release operations, preventing configuration drift between staging and production environments.
Removed deprecated schema structures and consolidated legacy data definitions to reduce schema complexity, improve query planning, and lower the overhead associated with database migrations.
Applied a structured programme of code quality improvements across the platform, addressing technical debt, improving internal consistency, and reducing long-term maintenance overhead.
31 March 2026 — Release 2026.03.4
PII encryption enhancements, compliance documentation, and API security improvements.

Security & Compliance

Implemented end-to-end PII encryption at rest and in transit across all core API endpoints. Sensitive fields including names, contact details, and addresses are now consistently encrypted and decrypted with appropriate access controls in place.
Upgraded the job and property search functionality to support lookups across encrypted fields without exposing raw PII in query results, maintaining both performance and data protection compliance.
Added a formal compliance report covering the platform’s adherence to UK GDPR, ISO 27001, Cyber Essentials, the Privacy and Electronic Communications Regulations (PECR), UK property regulations, and VAT obligations.
Updated API endpoint path references throughout the README and developer documentation to reflect the current routing structure, eliminating stale references that could mislead integrations.
26 March 2026 — Release 2026.03.3
Maintenance mode, PWA enhancements, brand management, and API access controls.

Features

Introduced a full maintenance mode API and frontend integration, allowing administrators to take the platform offline for scheduled maintenance with configurable user-facing messaging and role-based bypass controls.
Improved service worker registration with timeout handling and an enhanced caching strategy, increasing PWA reliability and offline capability across supported devices.
Updated the brand management system to support custom login page slides and background images, enforce file type restrictions from environment configuration, and allow application logo uploads as SVG files. Login and forgot-password pages now use locally hosted images for improved performance and consistency.
Implemented a dedicated API endpoint to serve default avatars as inline SVGs, simplifying error handling and eliminating broken image states across user profiles and listings.
Added an interactive session location map to the security dashboard, powered by Mapbox, providing administrators with a real-time visual overview of active session geography.
Introduced SecOps summary chiplets to the security dashboard, surfacing key operational security metrics including recent file uploads, accessed files counts, and system health indicators with fade-in navigation effects.
Improved the document management interface with a new selection dropdown and an enhanced document inspector view for faster document review workflows.

API

Applied consistent API access and permission checks to all platform endpoints, ensuring that authentication and authorisation validation is enforced uniformly regardless of the request path.
Added a /health endpoint to all API modules, enabling infrastructure monitoring tools to verify service availability independently of business logic.
Improved structured logging across API endpoints and expanded the internal testing framework to cover authentication flows, access control edge cases, and response format validation.

Infrastructure

Updated the branch protection workflow to block merges from staging and production branches into main, providing automated feedback to contributors when a blocked merge is attempted.
Updated the yaml package from 2.8.2 to 2.8.3 and updated picomatch to address minor security and compatibility improvements.
Added a PHPUnit configuration file to standardise the automated testing setup for API endpoints, enabling consistent test execution across development and CI environments.
25 March 2026 — Release 2026.03.2
Security dashboard improvements, document management, and cleanup of deprecated functionality.

Features

Enhanced the security dashboard with improved responsiveness, refined styling, and better layout for monitoring panels on all screen sizes.
Extended the security report to surface the count of recently uploaded files and most recently accessed files, giving administrators greater visibility into file activity.

Maintenance

Removed the settings group backup mechanism, old database backup files, and obsolete scripts and views related to the legacy background image system and the deprecated recall jobs feature, reducing codebase complexity.
Refactored the logout flow to perform comprehensive cache clearing and improved session teardown, preventing residual session data from persisting after a user signs out.
Applied broad code structure improvements across multiple modules, improving internal consistency, reducing cyclomatic complexity, and easing future maintenance.
27 March 2026 — Release 2026.03.1
Dark mode CSS utilities and stale branch automation.

Features

Added new CSS utility classes for dark mode text colours, extending the design system with improved visual consistency and accessibility across all dark mode views on supported devices.
Added a scheduled GitHub Actions workflow to automatically identify and report stale branches, reducing repository noise and supporting long-term maintainability for the engineering team.
18 September 2025 — Release 2025.09.3
User activity tracking, notifications system, contractor trades, and online status.

Features

Implemented a full user activity tracking system with detailed logging for page visits, link clicks, button interactions, and form activity. Includes a backend API, a frontend tracking class, database schema updates, and an enhanced activity log display with pagination.
Updated user profile routing to use UUID-based URLs for improved privacy and security. Added UUID validation for URL and GET parameters, and ensured staff permission controls are enforced for profile access.
Overhauled the notifications system to integrate user data, improved rendering logic, and added comprehensive notification management including deletion functionality. Introduced a dedicated user avatar API and enhanced notification dropdown and footer action separation.
Added a Trades & Certifications demo page with a searchable selection system. Enhanced the contractor trades API with improved assignment status handling and introduced a trades manager interface for assigning and managing trade certifications.
Implemented a real-time online status system with activity tracking, enabling staff and tenant views to reflect user presence in real time.
Introduced full avatar upload and removal functionality with improved error handling and JSON response management. Refactored avatar storage to use a UUID-based directory structure. Avatar URLs are now protected from direct access via session-based authentication.
17 September 2025 — Release 2025.09.2
Profile system, agent and contractor views, and authentication improvements.

Features

Implemented staff and tenant profile sections with role-specific details, dashboards, and recent activity feeds. Consolidated profile form fields, improved layout, and enhanced accessibility. Added functionality for staff to update email addresses and set email notification preferences.
Enhanced agent and contractor profile views with Flowbite components, read-only view support, and role-specific data display.
Implemented a full email verification flow with activation token generation, account status checking, and a resend activation email capability. Updated login and activation pages to integrate with the new verification workflow.
Added admin impersonation capability allowing support staff to view the platform as a specific user for debugging and support purposes, with account type filtering and status management controls.
16 September 2025 — Release 2025.09.1
Project foundations: deployment, routing, database, and authentication.

Infrastructure

Implemented GitHub Actions workflows for automated deployments to staging and production environments, including PHP syntax checks, manual approval gates for production, and Plesk integration for deployment status tracking and notifications.
Added a Router helper class and updated .htaccess to support clean URL routing across the platform, improving URL readability and enabling structured route definitions with authentication checks.
Created the initial database schema with comprehensive table definitions for user management, job tracking, financial records, notifications, and compliance data. Added migration scripts and PDO-based connection handling.
Implemented a GitHub Actions workflow to automatically remove all development-only files during production merges, ensuring clean production deployments without manually curated exclusion lists.
Added a database backup system with scheduled and on-demand backup capabilities, supporting operational continuity and disaster recovery for self-hosted deployments.

Features

Implemented the core authentication system including session management, role-based access control, and secure logout with comprehensive session teardown and cache clearing.
Built a shared dashboard with dynamic content rendering based on user roles, delivering a consistent entry point experience for staff, tenants, landlords, and contractors.
Added theme configuration with helper functions to support dynamic theming across the platform, enabling per-branch or per-tenant visual customisation.
Established the frontend foundation using Tailwind CSS and Flowbite, with a PHP component architecture, email service integration via the Brevo API, and a BaseLayout class with shared SVG icon support.