Enterprise Security for Australian Financial Data

We treat your commission data with the same care as the banks treat your clients' money. Australian-built, Australian-hosted, Australian-compliant.

Infrastructure

Google Cloud (Sydney)

Encryption

AES-256 / TLS 1.3

Data Residency

100% Australian

🇦🇺

Australian Data Residency

Your data never leaves Australia. All infrastructure runs in Google Cloud's australia-southeast1 (Sydney) region.

  • 100% Australian data residency guaranteed
  • Compliant with Australian Privacy Principles (APPs)
  • No data replication to offshore regions
  • Meets ASIC regulatory requirements
🔒

Enterprise Encryption

Military-grade encryption protects your commission data at every stage.

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups with key rotation
  • End-to-end encryption for file uploads
👤

Access Controls

Granular permissions ensure users only see what they should see.

  • Role-based access control (RBAC) with 4 permission levels
  • Office-level data isolation for multi-office firms
  • Mandatory two-factor authentication (2FA) via TOTP
  • Session management with automatic timeout
📝

Comprehensive Audit Logging

Every action is logged and immutable for regulatory compliance.

  • 7-year audit log retention for financial data
  • Immutable logs prevent tampering
  • User activity tracking (who did what, when)
  • Export audit logs for regulatory submissions
🏢

Tenant Isolation

Multi-tenant architecture with enterprise-grade isolation between companies.

  • Firestore security rules enforce data boundaries
  • Company-scoped authentication claims
  • Impossible for users to access other companies' data
  • Regular penetration testing validates isolation
💾

Automated Backups

Continuous backups ensure your data is never lost.

  • Real-time Firestore replication across availability zones
  • Point-in-time recovery up to 7 days
  • Encrypted backup storage with geographic redundancy
  • Tested disaster recovery procedures
🛡️

Infrastructure Security

Built on Google Cloud Platform's enterprise-grade infrastructure.

  • ISO 27001, SOC 2 Type II certified infrastructure
  • DDoS protection and web application firewall
  • Automated security patching and updates
  • 24/7 infrastructure monitoring and alerting
💻

Secure Development

Security baked into our development process from day one.

  • Code review required for all changes
  • Automated security scanning in CI/CD pipeline
  • Dependency vulnerability monitoring
  • Principle of least privilege for all service accounts

Continuous Improvement

We continuously enhance our security practices.

  • Regular security assessments and reviews
  • Proactive vulnerability monitoring
  • Security-focused development culture
  • Transparent incident response process

Regulatory Compliance

Current Compliance

  • Australian Privacy Principles

    Full compliance with Privacy Act 1988

  • ASIC Record-Keeping

    7-year financial data retention

  • Data Breach Notification

    Notifiable Data Breaches scheme ready

  • Australian Data Residency

    100% of data stored in Sydney (australia-southeast1)

Transparent Security Incident Response

In the unlikely event of a security incident, we commit to:

Immediate Response

Incident response team activated within 1 hour

📢

Transparent Communication

Affected customers notified within 72 hours

🔧

Post-Incident Review

Public incident report and remediation plan

Questions About Security?

We're happy to discuss our security practices in detail. Book a demo or reach out directly.

Book a Security DemoContact Security Team