Security
Security isn't a tab. It's the foundation.
Multi-tenant isolation, encryption, immutable audit trail, Australian hosting. The controls auditors expect, documented and defensible.
Security isn't a tab. It's the foundation.
Read our security overview →- ISO 27001 aligned
- Hosted in Australia
- Encrypted at rest & in transit
- Per-tenant credential keys
- 7-year immutable audit trail
- SAML / OAuth / LDAP SSO
Multi-tenant isolation
Every query is scoped to a single company. Cross-tenant joins are blocked at the data layer — not a check we hope the application remembers to make.
Encryption
TLS 1.3 in transit. PostgreSQL volume encryption at rest. Per-company keys protect integration credentials so one tenant key cannot read another tenant’s secrets.
Access control
Role-based permissions, mandatory MFA for privileged actions, configurable session timeout, optional IP allowlist per API key.
Audit logging
Immutable, 7-year retention. Every privileged action is recorded with the actor — user or API key — and the change applied.
Compliance posture
ISO 27001 aligned controls. Documented incident response, change management, vendor assessment, and breach notification procedures.
Data residency
Australian hosting for Australian customers. Data sovereignty respected by default, not as an upsell.
Need our security questionnaire pack?
We have responses ready for the common ones. Ask and we'll send.