Security

Security & compliance

Our clients include government agencies, institutional investors, and organisations working on sensitive strategic questions. We build and operate accordingly.

Data sovereignty

We are an Australian company and we are committed to keeping client data within Australian jurisdiction. Our infrastructure and data processing are designed to meet the expectations of Australian government and institutional clients regarding data residency and sovereignty.

Encryption

  • In transit — All data transmitted between your browser and our services is encrypted using TLS 1.2 or higher.
  • At rest — Data stored on our platform is encrypted at rest using AES-256 or equivalent cloud-provider encryption.

Authentication and access control

  • Platform access requires authenticated accounts with secure credentials
  • Access to client data is restricted to authorised personnel on a need-to-know basis
  • Administrative access to infrastructure is protected by multi-factor authentication
  • Access permissions are reviewed regularly and revoked promptly when no longer required

Infrastructure security

Our platform runs on enterprise-grade cloud infrastructure with network isolation, automated security patching, and continuous monitoring. We use managed services from providers with established security certifications (SOC 2, ISO 27001) to minimise operational risk.

Application security

  • Secure development practices with code review for all changes
  • Dependency monitoring and regular patching of third-party libraries
  • Input validation and output encoding to prevent injection and cross-site scripting
  • Regular security testing of the platform

AI model security

Our platform uses large language models as part of its analytical pipeline. We apply the following safeguards:

  • Client data submitted for analysis is not used to train or fine-tune AI models
  • We use enterprise-tier API agreements with model providers that include data protection commitments
  • Analytical outputs include traceable reasoning so users can verify and audit the basis for any conclusion
  • Human oversight is a core design principle — the platform supports decision-making, it does not make decisions

Compliance

We operate in accordance with:

  • Australian Privacy Act 1988 and the Australian Privacy Principles
  • Relevant Australian Government information security frameworks

We are actively working toward formal security certifications appropriate for our government and institutional client base. If you have specific compliance requirements, we are happy to discuss how we can meet them.

Incident response

We maintain an incident response process for identifying, containing, and resolving security incidents. In the event of a data breach affecting your information, we will notify affected parties and the relevant authorities in accordance with the Notifiable Data Breaches scheme under the Privacy Act.

Questions

If you have security questions or require documentation for a procurement or due diligence process, please get in touch. We are accustomed to working with government and institutional security teams and can provide further detail as needed.