Security & compliance
Our clients include government agencies, institutional investors, and organisations working on sensitive strategic questions. We build and operate accordingly — and most engagements never put your data in our hands at all.
Jurisdiction
Australian data residency
Hosting
We host no client data
Encryption
TLS 1.2+ · AES-256
Oversight
Human-in-the-loop
The platform-hosting terms below apply to existing platform clients. Methodology engagements run in client-controlled environments — cloud or sovereign — and Dragonfly hosts no client data.
We are an Australian company, committed to keeping client data within Australian jurisdiction. Our infrastructure and data processing are designed to meet the expectations of Australian government and institutional clients on data residency and sovereignty.
In transit
TLS 1.2 or higher. All data between your browser and our services is encrypted in transit.
At rest
AES-256 or equivalent cloud-provider encryption for data stored on our platform.
Our platform runs on enterprise-grade cloud infrastructure with network isolation, automated security patching, and continuous monitoring. We use managed services from providers with established certifications — SOC 2, ISO 27001 — to minimise operational risk.
Our platform uses large language models as part of its analytical pipeline. We apply the following safeguards:
We are actively working toward formal security certifications appropriate for our government and institutional client base. If you have specific compliance requirements, we are happy to discuss how we can meet them.
We maintain an incident-response process for identifying, containing, and resolving security incidents. In the event of a data breach affecting your information, we will notify affected parties and the relevant authorities in accordance with the Notifiable Data Breaches scheme under the Privacy Act.