Security, privacy and governed AI by design.
We protect sensitive participant information with enterprise-grade security, privacy by design and responsible AI — so you can trust every interaction.
Controls
Enterprise Security Controls
Role-Based Access
Access granted based on roles and responsibilities.
Least Privilege
Users have the minimum access required to perform tasks.
Encryption In Transit & At Rest
Industry-standard cryptography across all data flows.
Secure Media Storage
Files and media stored securely with restricted access.
Audit Logs
Comprehensive audit logs for all user and system activity.
Retention Policies
Data retained only for the required period and purpose.
Deletion Workflows
Secure deletion workflows to remove data on request.
DLP & Monitoring
Data Loss Prevention and continuous anomaly detection.
Consent Records
Consent capture and management with verifiable records.
Privacy by Design
Privacy is built in from the start, into every feature.
Australian Privacy Principles
Aligned to the 13 Australian Privacy Principles.
AI Governance
Responsible AI framework with human oversight and controls.
Review Before Submission
Human review required before any content is finalised.
Australian Region Hosting
Data hosted in Australian data centres.
Foundation
Built on Microsoft security.
Microsoft Entra ID
Secure identity and access management with MFA.
Microsoft Purview
Data discovery, classification, DLP and information protection.
Microsoft Defender
Threat protection across identities, endpoints, apps and data.
Microsoft Sentinel
Cloud-native SIEM for real-time threat detection and response.
Application Insights
Performance monitoring and telemetry.
Microsoft Azure
Enterprise-grade cloud infrastructure with high availability.
Australian Region Hosting
Data hosted in Australian data centres.
Controls
Responsible AI in Practice
Human-in-the-loop Review
AI assists, humans decide. All important outputs are reviewed by a qualified supervisor.
AI-Generated Content Labelling
All AI-generated content is clearly labelled and transparent.
Source Evidence Retention
AI outputs are supported by retrieved source evidence retained for traceability.
No Autonomous Clinical or Legal Decisions
The platform does not provide autonomous clinical or legal advice.
Compliance & Governance
Aligned to Australian standards.
NDIS Practice Standards
Designed to support NDIS practice standards and quality outcomes.
Australian Privacy Principles
Compliant with the 13 Australian Privacy Principles.
Data Residency Australia
Participant data hosted in Australian regions where possible.
Access & Change Governance
Controlled change management and access governance processes.
Incident Response Ready
Documented incident response plan and escalation processes.
Regular Risk Assessments
Ongoing risk assessments and continuous improvement.
Third-Party Assurance
Vetted partners and regular security assurance reviews.
Security overview
See how our security and governance protect participants and build trust.
Book a security overview or a personalised demo.