Trust
Security & data sovereignty
Built to clear federation procurement on day one. The platform is enterprise-grade by default. Partners own their data, choose their region, and can exit cleanly at any time.
Encryption in transit and at rest
TLS 1.2+ for every request. AES-256 at rest. Secrets and PII stored in managed, audited key vaults.
Regional data residency
APAC data served from Australian data centres. EU data stays in EU infrastructure. US isolated on request. Region is a Partner-level decision, not a default.
Multi-tenant isolation
Every Partner has isolated data boundaries. No cross-tenant reads. Member data is never shared or resold between federations.
Compliance posture
Aligned to SOC 2, ISO 27001, and PCI DSS principles. Full DPA available. Sub-processor register maintained. GDPR and Australian Privacy Principles compliant by design.
Resilience & uptime
Cloud-native, multi-zone deployment. Automated failover. Continuous backups with point-in-time recovery. 99.9% platform availability SLA.
Access control
Role-based access for Partner admins. SSO on request. Audit log of every administrative action. Principle of least privilege applied to internal access.
What we provide before you sign
Federation procurement teams receive a complete security and compliance pack on request:
- Master Services Agreement and Data Processing Agreement.
- Active sub-processor register with regional footprint.
- Infrastructure diagram and data-flow map.
- Incident response policy and breach notification commitments.
- Penetration testing summary from the most recent review.
- Exit plan and data portability commitments.
Request the security pack before the first commercial meeting. We would rather your procurement team clear it early than discover a gap mid-contract.
Request the security pack →