The security of your data is of the utmost importance to us.
If you have any questions regarding our security policies or infrastructure, please don't hesitate to get in touch.
Infrastructure
Our servers are located in high-security data centers In Sydney, NSW, and have been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS), as well as being compliant with ISO 27001 and Information Security Registered Assessors Program security practices.
We operate in multiple availability zones, to provide redundancy in the case that a particular region experiences downtime. We strive to remove any single points of failure and provide a robust, highly-available system.
Payment processing is performed by Stripe, who have been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS). We do not (and will never) store your credit card information on our systems. See the Stripe security documentation for more details.
User authentication is provided by specialist provider Auth0. We do not store (and will never ask for) password information. The use of 2-factor authentication is encouraged.
Encryption
All connections to and from FreshClaim servers are performed over SSL/TLS, and are protected by 256-bit encryption.
All sensitive data is encrypted using the AES256-GCM algorithm before being stored. All data is encrypted at rest
Operations
We use both internal and 3rd-party services to monitor our systems around the clock, which alert operations staff instantly in the event of downtime or reduced availability.
We operate all systems under the principle of least privilege, and restrict access unless absolutely necessary. 2-Factor authentication is mandatory for all staff and all internal systems.
Databases and internal systems are run on a private network, inaccessible from the public internet.
Any scheduled maintenance or planned downtime is announced as far ahead of time as possible, and communicated via email to all customers.
In the unlikely event of a cyber security incident, details will be reported to Services Australia and our customers within 12 hours of us becoming aware of the incident.
Data Integrity
All data is stored within Australia, and all staff are citizens or permanent residents of Australia.
Customer data is only accessible by a small, select group of screened employees.
Application data is backed up daily, and backups are preserved for 1 year. We have a well-tested process in place for restoring from these backups in the case of failure.
Data is stored across multiple availability zones, to prevent data loss in the event of a data center outage.