Trust & Security
How we store, process and protect the compliance data your business depends on.
At a glance
Short, plain-English facts about how AutoAML is built.
Hosted in Australia
Customer data is stored in Sydney. Our production infrastructure runs in the australia-southeast1 region.
Encryption in transit and at rest
All connections use TLS 1.3. Data at rest is encrypted with AES-256 using keys managed by our cloud provider.
Two-factor authentication
TOTP-based two-factor authentication is available on every account. Organisation admins can require it across their team.
Role-based access control
Owner, admin, member and viewer roles with granular permissions. Every API call is authorised against the user's role and organisation.
Per-organisation data isolation
All data is scoped to a single organisation server-side. Users cannot read or write data belonging to another organisation.
Audit logging
Every mutation — document creation, CDD record entry, report submission, settings change, role change — is recorded in an immutable per-organisation audit log.
Penetration testing
Independent penetration testing is conducted at least annually. Remediation is tracked to closure.
Automated backups
The production database is backed up automatically with point-in-time recovery. Backups are retained on a rolling window.
Sub-processors
Third parties that help us deliver the service. Each operates under a written agreement covering security, confidentiality and data protection. Our Privacy Policy sets out the legal basis for disclosure to each of them.
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Hosting, database and infrastructure | Australia |
| Stripe | Payment processing and subscription billing | Australia / United States |
| Resend | Transactional email delivery | United States |
| Anthropic (Claude via Vertex AI) | AI-assisted document drafting | Global (Vertex AI) |
| Cloudflare | Content delivery and DDoS protection | Global edge |
| Google Analytics | Product and marketing analytics | United States |
Report a security issue
If you believe you've found a security issue in AutoAML, please raise a support ticket from within the app and mark it as a security incident. We prioritise these over general support requests and will get back to you quickly. Please do not publicly disclose the issue until we've had a chance to investigate.
Open a security ticket