Your data security is our priority
We understand the sensitivity of compliance documents. Ready Set Compliant is built with enterprise-grade security to protect your organisation and staff data.
Built for Security
Every aspect of our platform is designed with security and privacy in mind.
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest via our infrastructure provider. Your documents are stored securely with industry-standard encryption.
Secure Cloud Infrastructure
Your data is hosted on Supabase, a trusted cloud platform with enterprise-grade infrastructure, encryption, and data protection built in.
Role-Based Access Control
Granular permission controls ensure staff only see their own documents. Administrators can manage access levels to protect sensitive information.
Audit Logging
Activity logs track document verification, access events, and audit portal usage. We are continually expanding our audit trail coverage.
Infrastructure Backups
Our infrastructure provider performs automated backups with point-in-time recovery capabilities to protect against data loss.
Secure Authentication
Modern authentication with strong password requirements and secure session management. Rate limiting protects against brute-force attacks.
Enterprise-Grade Infrastructure
Ready Set Compliant is hosted on Supabase, a trusted cloud platform with enterprise security certifications. Our infrastructure is designed for reliability, scalability, and security.
- DDoS protection via infrastructure provider
- Regular security updates and patches
- Isolated tenant environments with row-level security
- Encrypted database connections
- Restricted API access with CORS origin validation
- Rate limiting on authentication endpoints
- Login brute-force protection
Security at Every Layer
Compliance & Standards
We're committed to meeting the highest standards for privacy and data protection.
Privacy Act Aligned
Built to align with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). We implement access controls, data isolation, and secure storage practices.
NDIS Practice Standards
Designed to support NDIS Practice Standards for information management and privacy.
Our Security Practices
Security Headers & Best Practices
We implement industry-standard security headers including Content Security Policy (CSP), HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy to protect against common web vulnerabilities.
Multi-Factor Authentication
All accounts are protected with TOTP-based multi-factor authentication (Time-based One-Time Password). Users can enrol via QR code in their account settings for an additional layer of security.
Audit Logging & Input Validation
Comprehensive audit logging tracks all significant actions across the platform. All API requests are validated with strict schemas to prevent malformed or malicious data from entering the system.
Multi-Tenant Data Isolation
Every organisation's data is fully isolated at the database level using row-level security policies. Staff can only access their own documents.
Real-Time Error Monitoring
We use real-time error monitoring and alerting to rapidly detect and resolve issues that could impact security or availability.
Data Minimisation
We only collect and retain data that is necessary for providing our service, reducing exposure and risk.
Incident Response
We maintain a formal incident response plan aligned with the Australian Privacy Act. In the unlikely event of a security incident, we commit to prompt and transparent communication.
Questions about security?
We're happy to discuss our security practices in detail. Contact us for more information or to request our security documentation.