Enterprise-grade security standards.
Your compliance data demands the highest standard of protection. Here's how we safeguard it, end to end, all in Australia.
Security Features
AES-256 Encryption
All data at rest is encrypted using AES-256, the same standard used by banks and government agencies worldwide.
TLS 1.3 Transport
All data in transit is encrypted using TLS 1.3 with strong cipher suites. No downgrade to older protocols is permitted.
Secure Authentication
Industry-standard authentication with hashed passwords, session management, and optional multi-factor authentication.
Complete Audit Trail
Every screening check, login event, and data access is logged with timestamps, user identifiers, and IP addresses.
Role-Based Access
Granular permissions ensure team members only access the data and functions relevant to their role within your organisation.
Regular Security Testing
Periodic penetration testing, vulnerability scanning, and code reviews to identify and remediate security issues proactively.
Built on Google Cloud Platform
GCP Sydney Region
All infrastructure runs exclusively in australia-southeast1 (Sydney). Your data never leaves Australian soil.
Cloud SQL
Managed PostgreSQL with automatic encryption at rest, automated backups, and high availability configuration.
Secret Manager
All API keys, database credentials, and sensitive configuration stored in Google Cloud Secret Manager with audit logging.
Cloud Armor WAF
Web Application Firewall providing DDoS protection, OWASP Top 10 coverage, and configurable security policies.
Regulatory Alignment
AUSTRAC Aligned
Built to support your obligations under the AML/CTF Act 2006, including record-keeping, reporting, and program requirements.
Privacy Act 1988
Compliant with the Australian Privacy Principles (APPs) for the collection, use, and disclosure of personal information.
Australian Data Residency
All data storage and processing occurs exclusively within Australian borders. No offshore data transfers.
SOC 2 Type II
SOC 2 Type II audit in progress. Covering security, availability, and confidentiality trust service criteria.
In ProgressYour data never leaves Australian soil
Every piece of data you entrust to Clear Check is stored and processed within Australia. Our infrastructure runs exclusively in Google Cloud's Sydney region (australia-southeast1). We do not use any overseas API endpoints, content delivery networks, or data processing services. This is not a policy preference — it is an architectural guarantee.
Questions about our security?
We take the protection of your compliance data seriously. If you have questions about our security practices, infrastructure, or data handling, we're here to help.