Security

We only serve our website and systems via HTTPS, this includes APIs for both Prism and client systems. We enforce two-factor authentication for logins to sensitive applications such as our backend services and any critical infrastructure. We use role-based access tokens to serve all client applications and we let API users create multiple customisable access tokens for granular control over access to your data.

All our infrastructure runs inside Amazon Web Services (AWS) operated data centers and is physically located in Australia.

All data is encrypted in transit and when at rest. Full stop. We also ensure regular (immutable) backups of customer data, which are also encrypted at rest.

Any payments in our apps are handled by Stripe, which is certified to PCI Service Provider Level 1. This is the highest level of PCI DSS certification possible. Payment information is transmitted directly to Stripe in an encrypted format (HTTPS) for secure storage and never touches our systems. Read more about Stripe Security

All our application infrastructure runs inside Amazon Web Services (AWS) operated data centers and are all physically located in Australia. Physical access to AWS facilities is highly restricted and they are monitored by professional security personnel. They feature industry leading environmental security controls and redundancy to safeguard against loss of power, fires, and adverse weather conditions. Read more about AWS Security