← Home

Information Security

Protecting your data with enterprise-grade security

Our Security Commitment

At QualifyMate, we understand that mortgage brokers handle some of the most sensitive financial information. That's why we've built our platform with security at its core, using enterprise-grade infrastructure and industry best practices to ensure your clients' data remains protected at all times.

Google Cloud Infrastructure

Our entire platform is hosted on Google Cloud in the Sydney region, providing:

  • Australian data residency
  • World-class security infrastructure with ISO 27001, SOC 2, and SOC 3 compliance
  • 24/7 security monitoring and threat detection
  • Physical security at Google's Australian data centres
  • Redundant systems ensuring 99.9% uptime reliability

Data Protection & Encryption

Every piece of data in our system is protected through multiple layers of security:

  • End-to-end encryption for all data transmission using TLS 1.3
  • Encryption at rest for all stored documents and databases
  • Web application firewall with advanced threat detection
  • Role-based access controls ensuring only authorised users can access data
  • Regular security audits and vulnerability assessments

Access Controls & Authentication

We implement strict access controls to ensure data security:

  • Passwordless authentication for all user accounts
  • Session management with automatic timeout for inactive sessions
  • Comprehensive audit logs tracking all system access and data interactions
  • Principle of least privilege — users only access data they need
  • Regular access reviews and deprovisioning of inactive accounts

Compliance & Standards

QualifyMate adheres to Australian and international security standards:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles compliance
  • Notifiable Data Breaches scheme requirements
  • OWASP security guidelines for web application security
  • Regular penetration testing and security assessments
  • Incident response procedures with notification protocols

Data Handling & Retention

We maintain strict data handling practices:

  • Data minimisation — we only collect and process necessary information
  • Automatic data purging based on configurable retention policies
  • Secure data disposal using industry-standard methods
  • No data sharing with third parties without explicit consent
  • Full data portability and deletion rights for users

Business Continuity

Our platform is designed for reliability and business continuity with automated backups, disaster recovery procedures, and geographically distributed infrastructure. We maintain comprehensive business continuity plans to ensure service availability even in exceptional circumstances.

Ongoing Security

Security is not a one-time implementation but an ongoing commitment. We continuously monitor for threats, regularly update our security measures, and maintain a dedicated internal security function to ensure your data remains protected as technology and threats evolve.

Contact Us

If you have any questions about our security practices or would like additional information, please contact us:

Email: [email protected]

Vulnerability Disclosure

We take security vulnerabilities seriously and appreciate the security research community's efforts to help us maintain a secure platform. If you discover a security vulnerability in our systems, please report it responsibly:

  • Email us at [email protected] with details of the vulnerability
  • Provide sufficient information to reproduce the issue
  • Allow us reasonable time to investigate and address the issue
  • Do not access, modify, or delete data that doesn't belong to you
  • Do not perform testing that could impact the availability of our services

We commit to acknowledging your report within 48 hours and will work with you to understand and resolve the issue promptly. We appreciate responsible disclosure and will credit researchers who follow these guidelines (unless they prefer to remain anonymous).