We take security seriously and employ a range of measures:
- Encryption: Our app and website use HTTPS, which means data transmitted is encrypted. Your password is stored hashed (not in plain text), and sensitive info like ID scans are stored securely (with encryption at rest on our servers).
- Secure payments: As mentioned, payments are handled by Stripe, a PCI-compliant processor, so your card details go directly to Stripe’s secure systems. We never see or store your full card number.
- Authentication & sessions: We have protections against unauthorized access – if we detect suspicious login attempts, we may prompt for re-verification. We also have session management; if you log in on a new device, your old sessions might be logged out for safety. (Always use a strong, unique password for your account to further protect it.)
- Data retention & deletion: We keep your data only as long as needed. If you delete your account, we delete personal info per our Privacy Policy (except what we must retain for legal reasons). We have protocols for safe data disposal.
- Breach response: Though we work hard to prevent it, if a data breach ever occurred, we have a response plan. Under the Notifiable Data Breaches scheme, we’d notify affected users and the OAIC if a breach is likely to result in serious harm, and we’d take steps to contain and remedy it.
No platform can guarantee 100% security, but we adhere to high standards and continually update our safeguards to protect your information.