Skip to content
Trust Center

Built in Australia. Hosted here too.

Your site photos, rate cards, and client data live on IRAP-assessed Australian cloud infrastructure. We don't ship it offshore, we don't train third-party AI models on it, and we don't store it in plaintext.

Trust at a glance

AU-resident

100%

Every customer record processed and stored inside Australia.

Third-party AI training

0

Your data is never used to train a general-purpose model.

At rest

AES-256

Per-tenant managed keys via AWS KMS.

In transit

TLS 1.2+

TLS 1.3 preferred; weaker ciphers blocked at the edge.

Breach notify

72 hrs

Affected customers notified within 72 hours of detection.

Compliance matrix

Where each programme stands today

Live status of each compliance + certification programme. Active = audited and current. Anything else is marked plainly. No badges we haven’t earned.

IRAP-assessed AU cloud

Active

All production infrastructure and customer data

Continuous

Evidence: DPA on request

Privacy Act 1988 (Cth) - APP 1–13

Planned

All customer personal information handling

On the roadmap

Evidence: Privacy policy

SOC 2 Type II

TBD

Security, availability, confidentiality

On the roadmap

ISO 42001 (AI management)

Planned

AI management system governing QuoteMaker

On the roadmap

ISO 27001

Planned

Information security management system

On the roadmap

ISO 9001

Planned

Quality management system

On the roadmap

Essential Eight (ACSC)

Planned

Cyber-security maturity baseline

On the roadmap

Penetration testing

TBD

External + authenticated web app + API

On the roadmap

Disaster-recovery drill

TBD

Failover + restore from backup

On the roadmap

Need an audit report, DPA, or sub-processor list under NDA? hello@quotemaker.com.au. Reply within one Australian business day.

Data lifecycle

What happens to a quote, end to end

Five steps from your phone to the client’s inbox. Every step happens inside Australia.

01

Capture

Photos, voice, video uploaded over TLS to AWS Sydney. Voice transcribed in-region. Never leaves AU.

02

Process

AI inference runs in AU. Rate-card matched against your library. Output is a draft scope and a draft PDF.

03

Store

Encrypted at rest with AES-256, per-tenant keys. Logical tenant isolation enforced at the DB layer.

04

Retain

Active while your account is. On cancellation, 90-day grace window then full deletion on request.

05

Delete

Hard delete from primary + backups within 30 days of confirmed request. Certificate available on request.

Security detail

How the platform is actually built

Six areas your security team will ask about. Linkable anchors so you can deep-link a colleague.

Where your data lives

Every site photo, voice note, rate card, client record, and generated quote is processed and stored inside Australia. No customer data crosses the border for any reason - including model inference, support tooling, or analytics.

  • AWS Sydney region (ap-southeast-2) for compute, storage, database
  • IRAP-assessed environment
  • No offshore replication or backup
  • Sub-processors are AU-resident or process metadata only - full list above

Encryption in transit and at rest

Traffic between your browser, mobile apps, and QuoteMaker is encrypted in transit. Customer data on disk is encrypted at rest with managed keys.

  • TLS 1.2 minimum, TLS 1.3 preferred. Weak ciphers blocked at the edge.
  • AES-256 at rest with AWS KMS-managed keys
  • Per-tenant logical isolation in the database layer
  • No customer credentials stored in plaintext anywhere in the stack

Authentication and access

Builders and their teams sign in with email + password by default. Professional and Enterprise tiers can enable SSO. Multi-factor authentication is available on all paid tiers.

  • Email + password baseline (bcrypt hashed, salted, peppered)
  • Optional SSO via SAML 2.0, Google Workspace, Microsoft 365 (Pro + Enterprise)
  • Optional MFA via TOTP or hardware key
  • Internal access to customer data is restricted to engineers on call, with full audit logging

Backups and disaster recovery

Customer data is backed up daily with point-in-time recovery available for the previous 30 days. Disaster recovery is tested twice a year.

  • Daily automated snapshots
  • 30-day point-in-time recovery window

AI training posture

Your site captures, rate card, client list, and generated quotes are not used to train any general-purpose AI model. The QuoteMaker engine is fine-tuned on consented training data only. Customer data is processed for your account, and your account alone.

  • No customer data sent to third-party model training pipelines
  • No training opt-in dark patterns - there is no opt-in
  • Vision and language inference run on Australian infrastructure
  • Per-account isolation enforced at the inference layer

Incident response

If we have an incident affecting customer data, we notify affected customers within 72 hours and post a summary on our status page within 14 days of resolution.

  • 72-hour customer notification commitment for any incident with customer impact
  • Public post-mortem within 14 days of resolution
Sub-processors

Every vendor who touches any of your data

A short, deliberate list. We update it within 30 days of any addition. Full DPA available under NDA.

Amazon Web Services

Primary cloud infrastructure (compute, storage, database), AU-hosted AI inference, and transactional email

AWS Sydney (ap-southeast-2)

All customer data

Sub-processor list reviewed monthly. We notify customers of additions at least 30 days before they go live.

Responsible disclosure

Found something? Tell us first.

If you’ve discovered a security issue with QuoteMaker, please report it directly to our security team before disclosing publicly. We acknowledge every report within one business day and aim to resolve confirmed issues within 30 days.

Acknowledgement SLA

1 Australian business day

See also:Privacy policyTerms of serviceMachine-readable reference

Early access · founding builders

Want a copy of the DPA?

Reply within one business day. Real humans, no chatbot.

Email usJoin waitlist
Onboarding within 24 hoursCancel any time, no exit feeAustralian support