Enterprise-Grade Security
Rock Solid Waivers is built with security at its core. We employ industry-leading security measures to protect your sensitive data and ensure full compliance with Australian laws.
High Availability
MongoDB Atlas uptime SLA
AES-256 Encryption
Industry-standard encryption
Australian Hosted
Data never leaves Australia
Automated Monitoring
Database and app monitoring
Enterprise-Grade Security
Your waiver data is protected with industry-standard security practices. Multi-layered encryption, secure Australian data centers, and comprehensive audit logging keep your information safe.
- AES-256 encryption for sensitive fields and TLS 1.2+ for data in transit
- Data hosted exclusively in Australia via MongoDB Atlas
- Immutable audit logs with 7-year retention for compliance
Security Features
Data Encryption
Data encrypted in transit using TLS 1.2+ and sensitive fields encrypted at rest with AES-256
- TLS 1.2+ for all data transmission
- AES-256-GCM encryption for sensitive fields
- Waiver PII encrypted: emails, phone numbers, addresses, ID documents
- Encrypted database backups via MongoDB Atlas
- Secure encryption key management
Multi-Factor Authentication
Optional two-factor authentication for enhanced account security
- App-based TOTP (Google Authenticator, Authy)
- Email verification for all accounts
- Strong password requirements (12+ characters)
- Role-based access control
Audit Logging
Immutable audit trails for authentication, waiver operations, and system changes
- Authentication event logging
- Waiver creation and access logging
- User management activity tracking
- 7-year retention for compliance
Australian Data Residency
All data hosted exclusively in Australian data centers
- Data stored within Australia
- No offshore data transfer or storage
- Australian Privacy Act 1988 compliant
- Data sovereignty guaranteed
Australian Compliance Built-In
Full compliance with Australian laws including the Electronic Transactions Act 1999 and Privacy Act 1988. Your waivers are legally binding and meet all government requirements.
- Identity verification for digital signatures
- Complete audit trails for compliance
- All 13 Australian Privacy Principles
Data Protection
Data Storage & Backup
Secure Storage
- Encrypted MongoDB databases
- Redundant Australian data centers
- Real-time data replication
- Automated integrity checks
Backup & Recovery
- Daily encrypted backups
- Point-in-time recovery
- Geographic backup distribution
- Disaster recovery testing
Access Control
User Authentication
- Strong password requirements (12+ chars)
- Multi-factor authentication (TOTP)
- Session management
- Account lockout (5 fails = 15 min lock)
Role-Based Permissions
- Granular permission controls
- Principle of least privilege
- Regular access reviews
- Audit trail logging
Platform Security
Mobile Security
- Secure mobile signature capture
- Device fingerprinting & tracking
- Account lockout protection
- Secure session handling
- Login attempt monitoring
Web Application Security
- XSS protection
- CSRF token validation
- SQL injection prevention
- Content Security Policy
- Regular security scanning
Infrastructure Security
- Network segmentation
- DDoS protection
- Intrusion detection
- Regular security patches
- Vulnerability assessments
Compliance Standards
Electronic Transactions Act 1999
Compliance with Australian electronic signature laws
Australian Privacy Principles
Full compliance with all 13 APPs including data access, correction, and marketing consent
ISO 27001 Certification
Information security management system certification
SOC 2 Type II Certification
Independent security audit certification
Australian Legal Compliance
Electronic Transactions Act 1999
- Identity verification and confirmation
- Signature method reliability standards
- Complete audit trail maintenance
- Legal equivalence to handwritten signatures
Privacy Act 1988
- All 13 Australian Privacy Principles
- Data breach notification requirements
- Individual access and correction rights
- Cross-border data transfer restrictions
Security Monitoring & Response
Application Monitoring
- Automated error tracking
- Performance monitoring
- Rate limiting enforcement
- Security event logging
Database Security
- MongoDB Atlas monitoring
- Automated backups (continuous)
- IP whitelist protection
- Connection encryption (TLS 1.2+)
Incident Response
- Documented response procedures
- Data breach notification system
- Customer notification protocols
- Audit trail for investigations