Information Security

What do we collect and store?

• We collect personally identifiable information as required to ensure compliance, generate invoices and to send notifications:
  • IP addresses
  • Location data
  • Contractor License Numbers
  • Contractor Insurance Numbers
  • Addresses
  • Phone numbers
  • First name
  • Given name
  • Email addresses
• We also collect the following company information:
  • Company name
  • Company location
  • Company email contact
  • ABN
  • Contractor back ID (BSB or similar)
  • Contractor Bank Account Number
  • Timezone
• We import the above required information via customer software systems, via CSV files or manual data entry.
• We minimise information that we collect, and will never collect drivers license numbers, passport numbers, health insurance numbers.

How do we protect this information?

• We keep a limited access list, with the access to this information limited to Sensor administrators.
• Sensor administrators use 2FA for access to customer data, and access is controlled and recorded.
• All information is encrypted while in transit and at rest.
• We host our services inside AWS Australia through an architecture using firewalls with limited access to individual servers and databases from anyone external to our network.
• VPN access is required for developer access into infrastructure, and access is on a as-required basis.
• MFA is enforced across all infrastructure accounts.

How do we ensure compliance?

• We undergo yearly penetration testing across both our software and network security through the independent company Triskele Labs: Triskele Labs
• We undergo continuous auditing against SOC 2 and ISO 27001 via the Vanta platform: SOC 2, HIPAA, ISO 27001, PCI, and GDPR Compliance
• We use GitHub Dependabot to highlight security vulnerabilities within our software, and we actively resolve any identified issues within defined SLAs.