Trust & assurance

Security

ComplianceIntel is purpose-built for Queensland local government. We treat the security of your compliance data with the same rigour your council applies to its own legislative obligations.

Our Commitment to Security

Security is designed into ComplianceIntel from the ground up, not added afterwards. Every layer of the platform — hosting, authentication, data isolation, and application code — is built to protect your council’s compliance data and the personal information of the officers who use it.

Infrastructure & Hosting

  • Hosted on Supabase (PostgreSQL), Sydney region (ap-southeast-2) — your data stays in Australia.
  • Edge delivery via Cloudflare’s global network, with DDoS protection and a web application firewall (WAF).
  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Authentication & Access Control

  • Email and password authentication via Supabase Auth, with JWT-based session management.
  • Multi-factor authentication (MFA) is enforced for all accounts.
  • Row-level security (RLS) is enforced at the database layer — your organisation can only ever access its own data.
  • Role-based access control across org_admin, compliance_manager, and viewer roles.

Data Isolation

  • Strict multi-tenant data isolation — each council’s obligations, assessments, and incidents are fully scoped to their organisation.
  • No cross-organisation data visibility, by design or by accident.
  • Every API response is scoped to the requesting organisation before it leaves the server.

Application Security

  • Edge-rendered Next.js application with no persistent server — a reduced attack surface.
  • All user inputs are parameterised — no SQL string interpolation.
  • Security headers are enforced via Cloudflare, including HSTS, CSP, and X-Frame-Options.
  • Dependencies are monitored for known vulnerabilities, with critical patches applied on a priority basis.

Responsible Disclosure

If you discover a security vulnerability in ComplianceIntel, please contact us at security@complianceintel.ai before any public disclosure. We will acknowledge your report within two business days and work to resolve confirmed issues promptly. We do not currently operate a bug bounty programme.

Contact

Security enquiries: security@complianceintel.ai
General enquiries: hello@complianceintel.ai