Security & data handling policy

Security and data handling

For security, risk and privacy stakeholders who need clear assurance on controls, residency and responsible tech, this page outlines how your data stays private, available and in your control — and how to get the full security pack next.

Request the security pack.

Your controls at a glance

  • ISO 27001–accredited ISMS.
  • Hosted on AWS in Australia with regional data residency.
  • Encryption in transit (TLS) and at rest (AES-256).
  • Role-based, least-privilege access with logging and monitoring.
  • Regular backups, tested disaster recovery and high availability.
  • Penetration testing and ongoing security assessments.

How we handle your data

  • You own your data. We don’t sell, mine or share customer data.
  • We only collect what’s needed to deliver and improve the service.
  • Access is limited to a small, authorised support team when required, with audit trails.
  • Export and deletion are supported as part of standard offboarding.

Residency and access

  • Your data is stored in secure Australian AWS data centres.
  • Strict tenant isolation is enforced at application, database and IAM layers to prevent cross-tenant access.

Encryption

  • All traffic is protected with TLS.
  • All stored data is encrypted with AES-256.

Resilience and continuity

  • Regular backups with defined RPO/RTO objectives.
  • Documented and tested disaster recovery procedures.

Privacy and your rights

  • We align to the Australian Privacy Principles.
  • You can access or correct your information, and withdraw consent where applicable.
    Read our plain-English policy: YakTrak privacy policy.

Integrations and YakTrak-powered AI

  • Integrations use secure APIs with authentication, authorisation and encryption.
  • YakTrak-powered AI features follow the same security controls as all other data and support human oversight. No fully automated decisions with legal or similarly significant effects occur without review.

Incident response

  • If an incident affects your data, you’ll be notified under our Incident Response Plan and applicable obligations. We investigate, contain and resolve quickly, and communicate transparently.

Frequently
asked questions

Got questions? These FAQs explain what YakTrak is, how it fits, and the outcomes to expect so you can choose the right pathway with confidence.

Yes. Modern SSO and MFA options are available.

Yes. Periodic penetration tests and security assessments help us identify and address potential vulnerabilities.

Service levels are outlined in your Customer Agreement and available on request.

Platform, API and access events are logged, monitored and retained for security investigations and compliance.

Strict logical isolation and per-tenant scoping at multiple layers prevent unauthorised access between customers.

Next steps

Now that you’ve reviewed the key policies, the next step is to explore fit, clarify anything still outstanding, or share this with the people involved in the decision.

Talk with a consultant
Book a demo
Book a discovery call