Security FAQs

Edn_applicability__All_.png uses industry-standard methods to keep your user data safer from cyber security threats, internal security breaches and natural disasters.

Data security

Is data encryption used?
Industry-standard encryption is used for data in transit and in storage.
Where is data stored?
All data is stored in Australia.
What back-ups are in place?
Back-ups are cross-region in case of natural or other disaster.
Is penetration testing done? has undergone independent penetration testing by respected third cyber-security specialist firm Trusted Impact. Ongoing penetration testing will be performed annually or as needed. Contact us for more information. 
Can you set permissions for different users?
User permissions are coming in 2024.

Login procedures

Is a warning/disclaimer notice shown?
Prior to signing up, users are asked to read and agree to our terms of service, which include a disclaimer and terms of usage. For more information, see Legals, Policies and Procedures.
When is the user signup/login information validated?
The user's information is validated only upon completion of all the form. If the username or password is incorrect, a generic error is shown.
Is there protection against brute force login attempts?
Yes. Several failed logins locks an account for 15 minutes.
Are successful and unsuccessful login attempts logged?
Yes. If you suspect that potential bad actors are trying to access your information and you would like to view this log, please contact us.
Are requests to reset passwords logged?
Yes. If you suspect that potential bad actors are trying to access your information and you would like to view this log, please contact us.
On detection of a potential breach of login controls, is the user notified?
Yes. An email is sent to the user.
Are passwords encrypted?
Yes. Passwords are encrypted both in transit and in storage.
Are users logged out after an inactive period?
You may set an automatic timeout when there is a period of inactivity. The timeout period can be set by the organisation owner to a period that best suits their organisation's requirements. For more information, see Change the automatic timeout period.
Is there two-factor user authentication?
Yes, two-factor authentication is available.

Password management

Do you enforce individual user IDs and passwords?
Can the user set and change their own passwords?
Yes. Users set their own password on sign-up. When signed into the app, users can change their password under Account Details
What password complexity is enforced?
A password must be a minimum of 10 characters. Using a passphrase is recommended.
Do users need to change their passwords when they first log in?
No. Users create their own accounts, including their passwords. During the process they are invited to access organisations (such as companies, universities and hospitals).
Is a record of previous passwords kept to prevent re-use?
No. does not record previous passwords.
Is the password displayed as the user enters it?
No. When a user signs in their password is hidden. When the user updates their password in their Account details, the password is hidden by default. The user can choose to show their password.
How are passwords stored?
Passwords are not stored in files. Passwords are one-way encrypted, hashed and salted. Our encryption methods use the latest and strongest available encryption algorithms.
Was this article helpful?
3 out of 3 found this helpful



Please sign in to leave a comment.