Security
Our Commitment to Security
Assistive Digital is committed to protecting the confidentiality, integrity, and availability of our platform, systems, and customer data. We apply layered security controls aligned with recognised industry standards and Australian Government best practices to protect information from unauthorised access, misuse, loss, or disclosure.
Multi-Factor Authentication (MFA)
Due to potential sensitivity of captions, transcripts and summaries, we implement Mult-factor Authentication (MFA) across all user types across the platform. MFA provides an additional layer of protection beyond passwords alone and significantly reduces the risk of unauthorised access.
Encryption of Data
- Encryption at Rest
Sensitive data is encrypted when stored using industry-standard encryption algorithms to protect information in the event of unauthorised access or system compromise. - Encryption in Transit
All data transmitted between users, systems, and services is protected using secure encrypted communication protocols, including TLS 1.2 or higher, to prevent interception, disclosure, or tampering.
Australian Data Sovereignty
Assistive Digital maintains a strict commitment to Australian data sovereignty.
- The Assistive Digital platform is hosted and operated within Australia.
- All data is stored and processed in Australia.
- All subprocessors engaged by Assistive Digital storing and processing data are hosted and operate within Australia.
- Data is not transferred or processed offshore.
Subprocessors and Security Standards
Assistive Digital uses a limited number of trusted subprocessors to support platform operations.
- All subprocessors undergo due diligence prior to engagement and are subject to ongoing review.
- Subprocessors are contractually required to implement security and encryption controls that are equal to or exceed those used by Assistive Digital.
- This includes, at a minimum, encryption at rest, encryption in transit using TLS 1.2 or higher, access controls, monitoring, and incident response capabilities.
- Subprocessors must comply with applicable Australian privacy, security, and regulatory obligations.
Alignment with Essential Eight
Our security practices are aligned with the Australian Cyber Security Centre (ACSC) Essential Eight mitigation strategies, including:
- Application control
- Patch management for applications and operating systems
- Restriction of administrative privileges
- Multi-factor authentication
- Regular backups and recovery testing
These controls are actively maintained, regularly reviewed, and kept up to date in line with evolving threats and ACSC guidance.
Ongoing Security Management
Security is an ongoing responsibility. Assistive Digital regularly:
- Reviews and enhances security controls
- Monitors systems for suspicious or unauthorised activity
- Applies security patches and updates in a timely manner
- Assesses security risks across the platform and its subprocessors
Transparency and Accountability
We recognise the importance of trust and take our responsibility to safeguard information seriously. If you have questions regarding our security practices or require further information, please contact us through our official support channels.
Sub-Processors
Our full sub processor listing, data processing location and vendor confirmation can be seen below:
| Name | Functions | Data Location | Vendor Confimation | Security Standards | Types of PII Data Processed |
|---|---|---|---|---|---|
| Amazon Web services | Web Appplication Firewall AWS Shield EC2 Virtual Servers AWS Comprehend |
Australia |
ISO27001:2022 SOC2 NIST 2.0 GDPR |
First name and/or second name |
|
| Speechmatics | Automatic Speech Recognition | Europe |
https://docs.speechmatics.com/get-started/authentication#supported-endpoints |
ISO27001:2022 SOC2 GDPR HIPAA |
Live realtime text only - No PII data processed or stored |
| SMTP2GO | Email Handler | Australia | https://www.smtp2go.com/privacy/ | All caption transcripts or summary emails sent from the platform and any PII discussed within them |