How We Protect Your Data
Enterprise-grade security with SOC 2 certified infrastructure.
Last updated: January 2026
Our Security Commitment
At Trivexis, protecting your data is fundamental to how we operate. We use industry-leading security practices and SOC 2 certified infrastructure to ensure your information remains safe and private.
Infrastructure Security
Database Hosting
Your data is stored on Supabase, a SOC 2 Type II certified platform with servers located in Sydney, Australia. This means:
- Your primary data never leaves Australian soil
- Enterprise-grade encryption at rest (AES-256)
- Automated backups and disaster recovery
- Role-based access controls
Automation Platform
Our automation workflows run on self-hosted infrastructure in the Asia-Pacific region (Singapore), giving us full control over:
- Data processing and retention policies
- Access logging and monitoring
- Security patch management
AI Processing
When our AI responds to your leads, data is processed by SOC 2 certified AI providers:
How It Works
- Encrypted transmission: All data sent to AI providers uses TLS 1.2+ encryption
- No training on your data: Neither Anthropic (Claude) nor OpenAI use API data to train their models
- Temporary retention: AI providers retain data for up to 30 days for abuse monitoring, then delete it
- No permanent US storage: Your data is processed and returned - not stored permanently on US servers
AI Providers We Use
- •Anthropic (Claude) SOC 2 Type II
- •OpenAI SOC 2 Type II
Security Practices
OWASP Compliance
We follow OWASP (Open Web Application Security Project) best practices to protect against common vulnerabilities including:
- •SQL injection prevention
- •Cross-site scripting (XSS) protection
- •Authentication and session management
- •Sensitive data exposure prevention
- •Security misconfiguration checks
Data Encryption
- In transit: All data transmitted over HTTPS using TLS 1.2 or higher
- At rest: Database encryption using AES-256 on Supabase servers
Access Controls
- •Role-based access for team members
- •Multi-factor authentication available
- •Audit logging of all access
- •Regular access reviews
Compliance
Australian Privacy Act
We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), including:
- •Transparent collection and use of personal information
- •Secure storage and protection of data
- •Individual access and correction rights
- •Data breach notification procedures
Spam Act 2003
All automated communications comply with the Spam Act 2003:
- •Proper consent handling before sending messages
- •Clear sender identification
- •Functional unsubscribe mechanism on every message
- •Honour opt-out requests within 5 business days
Third-Party Services
We carefully vet all third-party services for security compliance:
| Service | Purpose | Location | Certification |
|---|---|---|---|
| Supabase | Database | Australia | SOC 2 Type II |
| Anthropic | AI Processing | United States | SOC 2 Type II |
| OpenAI | AI Processing | United States | SOC 2 Type II |
| Vercel | Website Hosting | Global CDN | SOC 2 Type II |
Incident Response
In the unlikely event of a security incident, we have procedures in place to:
- •Detect and contain the incident promptly
- •Assess the scope and impact
- •Notify affected parties as required by law
- •Remediate and prevent recurrence
Questions
If you have questions about our security practices, please contact us at hello@trivexis.com.au.
For detailed information about how we collect and use your data, see our Privacy Policy.
Questions? Contact us at hello@trivexis.com.au