Security & Compliance
Your data is safe with PreQual
Buyer verification involves sensitive financial information. Here's how we protect it.
Security-first architecture
Built on Supabase with PostgreSQL row-level security
Encryption in transit and at rest
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Database backups are encrypted and stored in Australian data centres.
Australian data residency
All buyer data is stored in Australian data centres (Sydney, ap-southeast-2). No personal information leaves Australia.
Privacy Act compliance
PreQual operates in compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). We collect only the minimum data required for buyer verification.
Row-level security
Builder data is isolated at the database level. Each builder can only access their own verified buyers. No cross-tenant data leakage is possible.
Access controls
Role-based access controls for all internal systems. Multi-factor authentication required for all team members. Audit logs for all data access.
Data minimisation
Finance documents uploaded during verification are used for qualification only and are not stored beyond the verification period. Buyers control their own data.
Secure integrations
CRM integrations use OAuth 2.0 where available. Webhook payloads are signed with HMAC-SHA256. All API calls require authentication.
Incident response
Documented incident response procedures with defined severity levels. Notification within 72 hours for any data breach as required under the Notifiable Data Breaches scheme.
Questions about security?
Contact us at security@prequal.au for our full security documentation or to report a vulnerability.