(07) 5618 8618 support@ezyshield.com.au
ezyshield
SECURITY

Security and Data Sovereignty

Your verification data stays in Australia. Protected by AES-256 encryption, role-based access controls, and a tamper-proof audit trail for every action.

Australian data sovereignty
AES-256 encryption
Tamper-proof audit trail

Your data stays in Australia

Every piece of data you send through ezyshield is stored and processed in Australia. Verification records, audit trails, account details, and payment data never leave Australian infrastructure.

For businesses in regulated industries, this matters. Australian Privacy Principles (APPs) and the Privacy Act 1988 set strict rules around cross-border data transfer. By keeping everything onshore, ezyshield removes that compliance risk entirely.

This is a deliberate design choice, not a default. Many verification platforms route data through US or European servers for processing. ezyshield does not. If your data is Australian, it stays Australian.

Encryption and infrastructure

Enterprise-grade encryption at every layer, from storage to transit to verification.

AES-256 at rest

All stored data is encrypted using AES-256, the same standard used by banks and government agencies worldwide.

TLS 1.3 in transit

Every connection to ezyshield uses TLS 1.3, the latest transport security protocol. Data cannot be intercepted or tampered with in transit.

Australian edge network

Hosted on Cloudflare's Australian edge infrastructure. Your requests are served from the closest Australian point of presence for speed and reliability.

Access controls and audit logging

Every action inside ezyshield is tracked. Who accessed what, when, and from where. This is not optional. Audit logging is built into the platform at every level.

Role-based access controls (RBAC) ensure that users only see and do what they're authorised to. Admin users manage verification rules and review audit logs. Staff users trigger and review verifications. Permissions are granular and enforced at the application layer.

Audit records are tamper-proof. Once a verification event is logged, it cannot be edited, deleted, or overwritten. This gives your compliance team a reliable source of truth for every payment verification your organisation has performed.

Verification security

Sensitive data is handled carefully at every step of the verification process.

Biometric data

Biometric identity data is used for verification only and is not retained after the check is complete. The verification result is stored, but the raw biometric data is discarded.

Bank account queries

Bank account ownership checks are performed through secure Australian banking infrastructure (NPP). ezyshield does not store bank credentials or access your bank accounts directly.

Encrypted fingerprints

Verified payment details are stored as encrypted fingerprints. Before each pay run, payments are checked against these fingerprints. Any mismatch triggers re-verification before payment proceeds.

Tamper-proof audit trail

Every verification event is logged immutably. Records cannot be edited or deleted. Export one-click PDF evidence for audits, disputes, or compliance reviews at any time.

Built to support Australian compliance

ezyshield is designed to support the compliance requirements that matter to Australian businesses. Our platform aligns with key regulatory frameworks, so your verification process works with your obligations, not against them.

AML/CTF Act 2006

Identity verification, business validation, and ongoing monitoring are built into the platform to support AML/CTF compliance obligations.

Privacy Act 1988 and APPs

All data is stored in Australia. Biometric data is not retained after verification. Data handling aligns with Australian Privacy Principles, including purpose limitation, data minimisation, and transparency.

Notifiable Data Breaches scheme

ezyshield's encryption, access controls, and audit logging are designed to minimise breach risk and support your obligations under the NDB scheme if an incident occurs.

Note: ezyshield is designed to support these frameworks but does not hold formal certifications at this stage. We are working toward independent security assessments as we grow.

Security questions

Common questions about how ezyshield protects your data.

Where is ezyshield data stored?
All ezyshield data is stored in Australia. We do not transfer, replicate, or process customer data offshore. This includes verification records, audit trails, and all account information.
What happens to biometric data after verification?
Biometric data is used solely for identity verification and is not stored after the verification is complete. The verification result (confirmed or not confirmed) is recorded, but the biometric data itself is discarded.
How does ezyshield protect data in transit?
All data transmitted between your browser and ezyshield is encrypted using TLS 1.3, the latest transport layer security standard. This applies to every request, including API calls, verification flows, and dashboard access.
Can ezyshield staff access my verification data?
Access to customer data is restricted through role-based access controls. Only authorised personnel can access production systems, and every access event is logged in an immutable audit trail.
Does ezyshield have SOC 2 certification?
ezyshield is built to align with industry security standards including SOC 2 principles, but we do not currently hold a formal SOC 2 certification. Our infrastructure, encryption, and access controls reflect enterprise-grade security practices.

Related content

PRODUCT

How ezyshield Works

Four layers of protection that verify, monitor, signal, and prove every payment.

 LEARN

AML/CTF Compliance

How ezyshield supports Anti-Money Laundering and Counter-Terrorism Financing obligations.

 PRICING

Pricing

Simple plans based on payee count and payment volume. No hidden fees.

 THREAT

Payment Redirection Fraud

The threat ezyshield is built to prevent.

Your data stays in Australia

Book a demo and see how ezyshield protects your payments with Australian-hosted, enterprise-grade security.

Book a Demo How It Works