Your Data. Our Responsibility.
Construction contracts contain some of the most commercially sensitive data in your organisation. Stact is engineered from the ground up to protect it — with enterprise-grade security, strict data isolation, and a clear path to ISO 27001 certification.
All Stact systems are designed to be ISO 27001 compliant. We are actively working towards full certification and accreditation under this internationally recognised information security management standard.
Stact complies with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), ensuring your data is handled in accordance with local regulatory requirements.
Encryption at Rest
All customer data is encrypted using AES-256 encryption at rest. Database volumes, backups, and file storage are all encrypted.
Encryption in Transit
All data transmission uses TLS 1.2+ encryption. No unencrypted connections are accepted at any endpoint.
Tenant Isolation
Every customer's data is logically isolated at the database level. Cross-tenant access is architecturally impossible.
Role-Based Access Control
Four-tier RBAC (Owner, Admin, Manager, Analyst) with JWT-based authentication and per-endpoint permission enforcement.
Audit Trails
Every significant action is logged with timestamp, user ID, IP address, and action detail. Audit logs are immutable and retained per policy.
Infrastructure Security
Deployed on AWS (Sydney region, ap-southeast-2). ECS Fargate containers, RDS with automated backups, and VPC network isolation.
Foundation
ISMS design & gap analysis
Implementation
Controls & policies deployment
Internal Audit
Verification & remediation
Certification
External audit & accreditation
Have Security Questions?
Our team is available to discuss your specific security and compliance requirements.
Contact Our Team