Security & Data Protection
Your data deserves the same rigour as your compliance.
Statura Care handles personal information, health data, incident reports, and whistleblower disclosures. We take that responsibility seriously. Security isn't a feature — it's the foundation the platform is built on.
Security Architecture
Defence in depth, by design.
Security is enforced at every layer — infrastructure, database, application, and user interface. No single point of failure.
Australian Infrastructure
All data is hosted in Sydney, Australia on Australian infrastructure. Your compliance data never leaves the country. Edge network delivery ensures fast access for Australian users.
Encryption Everywhere
All data is encrypted in transit using TLS 1.3 and encrypted at rest. Database connections are secured and credentials are managed through environment-level secrets — never hardcoded.
Row-Level Security
Every database table is protected by row-level security (RLS) policies. Each organisation can only access their own data — enforced at the database layer, not the application layer. Even if application logic fails, the database won't serve another organisation's data.
Role-Based Access Control
Seven distinct roles — from viewer to owner — control what each user can see and do. Granular permissions ensure compliance officers, managers, and self-service users each see exactly what they need, and nothing more.
Immutable Audit Trail
Every action is logged: creates, updates, deletes, logins, exports, approvals, and escalations. The audit trail captures who did what, when, from where, and the full diff of changes. Logs are append-only and cannot be modified or deleted.
Passwordless Authentication
Statura Care uses magic link authentication — no passwords to compromise, phish, or reuse. Users receive a secure one-time link via email to sign in. Self-service portals for responsible persons use the same secure mechanism.
Privacy & Data Handling
Privacy by design, not by afterthought.
When your platform handles PII, health data, and protected disclosures, privacy can't be a checkbox. It has to be architectural.
Whistleblower Confidentiality
Discloser identity in the Whistleblower module is restricted to designated eligible recipients only. All other users see the disclosure content but never who made it. Every access to confidential identity fields is logged in the audit trail — demonstrating controlled access.
Data Isolation
Multi-tenancy is implemented with organisation-scoped data isolation. Each provider's data is logically separated at the database level. Cross-organisation queries are structurally impossible through the application.
Privacy Act 1988 Alignment
Statura Care is designed to support your obligations under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). The platform handles personal information, sensitive information, and health information with appropriate access controls and audit trails.
Document Security
Documents are stored in organisation-scoped paths with access controlled by the same RLS policies that protect all other data. Document uploads are associated with specific entities and modules, preventing unauthorised access.
Operational Security
The system that watches the system.
Automated monitoring, structured escalation, and reliable notification delivery ensure compliance-critical events are never missed — even when people are busy.
Automated Compliance Monitoring
Cron jobs run on defined schedules to check screening expiry, assessment due dates, notification deadlines, and alert escalation — ensuring nothing slips through the cracks.
Structured Alert Escalation
Compliance alerts progress through severity levels (info → warning → critical → overdue) based on deadline proximity. Critical alerts are impossible to ignore.
Notification Queue
Email and in-app notifications are queued and delivered reliably. Notification delivery is tracked, ensuring compliance-critical communications reach the right people.
Accessibility
WCAG 2.1 AA compliant. All interactive elements have visible focus states. Colour is never the sole indicator of information. Reduced motion is respected for users who prefer it.
Data We Protect
Personal information of care recipients and staff. Health records and clinical data. Serious incident reports including allegations of neglect, abuse, and unexpected deaths. Whistleblower disclosures with protected identities. Financial records including refundable accommodation deposits. Worker screening and police check results.
Every piece of data is subject to the same security controls: encryption, access control, audit logging, and organisation-scoped isolation.
Security questions?
We welcome security enquiries. If your IT team, governance board, or procurement process requires a detailed security review, we're happy to provide additional documentation.
Ready to structure your compliance?
Start your 14-day free trial. No credit card required.
No credit card required. Cancel anytime.