Privacy by design
Privacy is designed in, not bolted on. Every feature is scoped to the minimum personal information required to make it work, and features that do not yet exist do not pre-collect data on the chance we might build them.
Security by design
Least privilege, defence in depth and minimal data collection are treated as design properties. Cryptographic operations backing the verification engine use widely reviewed primitives (SHA-256, Ed25519). Specific provider identities and architecture detail are kept out of public documentation on purpose.
Australian Privacy Principles
We operate under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we are preparing for the reforms introduced by the Privacy and Other Legislation Amendment Act 2024. In practice that means open collection notices, purpose limitation, reasonable security safeguards, and access and correction rights for individuals.
Continuous governance
Governance is ongoing work, not a one-time checklist. When the platform changes, the Framework and every derivative document are updated in the same release. Incidents, near-misses and reports feed back into our engineering practices.
Living documentation
The Living Legal, Privacy & Compliance Framework is the canonical governance document. Every Trust Centre page inherits from it, and a typeset PDF is available from that page for procurement and legal review.
Independent verification (where applicable)
We do not claim certifications we do not hold. Where independent audits or attestations become applicable to a specific product surface, they will be described here with scope, date, and the auditor identified.