Trust Centre · Security

Security & Responsible Disclosure

A high-level view of how we think about security, and how to reach us if you find something we should know about.

Last updated · 13 July 2026

Security by design

Security is treated as a design property, not an afterthought. We apply the principles of least privilege, defence in depth and minimal data collection to every part of the platform we build.

Encryption

Traffic to sovereignsuite.com.au is served over TLS. Sensitive data at rest is protected using industry-standard encryption provided by our infrastructure providers. Cryptographic operations that back the verification engine use widely reviewed primitives such as SHA-256 and Ed25519 signatures.

Operational hygiene

Administrative access is limited to a small number of authorised people, protected by strong authentication, and reviewed periodically. We prefer managed, hardened infrastructure over hand-rolled servers, and we patch dependencies on a routine schedule.

What we do not disclose publicly

We deliberately keep internal architecture, provider identities and specific control configurations out of public documentation. Publishing that detail helps attackers more than it helps users. Prospective enterprise customers can request a security overview under NDA.

Responsible disclosure

If you believe you have found a security vulnerability affecting Sovereign Suite or this website, please tell us before disclosing publicly. Email privacy@sovereignsuite.com.au with:

  • a description of the issue and where it appears;
  • steps to reproduce, and any proof-of-concept material;
  • the impact you believe it has.

Please:

  • give us reasonable time to investigate and remediate before public disclosure;
  • avoid accessing or modifying data that is not your own;
  • avoid degrading service for other users (no automated load testing, no denial of service).

Acting in good faith under this policy, we will not pursue legal action against you for accidental, good-faith violations of our terms while investigating a security issue.

Continuous improvement

We treat security as ongoing work. Incidents, near-misses and reports feed back into our engineering practices, and we welcome constructive feedback.

Inheritance

This page forms part of the Sovereign Suite Living Legal, Privacy & Compliance Framework. Where this page is more specific it is authoritative for the website; where it conflicts, the Framework prevails.

Legal entity

Australian Privacy Network

ABN 86 921 751 764

privacy@sovereignsuite.com.au

Sovereign Suite is a product published under Australian Privacy Network. This page describes the current production release and is written to be read, not deciphered. It is not legal advice.