Security by design
Security is treated as a design property, not an afterthought. We apply the principles of least privilege, defence in depth and minimal data collection to every part of the platform we build.
Encryption
Traffic to sovereignsuite.com.au is served over TLS. Sensitive data at rest is protected using industry-standard encryption provided by our infrastructure providers. Cryptographic operations that back the verification engine use widely reviewed primitives such as SHA-256 and Ed25519 signatures.
Operational hygiene
Administrative access is limited to a small number of authorised people, protected by strong authentication, and reviewed periodically. We prefer managed, hardened infrastructure over hand-rolled servers, and we patch dependencies on a routine schedule.
What we do not disclose publicly
We deliberately keep internal architecture, provider identities and specific control configurations out of public documentation. Publishing that detail helps attackers more than it helps users. Prospective enterprise customers can request a security overview under NDA.
Responsible disclosure
If you believe you have found a security vulnerability affecting Sovereign Suite or this website, please tell us before disclosing publicly. Email privacy@sovereignsuite.com.au with:
- a description of the issue and where it appears;
- steps to reproduce, and any proof-of-concept material;
- the impact you believe it has.
Please:
- give us reasonable time to investigate and remediate before public disclosure;
- avoid accessing or modifying data that is not your own;
- avoid degrading service for other users (no automated load testing, no denial of service).
Acting in good faith under this policy, we will not pursue legal action against you for accidental, good-faith violations of our terms while investigating a security issue.
Continuous improvement
We treat security as ongoing work. Incidents, near-misses and reports feed back into our engineering practices, and we welcome constructive feedback.