This FAQ covers common questions about SortScape data storage, access, and security. We understand some organisations (including aged care providers) have strict compliance requirements, and we’re continually working to improve our controls and processes.
Where is client data stored (country)?
SortScape customer data is currently stored in the United States.
Is all client data stored on-shore in Australia?
No. SortScape’s production environment is currently hosted in the United States.
Is any client data replicated or backed-up outside of Australia?
Yes. Backups are stored in the same country as our production environment (currently the United States).
Who can access client data within SortScape?
Your organisation’s authorised users can access data according to their role-based permissions.
A small number of authorised SortScape staff may access data where necessary for support and operational purposes.
What security measures are in place to protect clients’ personal information?
Encryption in transit (HTTPS/TLS).
Encryption at rest.
Role-based access control to limit what each user can see and do.
Account isolation to keep customer accounts separated.
Authentication protections such as secure password handling and account lockout.
Log hygiene practices to avoid recording sensitive values (e.g. passwords/tokens/keys).
Does SortScape hold any recognised information security certifications?
We do not currently hold formal information security certifications (e.g. ISO 27001 / SOC 2).
What is SortScape’s data retention policy for client information?
Data is retained while an account is active. If an account is cancelled or becomes inactive, it is scheduled for deletion after a grace period and then permanently deleted. Some operational/security logs are retained for limited periods and automatically pruned.