This FAQ covers common questions about SortScape data storage, access, and security. We understand some organisations (including aged care providers) have strict compliance requirements, and we’re continually working to improve our controls and processes.
Where is client data stored (country)?
SortScape customer data is currently stored in the United States.
Is all client data stored on-shore in Australia?
No. SortScape’s production environment is currently hosted in the United States.
Is any client data replicated or backed-up outside of Australia?
Yes. Backups are stored in the same country as our production environment (currently the United States).
Who can access client data within SortScape?
Your organisation’s authorised users can access data according to their role-based permissions.
A small number of authorised SortScape staff may access data where necessary for support and operational purposes.
What security measures are in place to protect clients’ personal information?
Encryption in transit (HTTPS/TLS).
Encryption at rest.
Role-based access control to limit what each user can see and do.
Account isolation to keep customer accounts separated.
Authentication protections such as secure password handling and account lockout.
Log hygiene practices to avoid recording sensitive values (e.g. passwords/tokens/keys).
Does SortScape hold any recognised information security certifications?
We do not currently hold formal information security certifications (e.g. ISO 27001 / SOC 2).
What is SortScape’s data retention policy for client information?
Data is retained while an account is active. If an account is cancelled or becomes inactive, it is scheduled for deletion after a grace period and then permanently deleted. Some operational/security logs are retained for limited periods and automatically pruned.
Is SortScape compliant for Australian Aged Care services?
Many contractors successfully use SortScape to manage their aged care and NDIS work. However, we cannot provide compliance advice as we are not lawyers.
What we do to protect your data
While our data is hosted in the United States, we implement industry-standard security practices to protect client information:
Encryption in transit - All data transferred between your browser and our servers is protected with HTTPS/TLS encryption.
Encryption at rest - Data stored in our databases and backups is encrypted.
Role-based access control - Users only see what their permissions allow.
Account isolation - Each SortScape account is completely separated from others.
Authentication protections - Secure password handling, account lockout after failed attempts.
Log hygiene - We avoid recording sensitive values like passwords or tokens in logs.
Regarding Australian legislation
The Aged Care Act 2024 does not specifically require data to be stored in Australia.
Australian Privacy Principle 8 (Cross-Border Disclosure) allows for overseas data storage provided reasonable steps are taken to ensure information is handled in accordance with the APPs - which is what our security measures above are designed to achieve.
What we don't have
SortScape does not currently hold formal information security certifications such as ISO 27001 or SOC 2.
Important consideration
Individual aged care providers may have their own internal policies or interpretations of compliance requirements that go beyond what legislation mandates. Some providers may require contractors to use specific systems or have particular data residency requirements as part of their contracting arrangements.
If you're a contractor working with aged care providers, we recommend checking with each provider about their specific requirements. What works for one provider may not meet another provider's internal policies.