How we handle your data.

• Australian data residency by default

  Customer projects run on AWS Sydney (ap-southeast-2). Your data stays in Australia unless you explicitly request otherwise. ABN-registered Australian consultancy based in Melbourne.

• Tenant isolation

  Every customer engagement runs in an isolated environment. Database row-level security (RLS) at the data layer; access controls enforced at the application layer. One tenant cannot see or affect another tenant's data — by architecture, not just policy.

• Zero-data retention with third-party LLMs

  We do not send customer data to public LLM providers (OpenAI, Anthropic, Google, etc.) without explicit per-tenant opt-in. When we do use those models with consent, we use the providers' zero-retention API tiers — your data is not used to train their models.

• Encryption in transit and at rest

  TLS 1.3 for all data in transit. AES-256 for data at rest. Managed-key encryption via cloud-provider KMS. Plain-text customer data is never logged.

• Role-based access control

  Every workflow includes human review before output ships. Customer-side admins control who can access which parts of the system. Audit trails on every revision.

• APP-aligned privacy

  Our practices align with the Australian Privacy Principles (APPs). Customers can request access, correction, or deletion of personal information at any time. See our Privacy Policy for full APP commitments.

Reporting a security issue

If you discover a vulnerability, please report it privately first. Email privacy@neurastruct.com.au with reproduction steps and impact. We investigate good-faith reports and remediate confirmed issues promptly. Please do not access customer data you don't own, and don't run tests that could degrade service availability.

Neurastruct does not currently run a paid public bug bounty program.