Trust Center
Last reviewed: 2026-05-25 Operated by: AAR GEE PTY LTD (ABN 56 682 972 685) trading as Compliance Care.
This page is a single source for prospects, customers, and auditors to verify how Compliance Care hosts, processes, and protects data. It is public and intentionally plain. If the honest answer to a question is "not yet," it is stated with the date by which it will be true.
Sections
| Section | What it covers |
|---|---|
| Hosting and data residency | Every region in which we run compute, store data, or process content. Named exceptions to AU-only and how they are handled. |
| Encryption | Encryption at rest, in transit, and the application-layer encryption used for offline PWA drafts. |
| AI handling | How Claude is used, what is sent and what is not, version pinning, human-in-the-loop affirmation, and the audit log. |
| Sub-processors | Every third party that may process customer data, the region in which they operate, and the data class involved. |
| NDB and incident response | Notifiable Data Breaches Scheme readiness and the incident response runbook. |
| Penetration testing | External pentest cadence, scope, and the summary of findings and remediation status. |
| ISO 27001 posture | Operating control set, internal self-assessment status, and the target date for third-party certification. |
Out of scope for this page
- Impartiality and conflict of interest. See the Impartiality and Conflict-of-Interest Statement at
/trust. That statement governs the principal's ISO 17065 Lead Auditor credential, the client-quarantine register, and the rule that we never refer a specific Quality Auditor. - Legal artefacts (Privacy Policy, Terms of Service, Data Processing Agreement). Linked from the site footer.
How to contact us about this page
- Security or incident report:
security@compliancecare.com.au - Privacy or data subject request:
privacy@compliancecare.com.au - General contact:
contact@compliancecare.com.au
Acknowledged within two business days.
How this page is maintained
Every section carries a "Last reviewed" date. Sections are reviewed on change and at minimum every quarter. Material changes to sub-processors, hosting regions, or AI-handling defaults are recorded in the section's change log.
