Security Statement

Security at Funder Compass

Funder Compass is designed using industry standard security practices to protect customer data. This statement describes the controls in place; it is not an audit, certification or guarantee of any specific outcome.

Encryption

Data in transit is encrypted using TLS. Data at rest is stored in encrypted, managed cloud infrastructure.

Authentication

Password-based sign-in with optional time-based one-time password (TOTP) multi-factor authentication. Session tokens are short-lived and rotated automatically.

Role-based access & row-level security

Application access is governed by roles. Database access is enforced by Postgres row-level security policies so users only see rows they are entitled to.

Audit logs

Key actions — loan creation, stage changes, document uploads, checklist completions — are recorded in an append-only activity log.

Private storage

Uploaded loan documents are stored in private buckets. Signed URLs are issued on demand and expire.

Backups & recovery

The managed database performs automated backups with point-in-time recovery.

Secure cloud infrastructure

The platform runs on managed cloud infrastructure with hardened baselines, network isolation and continuous vendor security updates.

Access controls

Administrator access to production systems is restricted, logged and reviewed. Service credentials are stored in a managed secrets vault.

Shared responsibility

No system is 100% secure. The controls above are designed to reduce risk, not eliminate it. Customers remain responsible for password hygiene, authorised-user management and their own device security.

Have a security question, need to report a vulnerability, or want a written security summary for a procurement review? Email security@fundercompass.com or contact the team.

This statement is maintained by eCapital Investments Group Pty Ltd to answer common security questions about Funder Compass. It is a description of enabled controls, not an independent certification or audit report.