Privacy and security

We place top priority on data security, and have established measures to ensure information is kept safe and secure


We have achieved industry-leading external accreditation for our privacy and security controls

ISO27001 certification logo

ISO/IEC 27001

ISO/IEC 27001 is the leading international standard for managing information security. It applies a risk-based approach involving the implementation of an Information Security Management System (ISMS) across the organisation.
SOC2 Certification Logo


Service Organisation Control Type 2 (SOC 2), is the industry standard cybersecurity compliance framework for ensuring third-party service providers store and process client data in a secure manner.
We know you're trusting us with sensitive information, so we go all in to keep it safe

Security Testing

Penetration testing icon

Penetration testing

We routinely engage a trusted firm to attempt to break into our platform and identify any security weaknesses. This proactive approach ensures our system's defences are robust and always up-to-date.
Vulnerability scanning icon

Vulnerability scanning

We identify and remediate code vulnerabilities throughout our Secure Development Lifecycle (SDLC). Dynamic monitoring continuously scans for runtime vulnerabilities, while static security checks identify issues before deployment.
Threat detection icon

Threat detection

Microsoft Defender protects our platform with real-time threat detection. It safeguards against malicious attacks and other threats, ensuring quick responses to any security alerts.

Platform Security

Secure environment

Our application and database are hosted entirely on Microsoft Azure to take advantage of its unparalleled security.

Customer data is processed completely within our own environment without being sent to third-party APIs.

Man at a laptop computer with cloud system graphics overlaid on top


User authentication is all managed through the industry-leading external provider Auth0 and works through Single Sign-On.

This means users log on through Okta or Office 365 and we do not store or manage any log in information.

Man signing into floating authentication screen

AI Satefy

Customer data is never used to train any AI models.

Retrieval Augmented Generation allows our AI models to answer questions about documents without retaining any information on them.

Man at laptop with data transfer graphic overlaid

Drop us a message and see how we can help you!

A headshot of Brad Gyngell
Brad Gyngell
Co-founder & CEO
a headshot of Paul Culvenor
Paul Culvenor

Get in touch with us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2022 Hevi Pty Ltd
Terms of use
Privacy policy
© 2022 Hevi Pty Ltd