Local Knowledge
Bank-Level Security

Security & Compliance

Your data security is our highest priority

Our Commitment to Security

At Local Knowledge, we understand that you entrust us with your most sensitive financial and client data. We implement bank-level security measures, industry best practices, and comprehensive compliance frameworks to protect your information.

Security Architecture

Encryption

  • Data in Transit: TLS 1.3 encryption for all data transmitted between your browser and our servers
  • Data at Rest: AES-256 encryption for all stored data, including databases and file storage
  • End-to-End Protection: Your financial documents are encrypted from upload to storage to deletion

Access Controls

  • Multi-Factor Authentication (MFA): Available for all accounts, mandatory for admin users
  • Role-Based Access Control (RBAC): Granular permissions ensure users only access what they need
  • Session Management: Automatic logout after inactivity, secure session tokens
  • Password Requirements: Strong password policies with minimum complexity requirements

Infrastructure Security

  • Cloud Provider: Hosted on AWS (Amazon Web Services) with SOC 2 Type II certified infrastructure
  • Data Centers: Geographically distributed data centers in Australia for data sovereignty compliance
  • Network Security: Firewalls, intrusion detection systems (IDS), and DDoS protection
  • Isolation: Logical data isolation ensures your data is separated from other clients

Monitoring & Response

24/7 Security Monitoring

  • Real-time threat detection and alerting
  • Automated vulnerability scanning
  • Security Information and Event Management (SIEM) systems
  • Continuous monitoring of access logs and anomalies

Incident Response

  • Dedicated security team with on-call rotation
  • Documented incident response procedures
  • Rapid containment and remediation protocols
  • Transparent communication with affected users

Compliance & Certifications

SOC 2 Type II

Third-party audited security, availability, and confidentiality controls

ISO 27001

International standard for information security management systems

Australian Privacy Act

Full compliance with Australian Privacy Principles (APPs)

GDPR Ready

Compliant with EU General Data Protection Regulation requirements

Data Protection

Backup & Recovery

  • Automated Backups: Daily encrypted backups with point-in-time recovery
  • Geographic Redundancy: Backups stored in multiple geographic locations
  • Disaster Recovery: Comprehensive disaster recovery plan with RTO/RPO targets
  • Business Continuity: Tested failover procedures to ensure service availability

Data Retention

  • Client data retained for the duration of your subscription plus 90 days
  • Secure deletion procedures ensure data cannot be recovered after deletion
  • Compliance with regulatory retention requirements

Application Security

Secure Development Lifecycle

  • Code Review: All code changes undergo peer review and security scanning
  • Vulnerability Testing: Regular penetration testing and security audits
  • Dependency Management: Automated scanning for vulnerable third-party libraries
  • Security Training: Ongoing security awareness training for all team members

Protection Against Common Threats

  • SQL Injection: Parameterized queries and ORM protection
  • Cross-Site Scripting (XSS): Input validation and output encoding
  • Cross-Site Request Forgery (CSRF): Anti-CSRF tokens on all forms
  • Brute Force Attacks: Rate limiting and account lockout policies

AI Security & Privacy

AI Model Protection

  • Data Anonymization: Client data is anonymized before use in AI model training
  • Model Isolation: Client-specific models are isolated and not shared
  • Prompt Injection Defense: Safeguards against malicious prompt injection attacks
  • Output Validation: AI outputs are validated before presentation to users

Privacy-Preserving AI

  • No personally identifiable information (PII) used in cross-client learning
  • Differential privacy techniques to protect individual data points
  • Transparent AI decision-making with explainable outputs

Your Security Responsibilities

Security is a shared responsibility. To protect your account:

  • Use Strong Passwords: Create unique, complex passwords for your account
  • Enable MFA: Always enable multi-factor authentication
  • Protect Credentials: Never share your login credentials
  • Monitor Activity: Regularly review your account activity logs
  • Update Software: Keep your browser and operating system up to date
  • Report Issues: Immediately report suspicious activity or security concerns

Security Contact

If you discover a security vulnerability or have security concerns, please contact our security team immediately:

Security Response Team

Email: [email protected]

PGP Key: Available upon request for encrypted communications

We take all security reports seriously and commit to responding within 24 hours.

Transparency

We believe in transparency regarding our security practices:

  • Security Audits: Annual third-party security audits
  • Status Page: Real-time service status at status.localknowledge.au
  • Incident Disclosure: Transparent communication about security incidents
  • Regular Updates: This page is updated as our security practices evolve

Questions About Security?

If you have questions about our security practices, compliance certifications, or would like to discuss specific security requirements for your organization, please contact us at:

Email: [email protected]
Phone: +61 2 8338 8900