LoggerIQ
Sign inStart free

Data security

How LoggerIQ protects your data, from per-organisation encryption and Sydney data residency to native in-house AI, tenant isolation and Australian Privacy Act compliance.

Last updated June 2026

Data residency and hosting

Your client records and the systems that hold them run in Australia. We keep the data that identifies your people and their work close to home, and we are honest about the parts that route globally for speed and resilience.

  • Database: a managed Postgres database hosted in Sydney, Australia. Your records live here.
  • Transactional email and SMS: our transactional email and SMS provider, hosted in Sydney, Australia.
  • Documents and receipts: encrypted object storage, reachable only through our own backend. There is no public bucket.
  • Application and marketing hosting on our application hosting provider, with a global edge provider with WAF and DDoS protection in front. Edge routing is global, while your client database and email stay in Sydney.

Encryption

  • Sensitive fields are encrypted at rest with AES-256-GCM: punch coordinates and contact PII. The key is a per-organisation key, derived per organisation, so staff cannot read sensitive fields by querying the database directly.
  • Receipts and uploaded documents are encrypted at rest per organisation in encrypted object storage, also with AES-256-GCM.
  • TLS protects data in transit on every hop. The service is HTTPS only.

Defence in depth

Security at LoggerIQ is layered, so no single control carries the whole load. Each layer stands on its own and reinforces the next.

  • Edge: a global edge provider with WAF and DDoS protection in front of the app.
  • Transport: HTTPS only, with TLS on every hop.
  • Application: server-enforced role-based access control, per-organisation tenant isolation and parameterised queries throughout.
  • Data: AES-256-GCM encryption at rest for sensitive fields and documents, with per-organisation keys.
  • Access: short-lived, single-operation, org-scoped signed tokens for every document operation, and no public storage URLs.

Document access

  • There are no public document URLs. Encrypted object storage is reachable only through our own backend.
  • Access uses short-lived, single-operation, org-scoped signed tokens. Upload, OCR and download tokens are short-lived and expire quickly.

Native AI, your data stays with us

LoggerIQ runs its AI in house. Your data is not sent to any third-party AI or LLM provider, and we do not train models on customer data.

  • Receipt OCR runs on an AI service we run in house. The image is processed inside our own environment and is not sent to any third-party AI or LLM provider.
  • The authenticity scoring engine runs in our own backend and receives only minimal, redacted, tokenised signals. It never sees raw PII and never raw coordinates.
  • We do not train models on customer data, and no third-party AI provider receives your data.

Authentication and sessions

  • Passwordless magic-link sign-in, with the link expiring in 10 minutes, plus Google, Microsoft and Apple single sign-on.
  • Hardened session cookies marked Secure, HttpOnly and SameSite. The mobile app uses bearer tokens.
  • Members can see their active devices and sessions, revoke any of them and sign out everywhere. Sessions are retained for a rolling 30 days.

Tenant isolation and access control

  • Every tenant table carries an org id, and no query crosses organisations.
  • Role-based access control covers admin, manager and employee roles, plus a platform super admin. It is enforced on the server, not just hidden in the UI.
  • Per-member site scoping means a member assigned to specific sites can only clock in at those sites.
  • Parameterised queries throughout, with no string-built SQL.

Location data

  • Location is captured only at punch events when someone clocks in or out, never continuously and never between punches.
  • Live-location sharing is opt-in and consent-gated, off by default, and coordinates are encrypted at rest.
  • Punch coordinates auto-purge on a schedule, at about 90 days, through a scheduled job.

Audit and retention

  • An immutable audit log records approvals, billing changes and team activity, retained for a rolling 30 days.
  • Sessions are retained for 30 days.
  • Punch coordinates are purged at about 90 days.

Compliance

  • The Australian Privacy Act 1988 and the Australian Privacy Principles guide how we handle personal information.
  • The Notifiable Data Breaches scheme: we notify the OAIC when a breach is likely to cause serious harm.
  • GDPR principles for EU users.
  • OWASP-aligned application security practices.

Shared responsibility

Security is a partnership. We secure the platform and you secure your account.

  • LoggerIQ secures the platform: encryption at rest and in transit, per-organisation tenancy, least-privilege production access and breach notification.
  • You secure your account credentials, decide who you invite, and look after data once it has been exported from LoggerIQ.

Sub-processors and cross-border

We use a small set of trusted sub-processors to operate the service. Our in-house AI is not a separate AI sub-processor that exports your data.

  • Managed Postgres database, hosted in Australia.
  • Transactional email and SMS delivery, hosted in Australia.
  • Encrypted object storage and a global edge with WAF and DDoS protection.
  • Application and marketing hosting (edge routing outside Australia).
  • A PCI-compliant payment provider (card details tokenised, never stored by us).

Cross-border disclosure under Australian Privacy Principle 8: billing is processed by a payment provider in the United States and receives only billing email and tokenised card references. Application and edge routing use providers in the United States and globally and do not receive client documents; any document that transits the edge is encrypted. Your database and email remain in Australia.

Security contact

To report a vulnerability or ask about our security posture, email security@loggeriq.io. For how we handle personal data, see the privacy policy.