Skip to main content
All CollectionsSecurity
How Do You Secure My Information?
How Do You Secure My Information?

All your questions about security, answered

Anil Gullapalli avatar
Written by Anil Gullapalli
Updated this week

We understand that by using Gather, you are trusting us with your information. We take this responsibility seriously and treat your data with the utmost care, protection and confidentiality.

Here’s an overview of our comprehensive security practices:

Vetted Under Australian Government Regulations

Gather is a vetted participant of the Australian Government's Open Banking Regime. As a vetted participant, we have stringent security controls in place and are bound by government regulations to keep your financial information secure and private.

Secure Environment

Our infrastructure is hosted on Google Cloud Platform, which is SOC 1, SOC 2, SOC 3, PCI DSS, and ISO27001 certified. These gold standard cybersecurity certifications ensure that your data is managed in a highly protected environment.

Regular Penetration Testing

We conduct regular penetration testing on all our systems. This involves simulating real-world cyberattacks to identify and fix vulnerabilities before they can be exploited. These tests are performed by certified experts to ensure our infrastructure stays secure, resilient, and aligned with the highest industry standards.

Data Encryption

We encrypt data at rest using AES-256 and use SSL/TLS for secure data transmission. This means your data is protected both when stored and when being transmitted.

Restricted Network Access

We use firewalls to restrict access to our systems, both from external networks and internally between systems, to ensure that only authorised traffic is allowed.

Secure Coding Practices

Our development team follows industry-standard secure coding practices as recommended by OWASP. This ensures that our applications are built with security in mind from the ground up.

Multi-Factor Authentication

We require two-factor authentication for administrative access to all systems. This adds an extra layer of security to protect against unauthorised access.

Revoke Access At Any Time

You have control over your data. You can request the deletion of your data at any time, and we ensure it is securely erased from our systems unless required by law to retain it.

Continuous Monitoring

We continuously monitor our systems for any unusual activity. This includes behavioural monitoring, vulnerability assessments, and intrusion detection to keep our system secure and respond quickly to any threats.

Did this answer your question?