We understand that by using Gather, you are trusting us with your information. We take this responsibility seriously and treat your data with the utmost care, protection and confidentiality.
Here’s an overview of our comprehensive security practices:
Vetted Under Australian Government Regulations
Gather is a vetted participant of the Australian Government's Open Banking Regime. As a vetted participant, we have stringent security controls in place and are bound by government regulations to keep your financial information secure and private.
Secure Environment
Our infrastructure is hosted on Google Cloud Platform, which is SOC 1, SOC 2, SOC 3, PCI DSS, and ISO27001 certified. These gold standard cybersecurity certifications ensure that your data is managed in a highly protected environment.
Regular Penetration Testing
We conduct regular penetration testing on all our systems. This involves simulating real-world cyberattacks to identify and fix vulnerabilities before they can be exploited. These tests are performed by certified experts to ensure our infrastructure stays secure, resilient, and aligned with the highest industry standards.
Data Encryption
We encrypt data at rest using AES-256 and use SSL/TLS for secure data transmission. This means your data is protected both when stored and when being transmitted.
Restricted Network Access
We use firewalls to restrict access to our systems, both from external networks and internally between systems, to ensure that only authorised traffic is allowed.
Secure Coding Practices
Our development team follows industry-standard secure coding practices as recommended by OWASP. This ensures that our applications are built with security in mind from the ground up.
Multi-Factor Authentication
We require two-factor authentication for administrative access to all systems. This adds an extra layer of security to protect against unauthorised access.
Revoke Access At Any Time
You have control over your data. You can request the deletion of your data at any time, and we ensure it is securely erased from our systems unless required by law to retain it.
Continuous Monitoring
We continuously monitor our systems for any unusual activity. This includes behavioural monitoring, vulnerability assessments, and intrusion detection to keep our system secure and respond quickly to any threats.