Security at Activlink
Activlink is built on the same security primitives as Australian fintech and healthtech leaders. We take the trust placed in us by Australian care providers seriously.
1. Australian data residency
All Activlink data — primary, replica, backup — is hosted in Amazon Web Services Sydney region (ap-southeast-2). Data never leaves Australia.
2. Encryption
- At rest: AES-256, per-tenant keys with automatic rotation.
- In transit: TLS 1.3 only; older versions disabled.
3. Access control
- Role-based access control inside the platform — VIEW / VIEW+ADD / FULL per feature.
- Activlink employees access customer data only when a support ticket explicitly requests it.
- All employee access is logged and reviewed quarterly.
4. Backups & recovery
Automated daily encrypted backups with 35-day retention. Point-in-time recovery to the minute. Restore testing is performed monthly.
5. Audit trail
Every change in the platform — who, when, what, why — is immutably logged for NDIS Practice Standards audits.
6. Compliance alignment
Activlink workflows are aligned with:
- NDIS Practice Standards
- Aged Care Quality and Safeguards Commission standards
- Fair Work Act 2009
- ATO Single Touch Payroll (STP) Phase 2
- Australian Privacy Principles (APP 1–13)
- ISO 27001 controls
- Australian Cyber Security Centre Essential Eight
7. Uptime
Professional and Enterprise plans include a 99.9% uptime SLA backed by a real-time status page at .
8. Reporting a vulnerability
If you believe you've found a security vulnerability, please email . We will acknowledge within 24 hours.