PlanSuite

Our Commitment

We take data security and protection seriously. All information uploaded to PlanSuite is stored securely and is never publicly accessible.

Our systems are designed in accordance with industry best practices to ensure councils and organisations can confidently meet their privacy and compliance obligations.

Secure Cloud Infrastructure

PlanSuite is hosted on Amazon Web Services (AWS) in Sydney, Australia (ap-southeast-2) — a global leader in secure cloud infrastructure used by governments and enterprises worldwide.

This provides:

• Enterprise-grade physical and network security
• Redundant, highly available infrastructure
• Continuous monitoring and threat protection
• Data residency within Australia

Data Encryption

All data is protected using encryption:

• In transit — Data is encrypted when transmitted between users and our servers using HTTPS/TLS.
• At rest — Stored data is encrypted within our cloud infrastructure using AWS-managed encryption.

This ensures uploaded plans, documents, and associated information remain protected at all times.

Access Controls

Access to information is strictly controlled through:

• Authenticated user accounts
• Role-Based Access Controls (RBAC)
• Restricted internal administrative access
• Controlled access keys and credential management

Only authorised users can access uploaded content. Uploaded documents are never publicly accessible.

Data Ownership & Control

• Users retain ownership and control of their data.
• Documents are only accessible to authorised users within the same organisation.
• Users may delete their information at any time.
• We do not make uploaded documents publicly available.
• We do not sell your data.

Privacy & Personally Identifiable Information

We minimise the collection of personally identifiable information wherever possible and handle all data in accordance with applicable privacy obligations.

For full details, see our Privacy Policy.

Ongoing Security Practices

We maintain:

• Automated deployments and version control
• Regular software testing
• Controlled access keys and credential management
• Continuous system monitoring
• Managed database infrastructure (AWS RDS)

Security is reviewed as part of our ongoing development process.

Relevant Standards

Our security practices are informed by the following standards and frameworks:

• Privacy and Data Protection Act 2014 (Vic) — We handle data consistently with the Information Privacy Principles (IPPs) overseen by the Office of the Victorian Information Commissioner (OVIC).
• Victorian Protective Data Security Framework (VPDSF) — Our security controls are consistent with the information security governance and risk management expectations set out by OVIC.
• Privacy Act 1988 (Cth) — We comply with the Australian Privacy Principles (APPs) for the handling of personal information.
• ASD Essential Eight — Our platform is aligned with the Australian Signals Directorate's Essential Eight cybersecurity framework. See our Essential Eight Compliance page for details.