In regards to data storage, our primary hosting provider SiteHost maintains and follows the AS/NZS ISO/IEC 27002 compliant Information Security Policy, published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).

• Physical and Environmental security
• Human Resource security
• Access control

• SiteHost - Infrastructure
• SiteHost - Policies, Compliance & Security
• ISO/IEC 27002

In regards to application development, our application framework of choice Laravel incorporates a number of security-first features.

• Inbuilt CSRF security, input validation and encrypted sessions
• Inbuilt protection against SQL injection and related exploits
• Inbuilt protection against cross-site request forgery and cross-site scripting

• All customer database data is securely stored in New Zealand (covered by AS/NZS ISO/IEC 27002 noted above)
• Where requested, we can store database data using Amazon Web Services (AWS)
• User access to data is encrypted and protected end-to-end by SSL technology
• For online accounts, all passwords are encrypted and securely stored (that is, no passwords are stored as plain text)