We take the security of your participants' data seriously. Maxpilot is built on Australian infrastructure with enterprise-grade security practices from day one.
Security isn't an afterthought at Maxpilot — it's embedded into every layer of our platform.
All participant and organisational data is stored exclusively on servers located in Australia. We never transfer your data offshore. This keeps you compliant with Australian privacy legislation.
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+. Your data is unreadable to anyone without the correct decryption keys.
Granular permissions ensure staff only see what they need to do their job. Admins, coordinators, and support workers have separate permission levels that you control.
Your data is automatically backed up daily to geographically redundant Australian data centres. Point-in-time recovery ensures we can restore your data in the event of an incident.
Every action in Maxpilot is logged with a timestamp and user record. Full audit trails mean you can always see who did what and when — essential for NDIS compliance.
MFA is available for all accounts and can be enforced at the organisation level. Adding a second factor dramatically reduces the risk of unauthorised access.
Maxpilot is designed to help NDIS providers and care organisations meet their obligations under the Privacy Act 1988, the Australian Privacy Principles, and the NDIS Practice Standards.
If you discover a security vulnerability in Maxpilot, please report it to us privately. We take all reports seriously and will work quickly to resolve confirmed issues.
Report a VulnerabilityEmail: security@maxpilot.com
All data is stored in Australian data centres. We use AWS Sydney and Azure Australia East regions. Your data never leaves Australia.
Only authorised members of your team can access your data, based on the role permissions you configure. Maxpilot staff access your data only when required to provide support, and only with your explicit consent.
After cancellation, your data is retained for 30 days during which you can export it. After 30 days, data is permanently and securely deleted from all systems including backups.
Yes. Maxpilot is designed to store sensitive personal and health information. We apply the same security standards to all data regardless of sensitivity level.
Yes. We have a documented incident response plan that includes containment, investigation, notification to affected parties, and reporting under the Notifiable Data Breaches scheme where required.