Trust & Security

Last updated: 31 May 2026

Brokers trust lsbroker with their clients' enquiry details, so protecting that information is central to how we build. This page sets out where your data lives, how it's protected, and the independently-audited infrastructure we rely on. Everything below is verifiable — we've linked to each provider's own security documentation.

🇦🇺Australian data residency

Your account and lead data are stored in a database hosted in Sydney, Australia. Our database provider deploys each project into the region chosen at creation and keeps the data within that region — so your primary data stays onshore. (Some supporting services, noted below, may process limited data overseas; this is detailed in our Privacy Policy.)

🛡️Built on independently-audited infrastructure

lsbroker runs on established providers that are independently audited and certified to recognised security standards. We inherit and build on those controls:

Provider	Role	Independent certifications
Supabase	Database, authentication & hosting (Sydney region)	SOC 2 Type 2, ISO 27001 · supabase.com/security
Vercel	Website & application hosting / delivery	SOC 2 Type 2 · security.vercel.com
Stripe	Subscription billing & payments	PCI DSS Level 1, SOC 2 Type II, ISO 27001 · stripe.com/security
Resend	Lead-notification & account email delivery	SOC 2, GDPR · resend.com/security

To be precise: these certifications are held by the named providers. lsbroker is built on this certified infrastructure — we don't claim to independently hold these certifications ourselves.

🔒Encryption

Data is encrypted in transit using TLS, and at rest using strong encryption (AES-256) across our hosting and database providers. Connections to lsbroker and its calculators are served over HTTPS.

💳Payments — we never see your card

All subscription payments are handled directly by Stripe, a PCI DSS Level 1 certified payment processor (the highest level). Card details are entered into Stripe's secure systems — lsbroker never receives or stores full card numbers, which keeps that sensitive data out of our environment entirely.

📊Your data, used only to run the service

We use first-party analytics only — we record calculator usage to report it back to you. There are no third-party advertising or cross-site tracking cookies.
We do not sell personal information.
Access to data is restricted to what's needed to operate and support the service.
Two-factor authentication is required on every broker account — a one-time code from an authenticator app is needed at each sign-in, on top of the password.
Our full list of sub-processors and how we handle information is in the Privacy Policy.

🚨Data breach response

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). If an eligible data breach affecting personal information were to occur, we are committed to notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

🤝For brokers — data handled on your behalf

Enquiry information submitted through your branded calculator belongs to you. We process and store it on your behalf to deliver the service, and route it to you by email and (optionally) to your connected spreadsheet. This is designed to support your own obligations under the Australian Privacy Principles. If you need a written data-processing statement for your records or your own compliance, contact us.

✉️Questions

Security or data questions, or a request for documentation? Email admin@lsbroker.com.au.