Trust

Security & data handling

A plain-English overview of how Veridian IMS stores portal data, who can access it, and how we respond when you need help. Veridian supports controlled records and audit workflows — it does not guarantee certification outcomes.

At a glance

  • Customer database and file storage hosted in Sydney, Australia (AWS ap-southeast-2 via Supabase)
  • Authenticated access with row-level security scoped to your account and workspace
  • Encrypted connections (HTTPS/TLS) and managed cloud infrastructure encryption at rest
  • Automated database backups through our database provider
  • Human support via hello@veridianims.com — typically within one business day (Mon–Fri AEST)
Infrastructure

Hosting & region

Veridian IMS is a cloud SaaS platform. Your portal registers, settings and uploaded evidence are stored in managed infrastructure — not on a single office server.

Primary data region

PostgreSQL database, authentication and file storage for customer portal data run on Supabase in ap-southeast-2 (Sydney, Australia). This is where register rows, workspace settings and evidence vault files live.

Application hosting

The marketing site, dashboard and API routes are hosted on Vercel (global edge network). Application logic runs in serverless functions; persistent customer content stays in Supabase.

Payments

Card payments and billing are handled by Stripe. Veridian stores subscription status and plan identifiers — not full card numbers.

Email

Service emails (welcome, trial reminders, account notices) are sent through transactional email providers such as Resend, under contractual safeguards.

Controls

Access controls

Access is authenticated and scoped so one customer account cannot read another's records.

  • Identity — Supabase Auth manages sign-in, password reset and session handling.
  • Row-level security (RLS) — Database policies scope portal and register data to the signed-in user's account and workspace.
  • Subscription enforcement — API routes and dashboard pages check active subscription or demo status before serving paid features.
  • Portal users — Account owners can invite team members to a shared workspace; each user signs in with their own credentials.
  • Support access — Veridian staff only access customer data when you request help and authorise troubleshooting.
Protection

Encryption

  • In transit — Browser and API traffic uses HTTPS (TLS). Do not use Veridian over untrusted networks without standard device security.
  • At rest — Database and object storage inherit encryption-at-rest from Supabase and underlying cloud infrastructure.
  • Your responsibility — Use strong, unique passwords; limit shared logins; revoke access when staff leave; avoid putting unnecessary personal data in filenames or free-text fields.
Continuity

Backups

PostgreSQL data is protected by automated backups managed by Supabase, including point-in-time recovery capabilities on the database platform. We monitor service health and rely on our providers' redundancy for infrastructure failures.

We recommend exporting critical audit evidence and registers periodically using built-in Word/Excel exports and the evidence vault — your operational backup in addition to platform backups.

Lifecycle

Data retention & deletion

  • Active subscription — Portal data and evidence vault files are retained while your subscription is active so you can work and export records.
  • Demo accounts — Demo data may be cleared after the demo period ends. Export anything you need before expiry.
  • After cancellation — Data may be deleted after a grace period unless you export it first or request extended retention in writing. See the Evidence Vault Data Statement for uploaded files.
  • Deletion requests — Email hello@veridianims.com to request account or data deletion, subject to legal retention requirements.
Response

Incident response

If you suspect unauthorised access, data loss or a security issue affecting your account, contact hello@veridianims.com immediately with as much detail as you can (account email, time observed, screenshots if safe to share).

We will investigate, contain and remediate confirmed issues, and notify affected customers where appropriate. We review incidents to improve controls and documentation.

No online service is completely risk-free. Veridian supports controlled records and audit workflows — we do not guarantee that misuse, misconfiguration or third-party outages will never occur.

People

Support model

  • Channelhello@veridianims.com for account, billing and portal help.
  • Hours — Mon–Fri, Australian business hours (AEST/AEDT).
  • Response target — Within one business day for most enquiries.
  • WalkthroughsBook a walkthrough to see the live portal with our team.
Get started

See how Veridian fits your audit workflow

Start a 7-day demo with sample data, or book a walkthrough with our team.