Trust & Security

Built for the most sensitive records in a building

Q: Where is Stratapages data hosted?

All Stratapages data — documents, messages, jobs, quotes and AI chat history — is hosted in Australian data centres operated by our cloud provider, with no replication outside Australia.

Q: Do you use my building's data to train AI?

No. Stratapages never sends customer documents or chat history to third-party AI providers for training. Model providers are contractually bound to not retain or train on the prompts and completions we send them.

Q: Do you have a Data Processing Agreement?

Yes. Strata managers and management firms can request a Data Processing Agreement and a vendor security questionnaire response from our security team via the contact page.

Strata software handles money, contracts, owner contact details and the running of someone's home. Here is exactly how Stratapages protects all of it — and where you can take that promise on paper.

Request security pack Privacy policy

Six principles, every feature

These aren't aspirations — they are how the platform is built today.

Hosted in Australia

Documents, messages, jobs, quotes and AI chat history are stored in Australian data centres. No replication offshore, no cross-border data transfer.

Encrypted end-to-end at rest & in transit

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Backups are encrypted with separately-managed keys.

Row-level security per building

Every record is scoped to a building at the database layer. Owners see only their scheme. Managers see only buildings they manage. Trades see only jobs assigned to them.

Your data never trains third-party AI

Model providers are contractually bound to not retain or train on Stratapages prompts and completions. Your by-laws, quotes and minutes stay yours.

Audit-trailed by design

Every approval, ballot, document upload and quote acceptance is recorded with timestamp and actor. Managers can export the full trail at any time.

Built for transparency

Owners can see the same maintenance status, quotes and approvals their manager sees — no hidden inboxes, no information asymmetry.

How it's secured, layer by layer

From log-in to backups, defence in depth at every layer of the stack.

Identity & access

Email-and-password with industry-standard hashing, optional Google sign-in, session rotation, and forced re-auth for sensitive actions like payment changes and admin role grants.

Role-based permissions

Owner, committee, manager, admin and trade roles each see only what their role permits. Roles are stored in a separate table and checked server-side — never trusted from the client.

Infrastructure

Built on managed Australian cloud infrastructure with automated daily backups, point-in-time recovery, and continuous monitoring for unusual access patterns.

Incident response

Defined incident response plan with named on-call, customer notification within 72 hours for any breach affecting personal data, and a public post-incident write-up.

Our commitments

Promises we put in writing

Every customer — owner, manager or trade — gets the same six commitments. No tier-based access to security, no enterprise-only privacy.

Request DPA Read privacy policy

We never sell your data — to anyone, for any reason.
We never take commissions on contractor work, removing the incentive to manipulate matches.
We never share owner contact details with trades without an explicit job request.
We give you a 90-day window to export everything after cancellation.
We honour Australian Privacy Principles and the Privacy Act 1988 (Cth).
We respond to security questionnaires from strata management firms within 5 business days.

For strata management firms

The artefacts your IT and risk team will ask for, ready when you are.

Vendor security questionnaire

We respond to standard vendor security questionnaires (SIG-Lite style) within 5 business days.

Data Processing Agreement

Available on request for any paid customer. Covers processor obligations under the Australian Privacy Principles.

Penetration testing

Independent third-party penetration testing on annual cadence. Summary report shared under NDA.

Trust & security FAQ

Where is Stratapages data hosted?

All data — documents, messages, jobs, quotes and AI chat history — is hosted in Australian data centres, with no replication outside Australia.

Is my building's data isolated from other buildings?

Yes. Every record is scoped to a building using row-level security at the database layer. Owners see only their building, managers only buildings they manage.

Do you use my data to train AI?

No. We never send customer documents or chat history to third-party AI providers for training. Model providers are contractually bound to not retain or train on our prompts.

What happens if we leave Stratapages?

You can export every document, message, job and contact at any time in standard formats. After cancellation, data is retained for 90 days for retrieval, then permanently deleted.

Do you have a Data Processing Agreement?

Yes. Strata managers and management firms can request a DPA and a vendor security questionnaire response from our security team via the contact page.

Need our security pack?

DPA, security questionnaire response, hosting and encryption details — bundled into one PDF for your risk team. Email us and we'll send it within one business day.

Request security pack See the platform