Security & Privacy

Security & Privacy at Vize

Most visitor parking software is a parking company that bolted on a QR form. Vize was built the other way around - the security layer first, the workflow second.

Encryption

TLS 1.2+ in transit. AES-256 at rest. Visitor contact details encrypted at the column level.

Data minimisation

We collect plate, host apartment, and one contact channel. Nothing else. No marketing harvest.

Australian data residency

Application and database hosted in AU regions. Backups stay in AU.

Retention controls

Per-scheme retention windows. Visitor PII is hashed-out after the retention period; the audit entry survives.

Access is logged

Every read of a session by a committee or manager is itself an audit event. The ledger watches the watchers.

Row-level security

Postgres RLS is the floor, not the ceiling. A bug in app code can't leak another scheme's data.

Breach-ready operations

Incident runbook, 72-hour notifiable-breach SLA, designated privacy contact.

Court-ready evidence

Append-only ledger with hash-chained entries and signed exports. Designed to survive an adjudication.

Honest disclaimer

Vize is Privacy Act / APP-aligned and engineered for audit-grade evidence. We are not yet ISO 27001 or SOC 2 certified - when we are, you'll see the badge and the report. Until then we publish our controls plainly and answer questions in writing.