Security & Privacy at Vize
Most visitor parking software is a parking company that bolted on a QR form. Vize was built the other way around - the security layer first, the workflow second.
Encryption
TLS 1.2+ in transit. AES-256 at rest. Visitor contact details encrypted at the column level.
Data minimisation
We collect plate, host apartment, and one contact channel. Nothing else. No marketing harvest.
Australian data residency
Application and database hosted in AU regions. Backups stay in AU.
Retention controls
Per-scheme retention windows. Visitor PII is hashed-out after the retention period; the audit entry survives.
Access is logged
Every read of a session by a committee or manager is itself an audit event. The ledger watches the watchers.
Row-level security
Postgres RLS is the floor, not the ceiling. A bug in app code can't leak another scheme's data.
Breach-ready operations
Incident runbook, 72-hour notifiable-breach SLA, designated privacy contact.
Court-ready evidence
Append-only ledger with hash-chained entries and signed exports. Designed to survive an adjudication.
Vize is Privacy Act / APP-aligned and engineered for audit-grade evidence. We are not yet ISO 27001 or SOC 2 certified - when we are, you'll see the badge and the report. Until then we publish our controls plainly and answer questions in writing.