Security

How we keep your practice data safe.

We understand that the information you manage in Addison — client names, contact details, and appointment records — requires careful handling. Security is built into how we operate, not bolted on as an afterthought.

Your Data Stays in the Region

All data is stored in Australia (AWS Sydney region), keeping it within the ANZ jurisdiction. We do not store your data in countries with weaker data protection standards.

Encryption

Your data is encrypted in transit and at rest. This means information is protected both when it travels between your device and our servers, and when it is stored on our infrastructure.

Access Controls

Access to production systems and customer data is strictly limited to personnel who need it to provide the Service. We use two-factor authentication (2FA) across our internal tooling and infrastructure.

Two-Factor Authentication for Your Account

You can enable two-factor authentication on your Addison account for an additional layer of protection. We strongly recommend enabling this, particularly if you manage client booking data.

Backups

Your data is automatically backed up on a regular basis. In the event of a system failure, we can restore data from recent backups to minimise any disruption.

Security Testing

We conduct regular security assessments and penetration testing to identify and address vulnerabilities before they can be exploited.

Incident Response

If we become aware of a security incident affecting your data, we will notify you promptly and take immediate steps to contain and remediate the issue. Where required by law, we will also notify the relevant Privacy Commissioner.

Our Subprocessors

We work with a small number of trusted infrastructure providers — including AWS, Supabase, and Vercel — who are each bound by data processing agreements and maintain their own rigorous security standards. You can find the full list in our Privacy Policy.

Responsible Disclosure

If you discover a potential security vulnerability in Addison, please let us know responsibly before disclosing it publicly. Contact us at security@withaddison.com and we will investigate promptly.

Questions

If you have any questions about how we secure your data, we are happy to help. Get in touch.