Bank-level encryption. Australian hosting. Zero data sharing with third parties. You own your data — we just store it.
Data is encrypted in transit with TLS 1.3 and at rest with AES-256 — the same standard used by major Australian banks. Keys rotate automatically.
All infrastructure runs in the AWS Sydney (ap-southeast-2) region via Supabase. Your financial data never leaves Australia without your explicit export.
Every database query is constrained by your user ID at the database level. Even if someone bypassed the app, they can't query another user's data.
Password hashes use bcrypt with per-user salts. Session tokens are HTTP-only, Secure, SameSite-Strict. Failed login attempts rate-limited.
Aggregated, anonymised usage metrics help us improve the app — but we never view individual transactions, invoices, or account balances. Support can't access your financial data without your permission.
Export everything as CSV or JSON from Settings at any time. Delete your account and all associated data in one click — actual deletion within 30 days (not just 'hidden').
For allied health, medical and wellness practitioners: GoldMate is designed for the business side of your practice — invoices, Medicare/NDIS/DVA reconciliation, expenses, tax, BAS. It is not a clinical record system and you should not upload patient health information, clinical notes, diagnoses, or treatment plans to GoldMate. Keep those in a dedicated practice management system (Cliniko, Halaxy, Nookal, PowerDiary). Per our Terms, uploading regulated health information violates acceptable use.
We follow the rules that protect you — not the loopholes that protect us.
Export everything
CSV or JSON. All transactions, invoices, assets — one click in Settings.
Delete everything
Full account + data deletion within 30 days. No retention policy for hostage-holding.
See who accessed your data
Audit log of every login and sensitive action — coming Q3 2026.
Report a security issue
security@goldmate.au — responsible disclosure policy, no gotchas.
We're happy to go deeper. Ping us and we'll answer in detail.
Ask us