Compliance Archiving
Tamper-proof, immutable, zero-knowledge encrypted. Full chain of custody. Every access logged. Aligned with ACSC Essential Eight. Satisfies your regulator, your auditor, and your insurer.
Start Compliant Archiving How It WorksThe Challenge
Regulations don't just require you to keep records. They require you to prove they're unaltered — and that your own staff couldn't have changed them even if they wanted to.
Most storage solutions fail this test because:
If your IT admin can read the files, they can alter them. That breaks chain of custody.
Standard storage can be overwritten. Auditors can't verify that today's file is identical to last year's.
Who accessed what, when? Most systems don't log reads. None log what they can't see.
Financial records in non-rewritable, non-erasable format
Protected health information integrity and access controls
Litigation hold requires provably unaltered documents
Financial reporting data retention with integrity controls
Data protection with reasonable security measures
Regular backups, restrict admin privileges, multi-factor authentication
Every feature exists to answer the question auditors actually ask. Together they form one complete compliance framework.
S3 Object Lock prevents modification or deletion until the retention period you set. Enforced at infrastructure level — not by software.
"Can anyone alter this record?"
No. Not even us.
Client-side encryption means the operator never sees unencrypted data. The private key never leaves your premises.
"Can the hosting provider read the data?"
Mathematically impossible.
Every upload, restore, access, and admin action is logged with timestamp, user identity, and IP. Audit logs are append-only.
"Who accessed this file and when?"
Full chain of custody on demand.
Destroying archives requires two administrators to approve, plus separate S3 credentials entered at point of use and never stored.
"Could one employee destroy evidence?"
Impossible. Two admins + separate keys.
If a client loses their encryption key, a secure escrow process allows recovery — requiring split-key authorisation from multiple parties.
"What if the keyholder leaves?"
Escrow recovery, multi-party auth.
Archives reside in Australian data centres under Australian jurisdiction. Subject to the Privacy Act — not the US CLOUD Act or foreign subpoena.
"Is data subject to foreign access laws?"
No. Australian jurisdiction only.
Every stage is logged, encrypted, and immutable.
File Created
On user's machineEncrypted
Client-side, user's keyUploaded
TLS + checksum verifiedObject Locked
Retention period setAudit Logged
Timestamp + identityClient files, contracts, financial records — all archived immutably with full audit trails. Perfect for legal hold and eDiscovery obligations.
Patient records, imaging data, clinical trial documents. Zero-knowledge encryption ensures even the hosting provider can't access protected health information.
Records management, GIPA/FOI request fulfilment, long-term preservation. Australian-hosted option for data sovereignty requirements.
Australian Cyber Security Centre
The ACSC Essential Eight is the baseline cyber security framework for Australian organisations. Our platform directly addresses three of the eight strategies and supports two more.
If you're working towards Essential Eight maturity — or your insurer is asking about it — this platform helps you tick the hardest boxes.
Get E8 Ready| Essential Eight Strategy | Coverage | How |
|---|---|---|
| Regular Backups | Direct | Near real-time archiving to immutable S3 with Object Lock. Versioned. Off-network. Exceeds daily requirement. |
| Restrict Admin Privileges | Direct | Two-admin deletion controls. Separate S3 credentials required at point of use. No single admin can destroy archives. |
| Multi-Factor Authentication | Direct | MFA enforced for all admin and client accounts. SAML SSO integration supported. |
| Application Control | Supporting | Only the signed agent binary can write to the archive. No user can modify archived data directly. |
| User Application Hardening | Supporting | Zero-knowledge encryption means even a fully compromised platform yields only unreadable ciphertext. |
| Patch Applications | Safety Net | If an unpatched system is exploited, archived data is already off-network and untouchable. |
| Restrict Office Macros | Safety Net | Macro-triggered ransomware can't reach data that's already been archived off the network. |
| Daily Backups | Exceeds | Continuous monitoring, not just daily. Changed files are detected and re-archived automatically. |
One flat rate per GB. No per-user fees. No compliance surcharges. No minimum commitment.
Immutable retention included Zero-knowledge encryption included Full audit trail included
Start Compliant ArchivingImmutable archives with full chain of custody. Setup takes 10 minutes. No hardware. No contracts.
Get Started Now Talk to Sales