Home|Friday

Security

Effective 1 March 2025 · Version 1.1.0

Last updated: as indicated on this page.

The security of your data is a priority for Friday Tech Pty Ltd. This page provides a high-level overview of the technical and organisational measures we implement to protect the Friday platform (the “Service”) and the data processed through it. This overview is for informational purposes and does not constitute a warranty or guarantee of security. We regularly review and seek to improve our security posture.

Encryption

Data in transit between your browser and our servers is protected using TLS (HTTPS). Sensitive data at rest is protected using industry-standard measures; credentials are hashed using bcrypt and we do not store plain-text passwords. Where applicable, data at rest may be encrypted using strong encryption (e.g. AES-256) in accordance with our hosting provider’s capabilities.

Access Controls

Access to production systems and data is restricted to authorised personnel on a need-to-know basis. User sessions are managed using signed tokens with limited validity, and the Service enforces session timeouts after periods of inactivity to reduce the risk of unauthorised access.

Infrastructure and Backups

The Service is hosted on managed cloud infrastructure with redundancy and automated backup procedures. Databases and critical data are backed up regularly; backups are stored in geographically separate locations where practicable to reduce the risk of data loss.

Incident Response

We maintain procedures to detect, assess, and respond to security incidents. In the event of an eligible data breach (as defined under the <em>Privacy Act 1988</em> (Cth)) that is likely to result in serious harm to individuals, we will assess and comply with our obligations under the Notifiable Data Breaches scheme, including notifying affected individuals and the Office of the Australian Information Commissioner where required.

Responsible Disclosure

If you identify a security vulnerability in the Service, we request that you disclose it in a responsible manner by contacting us at support@fridaytech.com.au. Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to assess and address it. We will acknowledge receipt and work in good faith to resolve valid issues.

Certifications and Compliance

We do not currently hold formal security certifications (such as ISO 27001 or SOC 2). Our infrastructure and operational practices are designed with reference to widely recognised security standards. We may pursue formal certifications or attestations in the future and will update this page as our compliance and assurance program evolves.

Contact

For security-related enquiries, contact us at support@fridaytech.com.au.