See how we keep your data safe

Where is data stored

Onsite uses Digital Ocean as an infrastructure provider (IaaS), hosting our frontend, backend, and database from their Sydney (SYD1) data centre. Onsite uses Google Cloud for bucket file storage, using the australia-southeast1 region.

Backups

A complete database backup occurs every 24 hours. All backups are retained for at least 14 days.

Every 12 months, our team completes a disaster recovery rehearsal to ensure we can quickly restore services in the event of an outage. This regular testing helps validate our backup and recovery procedures.

Is data encrypted and secured

Yes, Onsite uses HTTPS/SSL meaning all data is encrypted in transit. All data is also encrypted at rest with the AES-256 encryption standard.

Compliance and Best Practices

Onsite aligns with industry best practices. Our hosting providers maintain SOC 2, ISO 27001, and GDPR compliance certifications.

Technology

Onsite is built on a tried and tested technology stack designed specifically for the needs of our customers.
While we don’t disclose every technical detail for security and intellectual property reasons, we can confirm that:

  • Our systems are built using proven, widely adopted frameworks and infrastructure.
  • Security is a core design principle across the entire application lifecycle.
  • We follow industry-tested best practices for software development, deployment, and monitoring.

This means you get the benefit of a platform purpose-built for your industry, with the assurance that your data is protected to the highest standards.

Employee Security

All staff with system access undergo background checks and security training.
Access is role-based and limited to what is necessary for job responsibilities.
We review and audit access regularly to ensure compliance with our internal security policies.

Data Ownership and Sharing

As the customer, you always own your data. Onsite does not claim ownership over the information you enter into the platform.
Your data remains your property, and we will never sell or share it with third parties for marketing or advertising purposes.

We only use data in two ways:

  • To provide and improve the Onsite service (for example, storing, processing, and backing up your information).
  • When required by law or legal process, in which case we will notify you wherever legally possible.

All access to customer data is strictly controlled.