Security

We take the security of your campaigns and data seriously. This page outlines the measures we use. No system can be guaranteed perfectly secure, but we work to protect your information with industry-standard practices.

Encryption

Data is encrypted in transit with TLS, and data at rest is encrypted by our cloud database and storage providers.

Authentication

Sign-in uses secure magic-link or password authentication managed by our identity provider. Sessions are protected with HTTP-only cookies.

Tenant isolation & access control

Every organisation’s data is isolated using database row-level security, so members can only access the organisations and campaigns they belong to. Internal access follows least-privilege principles.

Hosting & sub-processors

The application is hosted on reputable cloud infrastructure, with our database and file storage in Australia (Sydney region). We use vetted sub-processors for hosting, storage, AI, and email; see our Privacy Policy for details.

Backups & resilience

Our database provider performs regular automated backups to support recovery.

Responsible disclosure

If you believe you’ve found a security vulnerability, please email security@athlone.app with details. Please don’t publicly disclose the issue until we’ve had a reasonable chance to investigate and respond. We appreciate good-faith research and will not pursue action against researchers who act responsibly.

Contact

Security questions: security@athlone.app.