Your clients' financial data stays in Australia.
TruePaper extracts and audits data from Australian tax, accounting and SMSF documents, with every record stored and processed onshore, and never used to train an AI model.
Onshore processing, end to end. No data leaves Australia in the course of normal operation.
What we guarantee about your data.
Six commitments, stated plainly. The full detail behind each, including our infrastructure, our subprocessors, and our controls, is documented in our Data Processing Agreement and security pack, available on request.
Stays in Australia
Your clients' documents and the data we extract are stored and processed exclusively within Australia. They do not cross a border to be stored, queried, or read by a model in the course of normal operation.
Never used to train AI
Your data is never used to train any AI model. Not by TruePaper, and not by the model providers behind it. Inference runs in an isolated environment where the provider cannot access, retain, or train on your prompts or outputs.
Encrypted in motion and at rest
All stored documents and extracted data are encrypted at rest with AES-256. Every connection is encrypted in transit with TLS 1.2 or higher, TLS 1.3 preferred.
Least-privilege, logged access
Access to client data is scoped by role so staff and systems reach only what their function requires. Access and significant actions are logged, so every touch is accountable.
Breach notification
We commit to the Notifiable Data Breaches scheme under the Privacy Act. In the event of an eligible breach likely to cause serious harm, we notify affected customers and the OAIC as required, and support your own notification obligations.
Yours to delete and export
The documents you upload and the data we extract remain yours. We delete your data on request and on offboarding, and you can export it at any time, so leaving never means losing your records or work product.
On the record, honestly.
TruePaper is designed to operate consistently with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles. We report certification status truthfully and never display badges we have not yet earned.
Two independent programmes are in progress. Each is shown with its true status and target date. Current status is available under NDA.
SOC 2 Type II
Examination underway. Report targeted for 31 October 2026.
ISO 27001
ISMS being implemented; certification targeted for 31 October 2026.
Supports your own outsourcing disclosures
Because all primary processing happens in Australia, your firm can rely on TruePaper to support its own outsourcing and offshoring disclosures to clients under TPB(PN) 2/2018 and APES GN 30. The documentation your firm needs, including our full subprocessor register, is provided on request under our DPA.
Ready to dig into the details?
We're happy to put it in writing. Request our Data Processing Agreement and security pack, including our infrastructure detail, full subprocessor register, and current compliance status under NDA, and we'll walk your team through exactly how your clients' data is protected.