Menu hamburger icon
Trust & Security
OverviewData storage & BackupsPrivacy & Data protectionSecurity & InfrastructureBlockchain technologyCertifications & ReportsDigital signatures & LegalityBusiness continuitySub processorsTerms & policiesMinimum system requirements
Contact salesSign up

Data storage & Backups

Discover how we store your data safely and securely

At Annature, we take data storage and protection seriously — not just to meet our compliance obligations, but to deliver peace of mind to our customers. Our infrastructure is designed with resilience, sovereignty, and confidentiality at its core, following industry best practices for redundancy, security, and business continuity.

Data residency — Hosted in Australia

All customer data is stored exclusively within Australia by default. We operate entirely on Amazon Web Services (AWS) using the ap-southeast-2 region, which means your data is securely stored in Sydney-based AWS data centres.

We guarantee that no customer data is stored or replicated outside of Australia unless explicitly requested by the customer. Annature also supports data residency in other AWS regions upon request; however, this is strictly opt-in, and data will never be duplicated or migrated between regions without instruction.

Encryption — At rest and in transit

Data is encrypted at rest and in transit using industry-standard protocols:

  • Encryption at rest using AES-256 with AWS Key Management Service (KMS)
  • Encryption in transit using TLS 1.2+
  • All encryption keys are managed securely within our AWS infrastructure

These controls ensure the confidentiality and integrity of customer data at all stages.

Backup & Redundancy

Annature follows AWS and ISO 27001-aligned best practices for backup, disaster recovery, and data redundancy:

  • Database snapshots are taken every 15 minutes; S3 objects are automatically migrated to cold storage via Glacier lifecycle policies
  • All backups are encrypted at rest, retained indefinitely in cold storage, and replicated to a secondary AWS account for additional separation
  • Storage is distributed across multiple AWS Availability Zones to support high availability and fault tolerance
  • Backup processes are versioned, monitored, and automated to ensure reliability

We architect our systems for high fault tolerance, ensuring that platform uptime and data durability remain consistent with enterprise expectations.

Access controls & Monitoring

Access to data within Annature is strictly controlled:

  • Access is granted on a least-privilege basis
  • Only senior information security officers have administrative access to production systems
  • All access is logged, monitored, and subject to continuous anomaly detection and review
  • Internal systems are protected with role-based access controls (RBAC), multi-factor authentication (MFA), and segregated duties for critical functions

Internet services & Third-party interactions

While all primary data remains within Australia, Annature — like any modern software service — interacts with third-party systems as part of our business operations. These may include:

  • Payment processing (e.g. Stripe)
  • Email and communications (e.g. Mandrill, Tallbob)
  • CRM and support systems (e.g. HubSpot)

These services may process limited metadata outside Australia (e.g. email headers or contact information) as part of global cloud infrastructure. This is a standard and unavoidable reality of how the internet works today. However, no customer documents or signed content are ever transferred to these third parties unless required to fulfil a customer request or integration.

Optional region-specific storage

Enterprise customers with data residency requirements outside Australia may opt in to have their data stored in a different AWS-supported region. In these cases:

  • Data is stored only in the specified region
  • There is no replication between the Australian region and any other
  • Data remains isolated and governed by the same strict access, encryption, and monitoring controls