Security & Compliance
Last updated: February 2026
Infrastructure
| Application hosting | Vercel (Edge Network, Sydney POP) |
| Database | Supabase PostgreSQL (AWS Sydney, ap-southeast-2) |
| Spatial engine | PostGIS on Supabase (same AWS Sydney region) |
| Data residency | All planning provision data stored within Australian jurisdiction (AWS ap-southeast-2, Sydney) |
| Encryption in transit | TLS 1.2+ enforced on all connections |
| Encryption at rest | AES-256 (Supabase/AWS managed keys) |
| Backups | Daily automated backups with point-in-time recovery |
| Authentication | API key authentication with per-key rate limiting and usage tracking |
| Access control | Role-based access controls (RBAC) on all database operations |
NSW AI Assessment Framework (AIAF)
The NSW AIAF is mandatory for NSW Government agencies procuring or deploying AI technologies. PlotDetect is designed to simplify AIAF compliance for agencies that incorporate our data into planning workflows.
Community benefit
PlotDetect reduces planning assessment delays by making DCP provisions instantly searchable and spatially matched. This benefits applicants (faster assessments), councils (reduced manual research time), and communities (more consistent planning outcomes).
Fairness
PlotDetect performs deterministic database lookups. The same property query returns the same provisions regardless of who queries it. There is no algorithmic decision-making, scoring, or recommendation system that could introduce bias.
Privacy and security
PlotDetect queries publicly available planning instruments. No personal data about property owners is collected, stored, or returned. User query data is handled per our Privacy Policy. Infrastructure details are listed above.
Transparency
Every provision returned includes a complete citation chain to the source document, section, clause, and PDF page. Our Data Methodology page describes how provisions are extracted and maintained. Our AI Disclaimer clarifies that PlotDetect is a deterministic system, not generative AI.
Accountability
PlotDetect maintains audit trails of all queries and results with timestamps and data version records. Logs are retained for 7+ years. PlotDetect Pty Ltd is an Australian company subject to Australian law, with a named point of contact for all compliance inquiries.
Risk Classification
Under the AIAF's 16-question risk assessment, PlotDetect is expected to classify as Low/Medium risk for most agency use cases because:
- It does not make autonomous decisions — it returns data for human decision-makers
- It does not process personal or sensitive data
- It does not use generative AI, machine learning models, or algorithmic scoring
- Outputs are fully deterministic and independently verifiable
- It augments (not replaces) the work of qualified planning professionals
Agencies should complete their own AIAF assessment based on their specific use case and integration approach. PlotDetect can provide supporting documentation for this process.
NSW Government Procurement
PlotDetect supports standard NSW Government procurement requirements:
- Data sovereignty: All planning provision data stored in AWS Sydney (ap-southeast-2)
- Accessibility: Web interface follows WCAG 2.1 AA guidelines
- Records management: Audit logs can be exported for inclusion in agency records management systems, supporting NSW State Records Act compliance
- Vendor accountability: PlotDetect Pty Ltd is a registered Australian company. All contractual obligations are enforceable under NSW law
Related Documentation
- AI Disclaimer — How PlotDetect uses deterministic technology, not generative AI
- Data Methodology — How planning provisions are extracted, structured, and maintained
- Audit Trail — What is logged, retention periods, and verification process
- Privacy Policy — How personal information is collected, used, and protected
- Terms of Service — Terms and conditions for using PlotDetect
Contact
For security assessments, compliance documentation, or procurement inquiries, contact compliance@plotdetect.com.au