Security built in from the database up.

Ardenna is built on a foundation of industry-standard security controls, privacy-by-design principles, and secure software delivery practices. The platform is designed to protect client data, maintain service resilience, and support alignment with Australian privacy obligations and client ICT expectations.

This policy applies to the Ardenna production application, supporting infrastructure, operational monitoring, backup processes, release-management controls, and incident-response processes. It does not replace a client organisation’s internal ICT policies; it is designed to support them through clear technical, operational and governance controls.

The policy reflects the current architecture, including PostgreSQL with Row Level Security, tenant isolation controls, and AI-powered automated penetration testing as part of every release.

The application is deployed on Vercel Pro / Enterprise infrastructure with production services configured for low-latency access and secure operation. Every web and API request is encrypted in transit using modern TLS controls.

Administrative access to hosting, deployment, and infrastructure control planes is restricted to authorised engineers and protected using single sign-on and multi-factor authentication. Access is granted on a least-privilege basis and reviewed when personnel, project or operational responsibilities change.

Production deployments are managed through controlled release workflows. Infrastructure and environment configuration changes are restricted to approved personnel, logged where supported by the platform, and reviewed when they affect production security, availability or data handling.

Development, staging and production environments are logically separated. Production credentials and secrets are not used in non-production environments. Secrets, API keys and database credentials are stored in managed environment-variable and secret-management systems, are not committed to source control, and are rotated when access changes or exposure is suspected.

Production application services and primary data stores are configured for Australian hosting where supported by the relevant platform. Where global edge, monitoring, security or support services are used, contractual, access-control and configuration safeguards are applied to protect client data and minimise unnecessary data transfer.

User authentication is provided through Microsoft Entra ID using OpenID Connect, enabling secure single sign-on and enterprise identity management. Client-managed controls — such as multi-factor authentication, conditional access and account lifecycle management — apply through Microsoft Entra ID where configured by the client.

Application access is role-based and tenant-aware. Users are assigned permissions according to their role and authorised tenant context, ensuring they can only access the features and records required for their responsibilities.

Ardenna uses PostgreSQL Row Level Security policies to enforce tenant isolation at the database layer. These policies restrict read, create, update and delete operations according to the active tenant context, providing a database-level safeguard against unauthorised cross-tenant data access.

Tenant isolation is enforced through a combination of:

• tenant-scoped authentication and authorisation checks
• PostgreSQL Row Level Security policies
• tenant-aware application services
• audit logging of tenant-sensitive actions
• controlled administrative access for support and maintenance

These controls are designed to prevent users from accessing records outside their authorised tenant, including through direct API access, administrative workflows or mis-scoped application requests. Privileged administrative access is restricted to authorised personnel, granted on a least-privilege basis, reviewed periodically, and logged where appropriate.

Application data is stored in PostgreSQL, managed via Neon, with encryption at rest and automated backup capabilities. User-uploaded files are stored in managed object storage with access controls, encryption at rest and application-enforced permission checks.

All service-to-service calls and client interactions are protected in transit using TLS. Access to production data is restricted to authorised systems and personnel with a legitimate operational requirement.

Ardenna applies privacy-by-design principles by collecting only the personal information required to provide the service, limiting access to authorised users, and protecting personal information throughout its lifecycle.

Data-handling practices are designed to align with the Australian Privacy Act 1988, the Australian Privacy Principles, and the Notifiable Data Breaches scheme where applicable. Data export, deletion and support requests are handled through controlled administrative workflows and logged for audit purposes where appropriate.

Data is classified according to sensitivity and business purpose. Personal information is retained only for as long as required to provide the service, meet contractual obligations or comply with legal requirements.

Security is integrated into the software delivery process rather than treated as a once-off assessment. Code, configuration, dependencies and release candidates are reviewed through controlled workflows before deployment to production.

Each release candidate is subject to automated security checks, including vulnerability scanning and AI-powered penetration testing through Aikido. Release-blocking findings must be remediated, mitigated or formally risk-accepted before production deployment.

Release processes are designed to maintain traceability between code changes, deployments, observed errors and security findings. This enables the team to investigate regressions, identify affected releases, and prioritise remediation based on risk and client impact.

Æth8er uses Aikido Security as part of the secure software delivery process. Aikido provides automated vulnerability detection and AI-powered penetration testing across the application, APIs, dependencies and supporting infrastructure.

Automated Aikido testing runs on every release candidate before production deployment. These tests simulate real-world attack paths, validate exploitable vulnerabilities, and provide actionable remediation guidance.

Release-blocking vulnerabilities are triaged before deployment and must be remediated, mitigated or formally risk-accepted before release. High-severity findings are prioritised according to risk, exploitability and potential client impact.

Findings from Aikido, operational monitoring, incident reviews and internal security reviews are tracked through to closure and incorporated into the continuous-improvement process.

Logs, metrics, traces and operational signals are centralised in Datadog. Vercel logs and structured application events flow into Datadog Logs, where they support searchable indices, operational dashboards, performance monitoring and security review.

Datadog APM, instrumented through OpenTelemetry in the application runtime, provides tracing and resource-utilisation insights. Monitoring covers request volume, error rates, latency, performance percentiles and service-health indicators.

Threat detection is supported through Vercel edge security controls — including DDoS mitigation and web application firewall protections — alongside security monitoring rules in Datadog. Alerts are classified by severity and routed according to operational impact, security risk and client impact.

All critical monitors — including spiking error rates, service-level objective breaches or security alerts — trigger incidents in PagerDuty for escalation via SMS, phone call and push notification as appropriate.

Logs are designed to avoid unnecessary capture of sensitive personal information. Where sensitive data may appear in logs, controls are applied to restrict access and retention.

Sentry is integrated across front-end and back-end code paths to capture uncaught exceptions, correlate errors with specific releases, and provide diagnostic context such as stack traces, user actions and environment metadata.

Real-time error insight accelerates debugging and helps maintain service reliability. Error payloads are reviewed to minimise the capture of sensitive personal information, and access to error data is restricted to authorised engineering personnel for debugging and service-reliability purposes.

Critical actions — including user login, data export, configuration changes, tenant-sensitive access and administrative activity — emit structured audit records from within the application.

Audit records include relevant context such as timestamp, user, tenant, action, target resource and originating request metadata where appropriate. These events are tagged, indexed and retained in the operational logging platform with restricted access and tamper-resistant operational controls.

Administrative access to tenant data — where required for support or maintenance — is limited to authorised personnel and logged for audit and compliance purposes. Audit records can be exported for offline archival or compliance reporting where required by agreement.

PostgreSQL, managed via Neon, performs automated backups and supports point-in-time recovery. Backups are encrypted and retained according to defined policies to support data durability and recoverability.

Backup restoration is tested periodically to verify that backups are usable and recovery procedures remain effective. Disaster-recovery processes are reviewed and exercised at least quarterly or after material architecture changes.

The following recovery targets apply to core application and database services:

• Recovery Time Objective (RTO): under 4 hours.
• Recovery Point Objective (RPO): under 1 hour.

Recovery of third-party services may depend on provider availability and contractual service levels.

Æth8er maintains a documented incident-response playbook that defines roles, communication channels, escalation processes, severity levels and response responsibilities.

The incident process covers detection, triage, containment, eradication, recovery, client communication and post-incident review. PagerDuty drives 24×7 on-call escalation for critical incidents, ensuring that urgent events are escalated immediately to the appropriate responders.

Where a suspected eligible data breach occurs, Æth8er will promptly contain, assess and escalate the incident in line with applicable legal, contractual and client-notification obligations, including the Notifiable Data Breaches scheme where applicable.

After each Severity 1 or Severity 2 event, Æth8er performs a root-cause analysis and tracks corrective actions through to closure.

Security controls and compliance posture are reviewed at least quarterly as part of Æth8er’s ongoing security and compliance processes. Reviews incorporate Aikido findings, incident learnings, dependency updates, audit-log reviews, infrastructure changes and changes to client or regulatory requirements.

Periodic internal reviews assess alignment with the Australian Privacy Act, client ICT expectations and the operational requirements of Ardenna. Any gaps identified through reviews, security testing or incidents are addressed through updates to processes, configurations, controls or staff training.

This policy is reviewed at least quarterly and whenever there is a material change to architecture, hosting, authentication, data storage or security tooling.

Ardenna’s security and compliance measures are designed to give client organisations strong assurance that data is protected, access is controlled, tenant boundaries are enforced, and the service remains resilient and supportable.

The combination of Microsoft Entra ID authentication, role-based and tenant-aware authorisation, PostgreSQL Row Level Security, operational monitoring, audit trails, automated backups, incident-response processes and Aikido AI-powered release testing provides a layered security model for protecting Ardenna and its users.