Trust at Conpago

The best in retirement and care trust Conpago to keep their data safe.

View the ISO 27001 Certificate
the words: structure, frameworkthe words: action of binding together, fastening

Loved by thousands of users and operators in Australian care and retirement

BENEFITS

How Conpago earns trust

Conpago covers these essential needs, so your teams can succeed with peace of mind.

ISO 27001 Certified

Conpago's information security management system is certified to ISO 27001, independently validating our commitment to protecting and managing your sensitive data.

Holding Box

Product

Conpago is designed so teams can successfully use it with confidence. Security is built in to how the product is planned, built and shipped.

Cyber Security

Data

We keep your data protected and recoverable, with controls in place to guard against loss or unauthorised access.

Search Property

Monitoring

We watch our systems around the clock to keep performance and security on track. Alerts and regular testing helps us catach problems early.

Organization Chart People

Corporate

Security is part of how we run, not an afterthought. Access is restricted, suppliers are vetted and our staff know how to handle sensitive data.

Privacy Policy

Policy

Our governance framework ensures rapid response and remediation, reducing downtime and strengthening trust across all operations.

Law Court

Legal

We maintain clear, transparent policies and trusted third-party partnerships to ensure full compliance and accountability at every level.

CONTROLS

Security and Compliance you can trust

The Conpago platform is built with layered safeguards that protect your data, maintain uptime and support compliance across every stage of operation.

01

Product Security

Product Security

Protecting every user interaction.

Our identity and access systems keep every account secure with verified logins, detailed activity tracking, and strong session protection.

Add User Male
SSO Support
Supports single sign-on so identity is managed by your existing identity provider, and access follows your organisation's own controls.
Clipboard Approve
Security events, such as sign-ins and permission changes, are logged to support investigation, oversight, and compliance reporting.
Audit Logging
Secured File
Data Security
Application data is store in managed environments with restricted access and regular backups, seperating production and internal systems.
Check All
MFA Capabilities
Leverages native multi-factor authentication offered by compatible identity providers, enforcing existing protections when accessing the platform.
02

Data Security

Data Security

Keeping your data protected.

Conpago's infrastructure is designed with layers of protection to help ensure your data is secure while transmitted, stored or processed.

NFT Artwork
Tokenised Sensitive Info
Uses tokenised information for sensitive information, meaning raw payment details never pass through or are stored in the platform.
Country
Multi Data Sovereign Backups
Data is backed up across regions, on-shore in Australia, supporting recovery from corruption or hardware failure.
Security Lock
Encryption-at-rest
Primary data stores and backups are encrypted at rest using industry standard encryption to protect again unauthorised access to storage media.
Check Lock
Encryption-in-transit
Data in transit between customers, services and internal components is protected to prevent interception or tampering.
03

Continuous Monitoring

Continuous Monitoring

Monitoring your system.

Conpago’s infrastructure is protected by layered access control, centralised monitoring, and auditable change to safeguard the system.

Mobile Id Verification
Access Monitoring
With layers of access controls, restricting unneccessary handling of data.
Hand With Pen
Logging and Monitoring
Centralised logging and infrastructure monitoring provide visibility into system health and potential security incidents.
Policy Document
Change Monitoring Policy
Production changes follow a documented change process with tracking and review, so modifications are visible and auditable.
04

Corporate Security

Corporate Security

Operating securely.

We treat security as a responsibility of everyone in their day-to-day, with controlled staff access, vetted suppliers and ongoing training.

Tasklist
Asset and Supplier Registers
Key information assets and suppliers are recorded and reviewed so we understand dependencies and risks.
Attendance
Roles-based Access Controls
Staff access to systems and data is based on role, following least privilege principles with periodic access review.
Sword
Penetration Testing
Regular penetration testing helps identify weaknesses so they can be assessed and rectified.
Clock Arrow
Software Development Lifecycle
Security reviews, code reviews and automated testing are built in to the development lifecycle before changes reach production.
05

Security Policy Stack

Security Policy Stack

Governing risk clearly.

Documented policies for assessment, response, recovery and change guide how we manage risk and review remediations.

Track Order
Vulnerability Management
Identified vulnverabilities are tracked and assessed for impact, and remeditated swiftly.
Circle Chart
Risk Assessment Policy
Material changes and new initatives are subject to risk assessment to idetnify controls and mitigations.
Running
Incident Response Plan
A documented incident response plan sets out role and communication paths for handling security events.
High Risk
Disaster Recovery Plan
Disaster procedures define how our core services and data are restore following a major outage or loss event.
06

Legal Protections

Legal Protections

Contractual assurance.

Our privacy policy, data terms, and subprocessors give legal and compliance teams a transparent view of how and who is involved in handling data.

Privacy Policy
Privacy Policy
Our Privacy Policy outlines how we collect, use, store, and share important data, and the rights available to individuals.
Rules Book
Standard Terms (upon request)
Standard contractual terms are available upon request and include provisions on secuirty, data protection, and customer responsibilities.
Electronics
Subprocessors
Conpago employs Google, Twilio, and SendGrid services for our business processes, providing core infrastructure, communications, and security controls.

View our subprocessors' trust centres below:

FAQ

Where is Conapgo's data stored?

Conpago's production data is hosted on-shore in Australia, with multiple backups in data centres located across NSW and VIC.

When was Conpago ISO 27001 Certified?

Conpago has been certified to ISO/IEC 27001:2022 for its information security management system since July, 2024.

Who is behind Conpago?

Conpago is Australian founded, owned, and operated. Our leadership team has hands on experience and research in the retirement and care sector.

Read more on our leadership team

black arrow point right icon
What is Conpago's approach to security?

Conpago champions a proactive approach to security. We design and operate the platform with a focus on anticipating and reducing security risks wherever possible, rather than simply reacting to incidents after they occur.

How does Conpago protect sensitive information?

We recognises the vulnerability of some of our users. We leverage native security features from our subprocessors, such as MFA on some accounts, and tokenised data for payments, meaning we don't touch or store that sensitive data.

More on Conpago's security

Find out more about our commitment to your trust and security by contacting us today.

Contact UsView the ISO 27001 Certificate
LinkedInHomeTrust CentreRetirement LivingLeadership

© 2025 Conpago. All rights reserved.

Privacy Policy