Trust at Conpago

Conpago is ISO 27001 certified and Australian owned.

We protect sensitive information with role-based access, encryption, audit logs, and secure backups, so your team can assess risk with confidence.

View the ISO 27001 Certificate
the words: structure, frameworkthe words: action of binding together, fastening
Benefits

How Conpago earns trust

The key controls teams look for when assessing privacy, secuirty, and compliance.

ISO 27001 Certified

Conpago's information security management system is certified to ISO 27001, independently validating our commitment to protecting and managing your sensitive data.

Holding Box

Product

Security is built into how we design and ship the platform, not added later.

Cyber Security

Data

Encryption, controlled access, and secure backups help protect data at rest and in transit.

Search Property

Monitoring

Monitoring and alerting help us identify issues early and keep systems reliable.

Organization Chart People

Corporate

Clear ownership, staff training, and supplier checks support consistent security practices.

Privacy Policy

Policy

Documented policies guide how we assess risk, respond to incidents, and recover services.

Law Court

Legal

Transparent policies and trusted third-party partnerships to ensure full compliance.

Controls

Security and Compliance Controls

Practical safeguards that protect your data, support audit requirements, and help teams operate with confidence.

01

Product Security

Product Security

Protecting every user interaction.

Our identity and access systems keep every account secure with verified logins, detailed activity tracking, and strong session protection.

Add User Male
SSO Support
Supports single sign-on so identity is managed by your existing identity provider, and access follows your organisation's own controls.
Clipboard Approve
Security events, such as sign-ins and permission changes, are logged to support investigation, oversight, and compliance reporting.
Audit Logging
Secured File
Data Security
Application data is store in managed environments with restricted access and regular backups, seperating production and internal systems.
Check All
MFA Capabilities
Leverages native multi-factor authentication offered by compatible identity providers, enforcing existing protections when accessing the platform.
02

Data Security

Data Security

Keeping your data protected.

Conpago's infrastructure is designed with layers of protection to help ensure your data is secure while transmitted, stored or processed.

NFT Artwork
Tokenised Sensitive Info
Uses tokenised information for sensitive information, meaning raw payment details never pass through or are stored in the platform.
Country
Multi-Region Sovereign Backups
Data is backed up across regions, on-shore in Australia, supporting recovery from corruption or hardware failure.
Security Lock
Encryption-at-rest
Primary data stores and backups are encrypted at rest using industry standard encryption to protect again unauthorised access to storage media.
Check Lock
Encryption-in-transit
Data in transit between customers, services and internal components is protected to prevent interception or tampering.
03

Continuous Monitoring

Continuous Monitoring

Monitoring your system.

Conpago’s infrastructure is protected by layered access control, centralised monitoring, and auditable change to safeguard the system.

Mobile Id Verification
Access Monitoring
With layers of access controls, restricting unneccessary handling of data.
Hand With Pen
Logging and Monitoring
Centralised logging and infrastructure monitoring provide visibility into system health and potential security incidents.
Policy Document
Change Monitoring Policy
Production changes follow a documented change process with tracking and review, so modifications are visible and auditable.
04

Corporate Security

Corporate Security

Operating securely.

We treat security as a responsibility of everyone in their day-to-day, with controlled staff access, vetted suppliers and ongoing training.

Tasklist
Asset and Supplier Registers
Key information assets and suppliers are recorded and reviewed so we understand dependencies and risks.
Attendance
Roles-based Access Controls
Staff access to systems and data is based on role, following least privilege principles with periodic access review.
Sword
Penetration Testing
Regular penetration testing helps identify weaknesses so they can be assessed and rectified.
Clock Arrow
Software Development Lifecycle
Security reviews, code reviews and automated testing are built in to the development lifecycle before changes reach production.
05

Security Policy Stack

Security Policy Stack

Governing risk clearly.

Documented policies for assessment, response, recovery and change guide how we manage risk and review remediations.

Track Order
Vulnerability Management
Identified vulnverabilities are tracked and assessed for impact, and remeditated swiftly.
Circle Chart
Risk Assessment Policy
Material changes and new initatives are subject to risk assessment to idetnify controls and mitigations.
Running
Incident Response Plan
A documented incident response plan sets out role and communication paths for handling security events.
High Risk
Disaster Recovery Plan
Disaster procedures define how our core services and data are restore following a major outage or loss event.
06

Legal Protections

Legal Protections

Contractual assurance.

Our privacy policy, data terms, and subprocessors give legal and compliance teams a transparent view of how and who is involved in handling data.

Privacy Policy
Privacy Policy
Our Privacy Policy outlines how we collect, use, store, and share important data, and the rights available to individuals.
Rules Book
Standard Terms (upon request)
Standard contractual terms are available upon request and include provisions on secuirty, data protection, and customer responsibilities.
Electronics
Subprocessors
Conpago employs Google, Twilio, and SendGrid services for our business processes, providing core infrastructure, communications, and security controls.

View our subprocessors' trust centres below:

Frequently Asked Questions

Where is Conapgo's data stored?

Conpago's production data is hosted on-shore in Australia, with multiple backups in data centres located across NSW and VIC.

When was Conpago ISO 27001 Certified?

Conpago has been certified to ISO/IEC 27001:2022 for its information security management system since July, 2024.

Who is behind Conpago?

Conpago is Australian founded, owned, and operated. Our leadership team has hands on experience and research in the retirement and care sector.

Read more on our leadership team

black arrow point right icon
What is Conpago's approach to security?

Conpago champions a proactive approach to security. We design and operate the platform with a focus on anticipating and reducing security risks wherever possible, rather than simply reacting to incidents after they occur.

How does Conpago protect sensitive information?

We recognises the vulnerability of some of our users. We leverage native security features from our subprocessors, such as MFA on some accounts, and tokenised data for payments, meaning we don't touch or store that sensitive data.

Free for 14 days.

Try Conpago free for 14 days and see how it feels for your community. If it's not the right fit, that's okay, there's no obligation to continue.

Try Conpago for Free
HomeTrust CentreRetirement LivingLeadership
Privacy PolicyLinkedIn

© 2025 Conpago. All rights reserved.