Your clients trust you with sensitive data.
We help make sure you don’t let them down.
Secure document collection built on ISO 27001:2022 certified processes: encrypted, auditable, and hosted in Australia.
How we prioritise security
At Gatheroo, security isn’t an afterthought.
It’s built into every layer of the platform, from the infrastructure we run on, to the people who maintain it, to the independent certification that verifies our standards.
Certification: More than a promise: independently verified.
ISO 27001:2022 certified processes for secure document management
Any software company can claim they take security seriously.
We’ve had ours independently audited and verified.
Gatheroo operates under ISO/IEC 27001:2022 certified processes: the internationally recognised standard for information security management.
Our controls are assessed against a rigorous global benchmark and renewed through ongoing surveillance, not a one-time tick-box.
Certification covers access controls, risk management, incident response, and continuous improvement across the entire business.
Your data stays in Australia. Full stop.
Australian-hosted document storage on AWS infrastructure
Gatheroo runs on Amazon Web Services (AWS), with all data centres located in Australia.
Your data stays local & is backed by AWS’s enterprise-grade physical and network security, and subject to Australian data sovereignty laws.
Encryption: Locked down at every step: in transit and at rest.
Bank-grade AES-256 and TLS 1.2 data encryption
All data in transit is protected using TLS 1.2.
File uploads are encrypted at rest using AES-256, with additional document scrambling for further protection.
Whether data is moving or stored, it’s secured end-to-end.
Every file, protected from the moment it leaves your client’s hands.
End-to-end encryption for all file uploads and downloads
Every file transferred through Gatheroo is protected by end-to-end encryption, documents, sensitive records, and everything in between.
Even the words your clients type are protected.
End-to-end encrypted text fields for sensitive client data
Sensitive information entered through text fields can be encrypted end-to-end, adding a further layer of protection beyond just file attachments.
We find the vulnerabilities before others do.
Secure application development with regular vulnerability testing
We follow industry-standard secure development practices with regular code reviews and security testing embedded in our deployment process, issues are resolved before new code ever goes live.
The people behind the platform take security personally.
Confidentiality agreements and ongoing security training for all staff
Every Gatheroo team member is bound by a confidentiality agreement and receives regular training on our security protocols. As the threat landscape evolves, so does our training.
Gatheroo operates under ISO/IEC 27001:2022 certified processes.
ISO 27001 certifies an organisation’s information security management system, the processes, controls, and policies that govern how data is managed, rather than a software product itself.
Our certification has been independently audited and verified.
Your payment details are none of our business… literally.
Secure payment processing via Stripe, no card data stored
All payments are processed through Stripe. We never store sensitive payment information on our systems.
Questions we get asked a lot.
Security FAQs: ISO 27001, encryption, data hosting and more
Is Gatheroo ISO 27001 certified?
Gatheroo operates under ISO/IEC 27001:2022 certified processes.
ISO 27001 certifies an organisation’s information security management system, the processes, controls, and policies that govern how data is managed, rather than a software product itself.
Our certification has been independently audited and verified.
Where is my data stored?
All data is stored in Australia on Amazon Web Services (AWS) infrastructure.
Your data never leaves Australian shores.
Is data encrypted?
Yes. All data in transit is encrypted using TLS 1.2, and files are encrypted at rest using AES-256. Sensitive text fields can also be encrypted end-to-end.
Does Gatheroo support two-factor authentication?
Yes. Gatheroo supports 2FA via email and SMS to help keep accounts secure.
Does Gatheroo maintain an audit trail?
Yes. Every action taken within the platform is logged, giving you a full, auditable record of document activity.
Your security is our priority.
Compliant, encrypted document collection… ready when you are.
With Gatheroo, you can focus on running your business while we take care of keeping your data safe, compliant, and secure.