Effective date: 29 May 2026 · Last updated: 29 May 2026
Security is at the core of snowglo. We apply industry-standard practices to protect your data from ingestion through storage and presentation. This statement summarises the safeguards we have in place; for the full data-handling commitments, see our Privacy Policy.
All data transmitted between your source systems, our servers, and your browser is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 (or equivalent provider-managed encryption).
Our core platform runs on Google Cloud Platform (GCP), with database infrastructure on Supabase (managed PostgreSQL, hosted on GCP). All compute and warehousing reside exclusively in GCP's Australian region (Sydney) to support data-sovereignty requirements.
Each client tenant's data is logically isolated in its own PostgreSQL schema. Access controls are enforced at the application layer to structurally prevent cross-tenant data access.
Passwords are hashed using modern algorithms (bcrypt or argon2) — they are never stored in plaintext or reversibly encrypted. API keys and OAuth tokens used to connect to your Xero, Unleashed, Shopify and similar source systems are encrypted at rest and managed through Google Secret Manager.
Access to production systems is restricted to authorised snowglo personnel under the principle of least privilege and role-based access control. Privileged access is logged and reviewed.
snowglo uses Anthropic's Claude API to answer client queries. Inputs and outputs are transmitted over TLS-encrypted channels, client data is not used to train Anthropic's models, and we send only the minimum data necessary to answer a given query. See our Privacy Policy for the full disclosure.
We conduct regular reviews of access, logs, and dependencies, and patch security-relevant updates on a defined cadence. Automated dependency scanning runs against our application stack.
If we become aware of an eligible data breach as defined under the Australian Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.
Questions about our security posture, or to report a vulnerability, please email security@snowglo.au.