Clubernance← Back to home

Security at Clubernance

Clubernance is built for trust. As a governance platform handling sensitive club data — director details, financial records, board decisions — security is foundational to everything we build.

Standards & Compliance

  • Built to OWASP ASVS Level 2 — the internationally recognised application security standard for sensitive data applications
  • Aligned with OWASP Top 10 (2021) — protection against the most critical web application security risks
  • Compliant with Australian Privacy Principles (APPs) under the Privacy Act 1988
  • Aligned with ACSC Essential Eight security controls where applicable

Data Protection

  • All club data stored in Australian data centres (Sydney region)
  • All data encrypted in transit and at rest
  • Each club's data is fully isolated — one club can never access another club's data
  • All file storage encrypted with per-club access controls
  • Automatic DDoS protection

Authentication & Access

  • Multi-factor authentication (MFA/2FA) supported
  • Bot protection on all authentication forms
  • Rate limiting on login, signup, and API endpoints
  • Role-based access control enforced on every request
  • Secure, encrypted session management

Application Security

  • Protection against cross-site scripting (XSS), clickjacking, and cross-site request forgery (CSRF)
  • All user inputs validated server-side
  • Protection against SQL injection
  • Soft-delete architecture — data is never permanently lost accidentally

Data Privacy

  • We collect only data necessary for club governance management
  • We never sell, share, or monetise your data
  • Full Privacy Policy available at /privacy
  • Users can update, correct, and request deletion of their personal data at any time

AI Assistant

  • Club data sent to the AI is used only for the current conversation and is not used for model training
  • All AI requests are authenticated, rate-limited, and scoped to the user's club
  • Conversation history can be cleared at any time

Continuous Security

  • Regular dependency auditing and updates
  • Automated security scanning in our development pipeline
  • All code changes reviewed before deployment
  • Comprehensive automated test suite

If you discover a security vulnerability, please contact security@clubernance.com.au.

HomePrivacy PolicyTerms of Service