Compliance you can read in one breath.
We design Sahajilo for the auditor, the support worker, and the participant — in that order of paranoia. Here's the honest, plain-English version of how we treat your data.
All data, backups and logs live in AWS ap-southeast-2 (Sydney). Nothing leaves Australia, ever.
Every query is tenant-scoped at the ORM boundary. There is no UI-only filter that an attacker could strip.
TLS 1.3 in transit, AES-256 at rest, per-tenant secret keys for sensitive fields like medication notes.
Role-aware screens, action-level permissions, session-per-subdomain, and rate limiting on auth.
Every create, update and delete is recorded with actor, timestamp and the prior value. Diffable. Exportable.
Continuous WAL backups. 35-day point-in-time restore on Professional. Quarterly DR drill.
No tracking pixels in the app. No analytics on participant data. No third-party scripts on tenant subdomains.
Listed in plain English below. We notify customers in plain English at least 30 days before any change.
Sydney, full stop. No exceptions.
Australian providers carry obligations to participants that don't survive a hop to a US data centre. Sahajilo runs entirely inside AWS ap-southeast-2 — primary, replica and backups.
| Application | AWS Sydney · multi-AZ |
| Primary database | AWS Sydney · ap-southeast-2a |
| Read replica | AWS Sydney · ap-southeast-2b |
| Document storage | AWS Sydney · S3 IA |
| Backups | AWS Sydney · cross-AZ, 35d |
| WAL stream | AWS Sydney · 7d retention |
| Logs (scrubbed) | Sydney · 30d hot · 365d cold |
| Email delivery | Resend AU egress |
Aligned to the standards your audit will quote.
Sahajilo's data model and audit trail map directly to the Core and Supplementary modules of the NDIS Practice Standards (2026). Below is how each module shows up in the product.
Per-participant communication preferences, consent capture, complaints intake via Helpdesk.
Role-aware permissions, audit log per resource, change history across agreements and plans.
Service agreements with versioning, plans → goals → progress notes traceable end-to-end.
House records (intake), risk assessments, incident capture, follow-up tasks.
Medication regimens with two-staff witness, missed-dose escalation, regimen change history.
Behaviour records on the participant, restrictive practice flags, regulated-restrictive-practice tracking (roadmap Q3).
Four names, none of them surprising.
The third parties that touch your data, and what they touch. We notify customers at least 30 days before any change.
| Vendor | Purpose | Region |
|---|---|---|
| AWS (ap-southeast-2) | Hosting, storage, backups, email send | Sydney, AU |
| Cloudflare | DNS for sahajilo.com and edge TLS | AU edge |
| Resend | Transactional email delivery (admin alerts only) | AU/US |
| Sentry (self-hosted) | Error monitoring — scrubbed of PII | Sydney, AU |
The rest of the honest answers.
Are you NDIS Commission registered software?
Where is my data?
What happens if you go away?
Do you train AI on customer data?
How do I report a security issue?
Want a deeper security walkthrough?
We're happy to share our written security posture, run an architecture call with your CISO, or fill out a custom DDQ. Email security@sahajilo.com.