Home / Security

Security

Your data, in Australia, locked down — Australian-hosted, AU-only access, encrypted everywhere, immutably backed up, and gated by your own identity provider.

Data sovereignty

Hosted on a dedicated server in an Australian data centre. Cloudflare firewall prevents access from non-Australian IPs.

Encrypted everywhere

Encryption at rest and in transit. No plaintext on the wire, no plaintext on disk.

Immutable backups

3-2-1-1-0 backup rule with WORM object-locking on Backblaze B2 — backups cannot be tampered with, even by an attacker.

Your identity, your rules

Single sign-on via Microsoft Entra ID, plus one-time passcodes by email and SMS. You keep control of who is in.

Least privilege by default

Write access is restricted to certain roles. Most source data is read-only. Sandboxing methodology keeps writes safe.

Co-managed operations

The FleetAct data server is co-managed by FleetAct and your team — you are never locked out of your own infrastructure.

Infrastructure

Dedicated. Containerised. Local.

FleetAct runs on a dedicated server — a private VPS or physical hardware in a colocated data centre. Nothing shared with other tenants, nothing offshore.

  • Dockerised PostgreSQL container for the primary database.
  • Baremetal option for high-speed and buffer workloads where latency matters.
  • Local NVMe storage (3 TB) on the data server for fast reads.
  • Cloudflare firewall preventing non-Australian IP access.
Data path
Australian data centre
Dedicated serverPrivate VPS / physical
DatabasePostgreSQL (Docker)
Local storageNVMe 3 TB
Edge protection
FirewallCloudflare · AU-only
TransportTLS encrypted
At restEncrypted
Backup (B2 WORM)
Rule3-2-1-1-0
Object lockImmutable
Backup & recovery

The 3-2-1-1-0 rule, implemented.

A modern backup discipline that survives accidental deletion, ransomware, and site loss — because mining operations cannot wait on a restore.

3

Copies of your data

Three independent copies — production plus two backups — so a single failure never costs data.

2

Different media

Backups live on two different media types, reducing shared-mode failure.

1

Offsite copy

At least one copy held offsite, isolated from the primary data centre.

1

Immutable (offline / WORM)

One copy is immutable — object-locked on Backblaze B2, unable to be overwritten or deleted.

0

Errors after verification

Backups are verified to zero errors — if a restore would fail, we find out before we need it.

Continuous

Verification runs continuously, not just at backup time.

Access & identity

SSO with Entra ID, plus OTP.

FleetAct does not run its own password database. Authentication is delegated to Microsoft Entra ID — your existing corporate identity — reinforced with one-time passcodes by email and SMS.

  • Entra ID single sign-on — joiners and leavers managed where you already manage them.
  • OTP by email and SMS — second factor on sensitive access.
  • Role-based write access — most users read, only certain roles can write.
  • Sandboxing methodology for any change that touches source systems.
  • Read-only for most source data — FleetAct observes without altering your systems of record by default.
Sign-in flow
1 · Entra ID SSO
ProviderMicrosoft Entra ID
MFARequired
2 · OTP (email / SMS)
ChannelsEmail + SMS
TTLShort-lived
3 · Role-gated access
DefaultRead-only
WriteRole-restricted

Security questions for your site?

We co-manage the data server with you and walk through every control before deployment. Ask us anything in a demo.