Security Policy
Last updated: 26 May 2026
1. Our commitment
We use reasonable technical and organisational safeguards to protect uploaded documents, reports, account data, and service infrastructure. These safeguards include encrypted connections, access controls, provider-level security tools, logging, monitoring, and restricted administrative access.
2. HTTPS and encryption
All data transmitted between your browser and Lay The Terms is encrypted using HTTPS (TLS). We do not serve content over unencrypted connections.
3. Access controls
- User accounts are protected by Clerk authentication with industry-standard security.
- Administrative access to production systems is restricted to essential personnel only.
- API keys and credentials are stored securely and never exposed in client-side code.
4. Provider security
We use providers with strong security practices, including:
- Supabase (encrypted database and storage)
- Vercel (secure hosting and edge network)
- Stripe (PCI-compliant payment processing)
- Clerk (secure authentication infrastructure)
5. Logging and monitoring
We maintain logs for security monitoring, abuse detection, and error diagnosis. Logs are retained for a limited period and access is restricted.
6. Vulnerability reporting
If you discover a security vulnerability, please report it to security@laytheterms.com. We will investigate and respond promptly. We ask that you do not publicly disclose vulnerabilities before we have had a reasonable time to address them.
7. Data breach response
In the event of a notifiable data breach, we will assess the breach, notify affected individuals, and report to the Office of the Australian Information Commissioner (OAIC) where required under the Notifiable Data Breaches scheme.
8. No absolute guarantee
No online service can guarantee absolute security. Users should avoid uploading documents containing unnecessary sensitive information and should use strong, unique passwords for their accounts.
9. Contact
For security enquiries: security@laytheterms.com