Last updated: 21 November 2025
This Security Policy describes the controls and procedures hovr.com.au (“we”, “our”, “us”) uses to protect the confidentiality, integrity, and availability of all data entrusted to our platform.
All data transmitted between our users, clients, partners, and our platform is encrypted using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. This ensures privacy and integrity for information “in flight” and protects against interception or tampering during transit. Our SSL configuration is regularly reviewed to ensure use of up-to-date protocols and cipher suites, with forced HTTPS across all web endpoints.
Our production web servers and databases are hosted in Amazon Web Services (AWS), which maintains SOC2 compliance. AWS SOC2 certification means their infrastructure, physical security, and core cloud services have undergone independent third-party audits against key Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Documentation of AWS’s compliance is available upon request.
Our deployment in AWS leverages additional built-in security:
Operating systems and software on our servers are regularly updated and patched according to vendor guidance and our own risk management policies. We review patch releases on a continuous basis and apply security updates as soon as practical to minimise known vulnerabilities.
All changes are tracked, tested, and documented before deployment to production.
We conduct annual independent penetration tests and vulnerability assessments of our infrastructure. These tests simulate attacks and evaluate the effectiveness of our security measures. Identified vulnerabilities are promptly prioritised, remediated, and tracked until closure.
Automated security scans are performed regularly on production systems to detect emerging threats between annual assessments.
We enforce strict access controls for all company systems:
Credentials and secrets are stored securely, following AWS best practices.
Our infrastructure is continuously monitored using AWS native tools (CloudTrail, GuardDuty, Inspector, and Security Hub) for unauthorised activity, configuration drift, and potential security incidents. We maintain an Incident Response Plan specifying escalation, containment, communication, investigation, and recovery protocols. All incidents are logged, reviewed, and learnings are integrated into future practice.
All customer data stored in our databases and file systems is encrypted at rest using industry-standard algorithms and AWS services (e.g., KMS-managed keys for database volumes and S3 buckets).
Regular backups of all critical data are maintained and stored securely. Recovery procedures are tested at least annually to ensure data remains available and recoverable in the event of hardware failure, outage, or disaster.
Before onboarding new vendors, we assess their security posture and contractually require adequate controls. We review third-party partners at least annually and continually monitor critical suppliers.
All employees receive security awareness training. Specialised training is provided to staff handling sensitive data and critical systems.
We continuously assess and evolve our security practices in line with industry standards, client expectations, and regulatory changes.
If you have any security concerns, wish to report a vulnerability, or request further information about our policy, please contact:
Email: admin@hovr.com.au
Phone: +61 2 9099 1746