top of page

Data Security Policy

1. Introduction

LoanCheckr is committed to ensuring the highest standards of data security in compliance with Australian Consumer Data Right (CDR) regulations, Australian Competition and Consumer Commission (ACCC) security guidelines, and industry best practices. This policy outlines our approach to safeguarding data using AWS infrastructure, MongoDB Atlas, VPC peering, and Basiq API for CDR data.

 

2. Data Security Framework

LoanCheckr adheres to a multi-layered security framework that includes data encryption, network security, identity management, and regular compliance audits to protect sensitive consumer and business data.

 

3. Infrastructure and Data Storage

LoanCheckr leverages Amazon Web Services (AWS) as its primary cloud infrastructure provider. Our core infrastructure components include:

  • AWS Virtual Private Cloud (VPC) Peering: Ensuring secure, low-latency connections between services.

  • MongoDB Atlas: Secure, fully managed NoSQL database with VPC peering and multi-region failover.

  • AWS Key Management Service (KMS): Used for encryption key storage and management.

  • AWS IAM (Identity and Access Management): Granular access control and least privilege enforcement.

 

4. Data Encryption and Protection

LoanCheckr employs advanced encryption standards to protect all data:

  • Data in Transit: All data transmitted between our services, partners, and users is encrypted using TLS 1.2/1.3 with SSL certificates.

  • Data at Rest: All stored data, including CDR consumer data, financial data, and user credentials, is encrypted using AES-256 encryption.

  • Key Management: Encryption keys are stored securely using AWS KMS, ensuring controlled access and automatic key rotation.

 

5. Identity and Access Management

LoanCheckr follows a strict Zero Trust Security Model for access management:

  • Role-Based Access Control (RBAC): User roles are assigned based on minimum privilege principles.

  • Multi-Factor Authentication (MFA): Required for all internal administrators and brokers accessing LoanCheckr systems.

  • Audit Logging & Monitoring: All access and actions within LoanCheckr’s system are logged and monitored in real-time for anomalies.

 

6. API Security & Basiq CDR Data Protection

LoanCheckr integrates with Basiq API for CDR data access and follows ACCC security guidelines:

  • OAuth 2.0 Authentication: Secure authorization protocol for API access.

  • API Rate Limiting & Throttling: Prevents abuse and ensures system stability.

  • Data Scope Limitation: LoanCheckr only accesses consumer data with explicit consent and follows a strict data minimization approach.

 

7. Network & Application Security

LoanCheckr maintains a secure network infrastructure to protect against cyber threats:

  • Web Application Firewall (AWS WAF): Protects against common web exploits (SQL injection, cross-site scripting, etc.).

  • DDoS Protection (AWS Shield): Ensures high availability and mitigates distributed denial-of-service (DDoS) attacks.

  • Intrusion Detection & Prevention: Automated threat detection and alerts for suspicious activity.

 

8. Security Monitoring and Incident Response

LoanCheckr has a comprehensive security monitoring and incident response plan:

  • Automated Security Monitoring: AWS CloudTrail, GuardDuty, and Security Hub for real-time threat detection.

  • 24/7 Security Operations (SOC): Continuous monitoring and response to potential threats.

  • Incident Response Plan (IRP):

    • Immediate isolation of affected systems.

    • Root cause analysis and forensic investigation.

    • Rapid resolution and mitigation measures.

    • Incident reporting to regulatory authorities if required.

 

9. Compliance and Audits

LoanCheckr has successfully passed ACCC security requirements for accredited CDR Representatives and maintains strict compliance with:

  • Australian Privacy Act 1988

  • CDR Rules & Standards

  • ISO 27001 & NIST Cybersecurity Framework Best Practices

  • Regular External Security Audits & Penetration Testing

 

10. Data Retention & Disposal

LoanCheckr follows strict data retention policies to ensure compliance and minimize security risks:

  • Retention Periods: Data is retained only for the period required for regulatory, legal, and operational purposes.

  • Secure Data Deletion: When no longer needed, data is permanently deleted using cryptographic erasure methods.

 

11. User Rights and Responsibilities

Consumers and brokers using LoanCheckr have the following rights:

  • Right to Access Data: Users can request access to their stored data.

  • Right to Request Deletion: Users can request deletion of their data in accordance with CDR guidelines.

  • Security Best Practices: Users must ensure strong passwords, avoid phishing scams, and report any suspicious activity immediately.

 

12. Review and Updates

LoanCheckr regularly reviews and updates this Data Security Policy to reflect:

  • Changes in security regulations.

  • Emerging cyber threats and mitigation strategies.

  • New technology implementations.

All users and partners will be notified of significant updates to this policy. For inquiries, contact security@loancheckr.com.au.

 

13. Contact Information

LoanCheckr Pty Ltd
Unit 4, 354-360 High Street, Penrith NSW 2750
Email: hello@loancheckr.com.au
Website: www.loancheckr.com.au
Support: [Live Chat on our Website]

bottom of page