← DSConnect overview

Built to meet Australian
privacy and security legislation.

DSConnect ships with security controls aligned to the Australian Privacy Principles and Essential 8 Maturity Level 1 hygiene — not as an upsell, as the standard of work.

Compliance is configured at engagement start. The controls below are turned on in your tenant before we hand over the keys.

Book a demo

What we align to

The frameworks that matter most for Australian small businesses handling customer data.

Australian Privacy Principles (APP)

DSConnect is built to support compliance with the APP — consent capture on forms, configurable retention, access controls, and breach-response readiness. We configure these in your tenant at engagement start.

Essential 8 Maturity Level 1 hygiene

Every tenant we configure aligns to Essential 8 ML1 by default: MFA, patching cadence, admin separation, application control where it makes sense, restricted office macros, user application hardening, restricted admin privileges, regular backups.

Notifiable Data Breach scheme

A one-page incident plan is documented for your tenant on engagement. Who calls who, what to say, in what order, with the platform-side logs to support an OAIC notification if it’s ever needed.

Data processing agreement

We sign a DPA with you as standard. We can sign DPAs with your downstream vendors if your compliance posture requires it.

The controls we configure on your tenant

Six baseline controls applied to every DSConnect tenant we set up. Not “available if you ask” — turned on at start.

Multi-factor authentication

Enforced on every account, not optional. We turn it on at engagement start; the platform won’t let an admin disable it for a user without an audited override.

Role-based access

Sales sees sales data. Service sees service. Admins see what admins need. Configured at engagement start, reviewable any time, audit-trail kept.

Encryption in transit

Every connection — browser, mobile app, integration — is TLS 1.2 or higher. No exceptions.

Encryption at rest

Data sits encrypted in storage. Key management is platform-side; nothing readable from disk-level access alone.

Audit logging

Every administrative action — user added, permission changed, record exported — is logged with who, what, when. Reviewable by you on request.

Backups

Automated, encrypted, retained per policy. Restore is tested at the platform level; we can talk you through it on demand.

Your data, your data

Four commitments that survive the engagement.

  • 01Your data is your data. We don’t resell it, train models on it, or use it for any purpose other than running your tenant.
  • 02You can export everything any time, including the raw record-level data, configuration, custom fields, and historical logs.
  • 03If our relationship ever ends, you keep the export, the configuration playbook, and full read-only access for a transition window. No held-hostage data.
  • 04No customer data leaves the platform without an explicit integration you’ve approved.

The bigger picture

Security baked in — across DSConnect and everything else we deliver

DSConnect’s security posture is one piece of how DataSentry handles data across every engagement. Our broader approach covers what we do for clients on their own systems too, plus what we don’t do (penetration testing, 24/7 SOC, incident forensics — we refer those out).

See our approach to data security

Want to walk through the controls?

We’ll book a 30-minute call to walk you through DSConnect’s security configuration in detail — useful before procurement reviews or when your insurer asks.

Book a demo