Bank-grade verification
ProjectFund uses Basiq, an Australian Consumer Data Right (CDR) accredited Open Banking provider. We never see or store your client's banking credentials — clients authenticate directly with their bank.
The fundamentals — security, privacy, accreditation — that let builders, trades, and homeowners share data with confidence.
ProjectFund uses Basiq, an Australian Consumer Data Right (CDR) accredited Open Banking provider. We never see or store your client's banking credentials — clients authenticate directly with their bank.
All traffic is protected with TLS 1.3. Sensitive fields, tokens and verification artefacts are encrypted at rest using AES-256. Database backups are encrypted and access is restricted to on-call engineering.
Contractor accounts support MFA. Suspicious sign-ins trigger an additional check, and all sessions can be revoked from your profile.
Customer data is hosted in Australia and processed under Australian privacy law. We are designed for the Privacy Act 1988 and follow OAIC guidance for breach notification.
ProjectFund V1 is a verification platform — we do not hold or move funds. We retain only what is necessary to evidence that a verification took place, and clients can revoke access at any time.
If you believe you've found a vulnerability, email security@projectfund.com.au. We aim to acknowledge reports within 2 business days.
Privacy: Our privacy collection notice and full policy will be published prior to general availability. Reach out via /contact for early access.
Compliance roadmap: SOC 2 Type I in scope for the V2 trust-accounts release.