Trusted across Australia
Trust & Security

Built to be the most trusted name in construction payment verification.

The fundamentals — security, privacy, accreditation — that let builders, trades, and homeowners share data with confidence.

Bank-grade verification

ProjectFund uses Basiq, an Australian Consumer Data Right (CDR) accredited Open Banking provider. We never see or store your client's banking credentials — clients authenticate directly with their bank.

Encryption in transit & at rest

All traffic is protected with TLS 1.3. Sensitive fields, tokens and verification artefacts are encrypted at rest using AES-256. Database backups are encrypted and access is restricted to on-call engineering.

Multi-factor authentication

Contractor accounts support MFA. Suspicious sign-ins trigger an additional check, and all sessions can be revoked from your profile.

Australian data residency

Customer data is hosted in Australia and processed under Australian privacy law. We are designed for the Privacy Act 1988 and follow OAIC guidance for breach notification.

Minimum data, by design

ProjectFund V1 is a verification platform — we do not hold or move funds. We retain only what is necessary to evidence that a verification took place, and clients can revoke access at any time.

Responsible disclosure

If you believe you've found a vulnerability, email security@projectfund.com.au. We aim to acknowledge reports within 2 business days.

Privacy: Our privacy collection notice and full policy will be published prior to general availability. Reach out via /contact for early access.

Compliance roadmap: SOC 2 Type I in scope for the V2 trust-accounts release.