Security at PlanMaxx

All data is encrypted in transit using TLS 1.3 with 256-bit AES encryption — the same standard used by major Australian banks. Your uploaded documents are also encrypted at rest.

Every file uploaded to PlanMaxx is automatically scanned for viruses, malware, and other threats before it is processed or stored. Infected files are rejected immediately.

Our infrastructure is hosted on SOC 2 Type II certified cloud providers. Data is stored in Australian data centres, ensuring your information never leaves the country.

Payment processing is handled entirely by Stripe, which holds PCI DSS Level 1 certification — the highest level of payment security certification. We never see or store your card details.

We never sell, share, or provide your personal information to third parties for marketing purposes. Your plan data is never shared with the NDIA, government agencies, or insurance companies.

Only you can access your plan data. Our team members cannot view your uploaded documents without your explicit written consent. All access is logged and audited.

You can delete your account and all associated data at any time. Upon deletion, all personal data, uploaded documents, and analysis results are permanently and irreversibly removed within 30 days.

We comply fully with the Australian Privacy Act 1988 and the Australian Privacy Principles. As handlers of sensitive disability-related information, we apply the highest standards of data protection.