Security at Stralya

Security is at the core of everything we do. Learn about the measures we take to protect your sensitive data.

AES-256 Encryption

All credentials are encrypted using AES-256, the same encryption standard used by banks and government agencies worldwide.

Two-Factor Authentication

Protect your account with TOTP-based two-factor authentication. Compatible with Google Authenticator, Authy, and other authenticator apps.

Complete Audit Trails

Every action is logged with timestamps, IP addresses, and user information. Know exactly who accessed what and when.

Secure Infrastructure

Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 compliance, regular backups, and redundancy.

Data Encryption

Encryption at Rest

All stored credentials are encrypted using AES-256 encryption before being stored in our database. Encryption keys are managed using industry-standard key management practices.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, ensuring your data cannot be intercepted during transmission.

Secure Key Management

Encryption keys are stored separately from encrypted data and are regularly rotated to maintain the highest level of security.

Access Control

Role-Based Permissions

Define who can view, edit, or manage credentials with granular role-based access controls. Limit access to specific clients or teams.

Session Management

View and manage active sessions across all devices. Revoke access instantly if a device is lost or compromised.

Login Notifications

Receive email alerts when your account is accessed from a new device or location, helping you detect unauthorized access immediately.

Secure Credential Submission

Unique Secure Links

Each credential request generates a unique, cryptographically secure link that expires automatically after a set period.

No Account Required for Clients

Clients can submit credentials without creating an account, reducing friction while maintaining security through encrypted submission links.

Automatic Link Expiration

Submission links automatically expire after the configured period, ensuring credentials cannot be submitted through old links.

Infrastructure Security

Cloud Security

We use enterprise-grade cloud infrastructure with built-in DDoS protection, firewalls, and intrusion detection systems.

Regular Backups

Automated daily backups with point-in-time recovery ensure your data is protected against accidental loss or corruption.

Security Monitoring

24/7 monitoring and alerting for suspicious activities, with automated responses to potential security threats.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly.

Report Security Issues

Email: [email protected]

Please include a detailed description of the vulnerability and steps to reproduce it. We commit to acknowledging your report within 48 hours.