SECURITY & PRIVACY AT HOTDOC
Security
We recognise that your data is very sensitive. We combine extensive security features with comprehensive audits of our platform to ensure your data is secure.

Privacy
HotDoc has comprehensive policies and procedures that detail how we handle personal information.
The term ‘personal information’ encompasses a broad range of information that HotDoc handles and includes ‘sensitive information’ as well as ‘health information’ in accordance with the Privacy Act 1988. HotDoc will always err on the side of caution by treating your data as personal information, and handle it in accordance with the Australian Privacy Principles (APPs). Your personal information never leaves Australia.
To ensure the privacy of your information, all data is transferred between user devices and HotDoc servers using 256 bit encrypted connections via TLS 1.2 and world-class certificate management. HotDoc also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by us.
HotDoc employees will only ever access personal information if it’s required for customer support. All access to personal information is tracked and audited, with access determined based on principles of least privilege and strict access control lists. Your personal information is protected through the use of native system security and add-on software products that identify, authenticate and validate access requests against authorised roles in access control lists.
Certifications and Compliance
HotDoc is committed to maintaining best practices for ensuring security, availability and confidentiality.
HotDoc annually completes an independent audit for our SOC 2 Type I report, which verifies our consistent application of the Trust Service Principles over time. Despite being an Australian company and having no regulatory obligations to do this, by holding ourselves accountable to a third party we wish to demonstrate transparency to our customers and support our ongoing efforts to provide a first class, secure and reliable environment for our customers data.

Infrastructure Security
HotDoc runs all of its services from the cloud in Australia and is deployed across multiple availability zones within the region. HotDoc maintains failover capabilities in the event of physical hardware or logical software failures, with infrastructure hosted in high availability data centres. HotDoc uses modern infrastructure-as-code and security tooling to make sure our infrastructure runs reliably and securely.
Application Security
HotDoc has built application security into its culture, with a dedicated team to help mentor and coach best practices within the product. All code is peer reviewed with an extensive set of automated testing as part of our build pipeline. HotDoc keeps up to date with software patching and vulnerability management with automated tooling. HotDoc uses layered defence to maintain separation between production and development environments and ensure the principles of least privilege are maintained as it relates to customer data.
Vulnerability Disclosure
HotDoc makes it a priority to resolve any security vulnerabilities in our products within the timeframes identified in our security policies. HotDoc follows coordinated vulnerability disclosure and kindly asks that anyone reporting a vulnerability to us does the same in the interests of our customers.
If you are a customer, please submit a ticket to our support team.
If you are a security researcher, please join our bug bounty program, or email our security team.
Bug Bounty Program
HotDoc invites you to test and help secure our primary publicly facing assets – focusing on our web, and mobile applications. We appreciate your efforts and hard work in making the internet (and HotDoc) more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
Contact Security
HotDoc has a dedicated security team that handles everything from application security through to infrastructure security and anything in between. Have any questions? Feel free to contact the team directly.