AuditHQ security
How AuditHQ handles audit data, customer data, and access controls. Audit data is stored in Supabase with row-level security; access requires authentication; data is encrypted in transit (TLS 1.3) and at rest.
Read-only scan behaviour
AuditHQ scans publicly accessible URLs with read-only HTTP requests. It does not log in, submit forms, collect private credentials, or modify audited websites.
Report confidentiality
Audit results are private to your account by default and become visible outside the account only when you export a file or create a shareable link.
Security contact
Security disclosures can be sent to security@audithq.com.au. Service status and incident updates are published on the status page.
Access and storage controls
Authenticated account access, Supabase row-level security, encrypted transport, hosted infrastructure controls, and restricted report access are used to protect customer audit data. Shared report links should be treated as sensitive.
What this is not
AuditHQ reviews public website signals and platform posture. It is not a penetration test, legal certification, compliance attestation, managed security service, or replacement for specialist security advice. The security page sets that boundary clearly so buyers understand both the value and the limits of the scan.