QuarryLink
All documents

Security overview

How QuarryLink protects your data and operations — controls, practices, and assurance relevant to customers.

How QuarryLink protects your data, your users and your operations. This document outlines the security controls we have in place.

1. Our security commitment

QuarryLink is built for mission-critical industrial operations—quarries, fleets, logistics, weighbridge systems and multi-site dispatch. We take the responsibility of safeguarding customer data extremely seriously.

Our approach follows three principles:

  1. Protect the platform – secure hosting, modern architecture, regular updates
  2. Protect the data – strong encryption, access control and privacy-by-design
  3. Protect the customer – reliable support, monitoring and incident response

2. Hosting and infrastructure

2.1 Australian data hosting

All production User Data is hosted in Australian data centres, meeting strict physical and operational security standards.

2.2 Cloud architecture

QuarryLink runs on highly available cloud infrastructure with:

  • redundant systems;
  • load-balancing;
  • scalable compute and storage;
  • segmented environments (prod/stage/dev).

2.3 Multi-tenant isolation

Each customer's data resides in a segregated tenancy. No customer can access another customer's data.

3. Data security

3.1 Encryption

  • Data in transit: encrypted using industry-standard TLS
  • Data at rest: encrypted using AES-256 or equivalent

3.2 Backups

  • regular automated backups;
  • secure, encrypted backup storage;
  • backups and archived data are retained only for as long as required under the applicable customer agreement, Privacy Policy, and Data Processing Addendum (where applicable), after which they are securely deleted or de-identified.

3.3 Data retention

User Data is retained as outlined in your:

4. Access control and authentication

4.1 User access

QuarryLink follows the principle of least privilege.

  • role-based access controls (RBAC);
  • per-site and per-module permissions;
  • ability for customers to manage and remove user accounts;
  • secure credential storage.

4.2 Authentication

We support:

  • username and password;
  • modern authentication flows;
  • password strength requirements.

5. Network and system security

5.1 Firewalls and isolation

Network segmentation is implemented within the data centre environment to separate application services, data services, and internal tooling environments. Access between components is restricted using virtual network controls, including security groups and related access rules, to limit traffic to authorised protocols, ports and sources only. These rules are reviewed and monitored as part of our security practices.

5.2 Secure development practices

We use:

  • code reviews;
  • version control;
  • automated testing;
  • vulnerability scanning;
  • DevSecOps principles where applicable.

5.3 Regular updates

Our engineering team:

  • applies security patches regularly;
  • releases platform updates;
  • actively maintains the system;
  • prioritises security improvements in each release cycle.

6. Monitoring and incident detection

We monitor:

  • system health;
  • uptime;
  • user activity patterns;
  • suspicious login attempts;
  • API usage anomalies;
  • performance metrics;
  • error and audit logs.

Alerts are automatically raised for unusual behaviour.

7. Security incident response

If we identify or are notified of a Security Incident, we will:

  1. Investigate promptly
  2. Contain and mitigate the incident
  3. Notify affected customers in accordance with law and your Agreement
  4. Cooperate with compliance and safety workflows
  5. Provide updates until resolution
  6. Offer post-incident information where appropriate

Customers must notify us of suspected security issues at: security@quarrylink.com.au

8. Customer responsibilities

Security is a shared responsibility. Customers must:

  • maintain secure devices and browsers;
  • ensure their networks are protected;
  • use strong passwords and MFA (where supported);
  • restrict account access to authorised personnel;
  • update user access lists regularly;
  • secure API keys;
  • enter accurate data (particularly weighbridge, vehicle and driver data);
  • follow the Acceptable Use Policy.

9. Third-party services and integrations

We may use third-party services including:

  • hosting providers;
  • monitoring tools;
  • secure messaging/email infrastructure;
  • analytics services.

Any third-party suppliers handling data must meet QuarryLink's security and privacy requirements.

Integrations you choose to connect (e.g. ERP, fleet, telematics) must also be secured by you.

10. AI and generative AI security

Where QuarryLink provides AI-assisted features:

  • User Data used for AI remains within your tenancy;
  • only allowed data categories are processed (no sensitive data);
  • outputs may be logged for quality, safety and improvement;
  • prompts must comply with the AUP;
  • we do not use your User Data to train external AI models.

AI usage is governed by the QuarryLink SaaS Subscription Agreement or the Subscription Terms, as applicable.

11. Penetration testing and audits

QuarryLink undertakes:

  • internal security reviews;
  • third-party vulnerability assessments;
  • code security scanning;
  • ongoing monitoring.

Formal penetration testing may be performed periodically or as part of enterprise requirements.

12. Compliance

QuarryLink supports compliance with:

  • Australian Privacy Act 1988 (Cth);
  • Notifiable Data Breaches Scheme;
  • GDPR (via our Data Processing Addendum);
  • Chain of Responsibility requirements (operational context);
  • industry best practices for SaaS security.

13. Changes to this Security Overview

We may update this Security Overview from time to time. The latest version will always be available at /legal/security-overview.

14. Contact us

For security questions, assessments or due-diligence requests:

security@quarrylink.com.au
Socoro Pty Ltd ACN 612 824 905 trading as QuarryLink
Suite 1102, 132 Arthur Street, North Sydney NSW 2060