CrawlRoo is built from the ground up with security, privacy, and compliance at its core. Your data stays in Australia, under your control, always.
Certifications & Compliance
Full compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).
Data subject rights, lawful processing, and cross-border transfer safeguards fully supported.
Business Associate Agreements available for healthcare organisations on Enterprise plans.
Currently undergoing SOC 2 Type II audit for security, availability, and confidentiality.
All data processed and stored in AWS Sydney (ap-southeast-2). Data never leaves Australia.
No customer data is stored, logged, or used for training by upstream AI providers.
Data Handling
Every step of our pipeline is designed with data sovereignty and privacy in mind. Here is exactly what happens with your data.
Your website pages are securely fetched and processed entirely within Australian infrastructure. Raw HTML is never stored -- only clean, structured text.
Text is converted to vector embeddings using Amazon Titan on AWS Bedrock, operating exclusively in the Sydney region. No data crosses international boundaries.
When a visitor asks a question, retrieval and response generation happen entirely within the ap-southeast-2 region using Claude on AWS Bedrock.
AWS Bedrock provides a contractual guarantee that your data is not used for model training. Your content remains exclusively yours.
AES-256 encryption at rest, TLS 1.2+ for all data in transit. Encryption keys are managed via AWS KMS with automatic rotation.
Infrastructure Security
Our platform runs on hardened, audited infrastructure with multiple layers of protection at every level of the stack.
Compliance Features
Whether you operate in government, healthcare, or finance, CrawlRoo provides the compliance controls you need.
Enterprise
For organisations with strict compliance requirements, our Enterprise plan provides additional security controls and customisation options.
Define exactly how long data is stored and when it is purged, aligned with your internal governance policies.
Deploy CrawlRoo within your own infrastructure for complete control over data residency and access.
Business Associate Agreements tailored to your compliance requirements, including HIPAA and sector-specific regulations.
Contractual uptime guarantees with defined response times for support and incident resolution.
Pre-deployment security assessments, penetration testing coordination, and ongoing compliance reporting.
SAML 2.0 and OIDC single sign-on support for seamless integration with your identity provider.
Security FAQ
No. CrawlRoo uses AWS Bedrock, which provides a contractual guarantee that customer data is never used to train or fine-tune foundation models. Your website content and chat interactions remain exclusively yours and are never shared with third parties.
All data is stored and processed in Australia, specifically in the AWS Sydney region (ap-southeast-2). This includes your crawled website content, vector embeddings, chat logs, and account data. Data never leaves Australian borders at any point in the pipeline.
Yes. CrawlRoo is fully GDPR compliant. You can request complete deletion of all your data at any time, including crawled content, embeddings, chat history, and account information. Deletion requests are processed within 72 hours and we provide written confirmation once complete.
Single sign-on is available on our Enterprise plan. We support SAML 2.0 and OIDC protocols, enabling integration with identity providers such as Azure AD, Okta, Google Workspace, and others. Contact our team to discuss your requirements.
Deploy an AI assistant you can trust. Australian-hosted, privacy-first, and built to meet your compliance requirements.
No credit card required. Australian-hosted. SOC 2 in progress.