Security at Rand

Integration credentials receive an additional layer of AES-256-GCM authenticated encryption before storage.

Our infrastructure is hosted on Vercel (application) and Supabase (database, Sydney region), which provide automatic HTTPS, TLS encryption in transit, edge network distribution, and DDoS protection.

Telemetry and session replays. We use Sentry (US) for error and performance monitoring and PostHog (EU region) for product analytics. Session replays are sampled (a small percentage of sessions) and configured to mask all input values and on-screen text before capture. Error reports redact tokens and sensitive query parameters before they leave your browser.

Your data is isolated at the database level. Row-level security policies enforce tenant isolation on every query, ensuring one organisation’s queries cannot return another organisation’s rows.

• Role-based access controls with distinct permissions for owners, administrators, finance users, members, viewers, and expert reviewers.
• Expert reviewers can only access organisations they are explicitly assigned to.
• Connected tool integrations use fine-grained permissions where available. GitHub connects via a GitHub App with read-only pull request access, no OAuth tokens or repository content access. Other integrations use read-only OAuth scopes with CSRF protection.

When you connect an integration, we access the minimum data needed to identify R&D activity:

You can disconnect any integration at any time from Settings.

• Your data is never used to train AI models. AI processing is powered by Anthropic’s Claude models under their commercial API terms. Your data is not used for training, is not accessible to other Anthropic customers, and is not retained beyond what is needed for the request and Anthropic’s standard safety-review window.
• All AI output is validated against strict schemas before being stored. Malformed responses are rejected.
• AI drafts are never auto-confirmed. Every AI-generated suggestion requires human approval before becoming part of your claim.
• Confidence scores and risk assessments are always visible so you can make informed decisions.

Every significant action in Rand is recorded in an immutable activity log. Once an event is recorded, it cannot be modified or removed.

• All changes to your claim, drafts, approvals, allocations, status transitions, are logged with actor and timestamp.
• Expert reviewer actions are fully logged.
• Audit logs are exportable for your records and retained in accordance with ATO record-keeping requirements.

Every R&D Tax Incentive claim prepared through Rand is reviewed by an Expert Reviewer. AI assists with drafting, but humans make the final decisions.

• Expert reviewers are assigned to specific organisations, they cannot see data from other clients.
• Reviewer identity and credentials are visible in-app so you know who is reviewing your claim.
• AI-generated suggestions go through reviewer approval before reaching your organisation.

• Disconnect and purge , you can disconnect any integration at any time from Settings.
• Account deletion - self-service account deletion is available from Settings. Deleting your account removes your personal data. Where audit records must be retained for legal compliance, references to your identity are anonymised.
• Financial records - retained for a minimum of 7 years in accordance with ATO record-keeping requirements.

If you have questions about how we handle your data, contact us: