Last updated: 24 February 2026
This document provides a general overview of Stableridge Systems' governance and security posture and does not constitute legal advice.
1. Australian Region Hosting Strategy
Stableridge is designed to operate with Australian-region infrastructure as the default hosting configuration. This approach supports customers with data sovereignty requirements, regulatory obligations, and governance expectations that specify or prefer Australian-jurisdiction hosting.
Infrastructure providers are selected based on their availability of Australian region services, contractual commitments to data locality, and alignment with recognised security standards. Stableridge selects providers that offer Australian data centre locations for primary compute, storage, and database services.
Certain ancillary services (such as global content delivery networks, email delivery, or DNS resolution) may involve processing at edge locations outside Australia. Stableridge evaluates these services on a case-by-case basis and applies appropriate safeguards including encryption in transit and contractual protections.
2. Sovereignty Guardrails
Stableridge implements guardrails designed to support data sovereignty objectives:
- Primary data stores (customer content, metadata, audit records) are configured to reside within Australian-region infrastructure.
- Infrastructure configuration is managed through version-controlled templates that enforce region constraints.
- Access to production infrastructure is restricted to authorised personnel and logged for audit purposes.
- Customer content is not transferred to jurisdictions outside the configured hosting region without appropriate controls and customer awareness.
These guardrails are designed to support — not guarantee — data sovereignty outcomes. Absolute data sovereignty depends on factors including the legal frameworks of infrastructure providers, which are outside Stableridge's direct control. Stableridge mitigates these risks through provider selection, contractual arrangements, and encryption.
3. Multi-Tenant Separation
The Stableridge platform operates a multi-tenant architecture with logical separation between customer tenants:
- Each tenant's data is partitioned at the application and database level using tenant-scoped identifiers.
- Access control enforcement ensures that API requests, content access, and administrative operations are scoped to the authenticated tenant.
- Audit logs are generated and stored with tenant attribution, enabling tenant-specific evidence export.
- Policy configuration, sharing rules, and retention settings are managed independently per tenant.
Tenant isolation controls are tested as part of the development lifecycle and are subject to ongoing review. The separation model is designed to support regulated environments where tenant data must not be accessible to other tenants.
4. Key Management
Stableridge applies encryption to customer content and platform data at rest and in transit. Key management practices are designed to limit access to encryption keys and support operational security:
- Encryption keys for data at rest are managed through the infrastructure provider's key management service or through platform-managed key hierarchies.
- Content Authority applies additional content-level encryption with keys managed within the platform's key hierarchy.
- Key rotation practices are implemented in accordance with operational security requirements.
- Access to key management operations is restricted to authorised processes and subject to audit logging.
Detailed key management architecture documentation may be provided to enterprise customers under NDA as part of procurement or security assessment processes.
Disclaimer
This statement describes Stableridge's design intent and operational approach to sovereign hosting. It does not constitute a guarantee of absolute data sovereignty or jurisdictional isolation. Customers with specific sovereignty requirements should engage with Stableridge to discuss detailed architecture and contractual arrangements.