Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.clearaml.com.au/llms.txt

Use this file to discover all available pages before exploring further.

ClearAML is built on a security-first architecture. Every piece of client data you handle — identity documents, verification results, risk assessments — is protected by enterprise-grade controls from the moment it enters the platform to the moment it leaves.

Data encryption

ClearAML uses AES-256 encryption for data at rest and TLS 1.3 for data in transit. These are the same standards used by major financial institutions. Whether your client’s identity document is sitting in storage or being transmitted during a verification check, it is always encrypted.
All encryption keys are managed and rotated within Australia. No unencrypted client data ever leaves the platform boundary.

Australian data sovereignty

Your clients’ data never leaves Australia. ClearAML hosts all primary data and identity information in secure data centres located in the Melbourne region, aligned with SOC 2 protocols.
Data residency: ClearAML stores 100% of client data on Australian soil. This satisfies the data localisation requirements under the Australian Privacy Principles and ensures your firm is not exposed to overseas data access risks.
This is a deliberate design decision — not an afterthought. As a Tranche 2 compliance platform built for Australian professionals, we believe your clients’ data should remain under Australian jurisdiction.

Australian Privacy Principles compliance

ClearAML’s data handling practices are designed to comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). This includes:
  • Collecting only the personal information necessary for AML/CTF verification
  • Using personal information only for the purpose it was collected
  • Providing secure storage and controlled access
  • Enabling you to correct or delete client records when required
You remain the data controller for your clients’ information. ClearAML acts as the data processor on your behalf. Your firm’s obligations under the Privacy Act are not diminished by using the platform.

Access controls

ClearAML uses role-based access control (RBAC) and the principle of least privilege. Only staff members you authorise can access client records, and each role is limited to the actions it needs.

Role-based permissions

Assign different access levels to principals, staff, and administrators within your firm. Staff can run checks; only administrators can export data or change settings.

Multi-factor authentication

MFA is supported for all accounts. We recommend enabling it for every team member, particularly those with administrator access.

Audit logging

Every action in ClearAML — from viewing a client record to exporting a compliance report — is recorded in an immutable audit trail. You can demonstrate to AUSTRAC exactly who did what and when. The audit log includes:
  • Real-time activity alerts for high-risk actions
  • Immutable system logs that cannot be edited or deleted
  • Automated risk flags when client status changes
  • A full history of verification checks and risk assessment decisions
Audit logs are retained for a minimum of seven years, consistent with AUSTRAC’s record-keeping requirements. Do not rely solely on exported copies — the in-platform log is the authoritative record.

Compliance framework alignment

The platform is designed to align with AUSTRAC’s guidance for digital identity verification and record-keeping under the AML/CTF Act. ClearAML’s workflows, risk matrices, and reporting tools are built to support your obligations as a Tranche 2 reporting entity from 1 July 2026.
Have specific security questions or need infrastructure documentation for your firm’s due diligence process? Contact our team at support@clearaml.com.au.