When you send through Mobile Message, you're trusting us with your data and your customers' personal information. We don't take that lightly. This page explains, in plain language, how we keep that information safe — where it's stored, how it's protected, and who can get to it.
Your messages and contacts live on servers in Sydney, in independently certified data centres.
Everything we store is encrypted with 256-bit AES, so the data on disk is unreadable without the keys.
Every connection is protected with TLS — the same encryption that secures online banking.
We back the platform with a 99.9% monthly uptime commitment, in writing — see our SLA.
Add a second step to your login so only you can get into your account.
Our data centres hold ISO 27001, SOC 2 Type II and PCI DSS certifications.
Mobile Message's platform is hosted in Equinix data centres in Sydney, Australia — so your data stays onshore. Equinix is one of the most trusted names in data-centre infrastructure, and its facilities are independently audited against a long list of international standards, including ISO 27001 (information security), SOC 1 and SOC 2 Type II, PCI DSS (payment card security), ISO 22301 (business continuity) and ISO 50001. That gives us — and you — a strong, externally verified foundation to build on.
We protect your data with strong encryption at every stage — both while it's moving and while it's stored.
The database that holds your messages, contacts and account details is encrypted at rest using 256-bit AES — the same encryption standard trusted by banks and governments. In practice, this means that even if someone managed to get hold of the underlying storage, the data would be unreadable without our encryption keys. Particularly sensitive details are given an additional, separate layer of AES-256-GCM encryption on top, so they stay protected even inside our own systems.
Every connection between you and Mobile Message — whether you're using the web app or our API — is encrypted using TLS 1.2 or above. This is the same proven technology that secures online banking, and it protects your data from being intercepted or tampered with as it travels across the internet.
Access to our production systems is limited to the small number of staff who genuinely need it. Our team uses a secure corporate directory with role-based permissions and mandatory multi-factor authentication, and we follow the principle of least privilege — people get the minimum access required to do their job, and nothing more.
Our production environment is kept separate from our corporate network, protected by firewalls and private networks (VPNs), with strict network segmentation. Only the essential services are allowed to talk to each other, which keeps the number of ways the system can be reached to a minimum.
We continuously collect and monitor security logs and activity across our platform, in line with industry best practice. That means unusual behaviour can be spotted and investigated quickly, before it becomes a problem.
Security and privacy go hand in hand. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth) — you can read the detail in our Privacy Policy. As an Australian messaging provider, we also operate under the Spam Act 2003 and work closely with the Australian Communications and Media Authority (ACMA); our Anti-Spam Policy explains what that means for the messages you send.
If you believe you've found a security vulnerability, or you simply have a question about how we protect your data, we want to hear from you. Email hello@mobilemessage.com.au and mark it for our security team — we take every report seriously and will get back to you quickly.