ATO-whitelisted Digital Service Provider
Rebased is a whitelisted Digital Service Provider (DSP) with the Australian Taxation Office. To integrate directly with ATO services such as Single Touch Payroll, providers must be approved by the ATO and operate under its Operational Security Framework (OSF) — a set of mandatory controls covering authentication, encryption, monitoring, and data protection. We meet these requirements as part of our certification.
Encryption
All traffic to Rebased is encrypted in transit with TLS, and data is encrypted at rest. Secrets and credentials are stored in managed secret storage, never in plain text.
Access control & isolation
Each business’s data is isolated and protected with row-level security so users only ever see the businesses they are entitled to. We enforce least-privilege access for our team, support multi-factor authentication, and log sensitive actions for auditability.
Infrastructure & hosting
Rebased runs on reputable cloud infrastructure with data hosted onshore in Australia. Production access is restricted, and changes flow through reviewed, automated deployment pipelines.
Backups & resilience
Customer data is backed up regularly so it can be restored in the event of an incident, and we monitor the platform for availability and integrity.
Monitoring & response
We monitor for suspicious activity and maintain processes to investigate and respond to security events, including notifying affected customers where required by law.
Responsible disclosure
If you believe you have found a security vulnerability, please contact security@rebased.app. We welcome responsible disclosure and will work with you to verify and address valid reports.