Data ownership
Your organisation owns the outcomes data it provides.
Trust & privacy
Trust and privacy
Your data stays yours. People stay responsible for decisions. CIIS makes evidence and limits visible — it does not hide uncertainty.
Outcomes reporting becomes risky when numbers lose their context or software pretends uncertainty does not exist. CIIS is designed to keep evidence, limits and accountability visible.
Evidence support
Outcome statements should link back to source material where recorded.
Privacy posture
Designed for aggregate outcomes work, with minimisation as a shared responsibility.
Human judgement
CIIS supports decisions; it does not make them.
Compliance posture
CIIS includes features and operating patterns intended to support privacy and governance obligations. We avoid blunt assertions like "GDPR compliant" or "APP compliant" as if software alone can guarantee legal compliance.
During a pilot or procurement review, confirm the exact hosting region, subprocessors, retention, access controls, exports, deletion paths and operating responsibilities for your deployment.
Security architecture
Shared infrastructure with encryption, logical separation, access control, and auditability. Exact controls depend on your deployment and contract.
Encryption
At rest in cloud storage · in transit via TLS
Isolation
Logical tenant separation · scoped projects and users
Access
Role-based permissions · session and token auth
Audit
Activity logging · provenance where stored
Privacy posture: Product features support GDPR- and APP-oriented workflows. Legal compliance depends on your configuration, subprocessors, and organisational practices.
Architecture overview · confirm details in procurement
Honesty boundaries
- No fake partner logos or unpermissioned "trusted by" strips.
- No automated funding, commissioning or policy decisions.
- No guarantee that personal information can never enter the system.
- No blanket legal compliance assertion without configuration and legal review.
- No presentation of full grant lifecycle CRM when a screen is mock, roadmap or pilot-scoped.
Common questions
Does CIIS make decisions automatically?
No. CIIS supports decisions with structured evidence, data quality signals and ready-to-share outputs. People remain responsible for judgement, approval and action.
Who owns the data?
Your organisation owns the impact information it enters. Exact processing, subprocessors, retention and export terms are handled in contract and privacy materials.
Does CIIS store personal information?
CIIS is aimed at aggregate outcomes and performance information, not individual case management. Account data and user-entered text can still contain personal information, so minimisation and governance remain shared responsibilities.
Is CIIS GDPR or APP compliant?
CIIS is designed to support GDPR- and Australian Privacy Principle-oriented workflows. Legal compliance depends on your configuration, jurisdiction, subprocessors and organisational practices.
Discuss governance before a pilot
Bring privacy, procurement, or assurance questions to a guided pilot conversation or a dedicated trust briefing. We will separate live capability from pilot-scoped work.
Request a governance briefing