Security
VenueScan is built on the principle that venue data belongs to the venue. Here's how we keep it safe.
VenueScan runs on enterprise-grade cloud infrastructure with multiple layers of encryption. Every byte of your data, at rest and in transit, is protected by the same standards trusted by banks and government agencies.
All stored data is encrypted at rest using AES-256, the same encryption standard used by financial institutions and defence organisations.
Every connection between your devices and VenueScan is encrypted with TLS 1.3, the latest and most secure transport protocol.
All data is hosted on Amazon Web Services in the Sydney (ap-southeast-2) region. Your data never leaves Australian soil.
Our infrastructure runs on AWS's ISO 27001 certified platform, independently audited for information security management.
VenueScan does not own, sell, or access your venue's data. You retain full ownership and control at all times, with the ability to export everything whenever you need to.
Export your full dataset at any time, in any format. If you ever leave VenueScan, your data leaves with you. Learn more in our data export guide.
VenueScan staff cannot access your venue's entry records. Your data is logically isolated and accessible only to your authorised users.
Personal information is handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
VenueScan stores the minimum data required for your venue to meet its sign-in obligations. Raw identity documents never leave the device, and records are automatically purged after the retention period.
ID scanning and data extraction happens entirely on the terminal. Raw ID images are never transmitted to our servers.
We don't store driver licence numbers, card numbers, or raw ID images. Your sign-in records contain only the essentials. See exactly what we collect in our data collection reference.
Sign-in records are retained for 3 years. Venues can export their data at any time.
Every account includes full control over who can access your venue's data. Manage staff permissions, enforce multi-factor authentication, and revoke access instantly.
Assign roles to staff members to control who can view entry records, manage settings, or administer the account.
Enforce MFA across all user accounts for an additional layer of security at every login.
Add, remove, and manage staff accounts from a central dashboard. Deactivated users lose access immediately. Learn more in our team access guide.
Track every change across your venue: settings updates, entry modifications, ban activity, and more. Audit logs are retained for 30 days. See our audit logs guide.
VenueScan is architected for high availability with automated monitoring, daily backups, and offline resilience.
Automated daily backups retained for 7 days, stored within AWS's Sydney region.
Terminals continue operating during internet outages. Records are stored locally and synced automatically when connectivity is restored. Learn more in our offline mode guide.
Real-time system monitoring publicly available at status.venuescan.com.au
We monitor your systems around the clock and resolve issues before they reach your front door.
Our team is happy to walk through our security practices in detail and answer any questions your venue may have.
A dedicated sign-in kiosk that scans IDs in under 2 seconds, with offline mode and automatic sync.
Explore TerminalVisitor self-service sign-in via printed QR codes. No hardware needed. Just print and place.
Explore QR Code