Trust Center
Quarterback is an investor relations intelligence platform used by ASX-listed companies. This Trust Center explains what data we hold, how we protect it, and how we handle privacy and security.
Last updated: 22 April 2026
Our approach
Almost everything Quarterback processes is public market information. The small amount of private content you put into the platform — Manual Activities and the files attached to them — is isolated per organisation and stored in Australia.
Quarterback is built and operated in Australia. Our infrastructure runs in Google Cloud's Sydney region. The private content you create in the platform does not leave Australia except for specific AI processing tasks, which are covered on the Sub-processors page.
What data Quarterback actually holds
Most investor-intelligence platforms hold large amounts of customer data. Quarterback is deliberately different.
| Category | What we hold | Volume |
|---|---|---|
| Public market data | ASX announcements, news coverage, social media posts, share prices | The majority of our dataset — all public |
| Customer-submitted content | Manual Activity listings (calls, meetings, events, presentations) and attached files | Private to your organisation |
| Personal data | User name and email for sign-in, organisation membership, alert preferences | Minimal |
We do not hold shareholder registry data, financial account details, identity documents, or any special category of personal data as defined under the Privacy Act 1988.
What's in this section
- Data handling — What we collect, how organisations are isolated, where customer files are stored
- Infrastructure and security — Hosting, encryption, authentication, application-layer controls
- Sub-processors — The full list of third-party services that process data on our behalf
- Incident response and disclosure — How to report a vulnerability, how we notify customers
At a glance
| Topic | Summary |
|---|---|
| Hosting region | Google Cloud, Sydney (australia-southeast1) |
| Primary database | PostgreSQL on Google Cloud SQL, encrypted in transit and at rest |
| Authentication | Dedicated identity provider with cryptographically signed tokens on every request |
| File storage | Google Cloud Storage with short-lived signed URLs |
| Tenant isolation | Per-organisation, enforced on every authenticated API call |
| AI processing | OpenAI and Anthropic (DPAs in place) |
Questions
For security, privacy, or procurement questions, email team@qback.au. We respond within 12 hours.