Trust centre

Security you can put in front of your board.

Diolog is governance-first AI for investor communications, purpose-built for IR. The security, privacy and AI governance behind it are documented here, with the full policy set available on request.

ISO/IEC 27001 certified — Global Compliance Certification

Certified · ISO/IEC 27001:2022

Security posture

Where your data lives, and how it is protected.

The controls a security or diligence reviewer asks about first.

CertificationISO/IEC 27001:2022 certified (Global Compliance Certification).
HostingAll Diolog servers are located in Australia.
Encryption at restAll customer data and backups are encrypted at rest by default with MongoDB Atlas.
Encryption in transitData is encrypted in transit using SSL/TLS. Bring-your-own-key encryption is supported.
Investor communication privacyAll investor communication is private to the company it is sent to. Diolog personnel have no access to any investor communication submitted or transferred via the mobile application.
Model trainingYour content is never used to train AI models. It is transmitted to model providers only to the extent necessary to perform the task, over secure, authenticated APIs.
Controls

Five categories of controls, continuously monitored.

Diolog’s controls are maintained and monitored under an ISO 27001 information security management system.

Infrastructure security

The systems the workspace runs on - scoped, hardened and monitored under the information security management system.

Organizational security

Policies, roles and responsibilities, and the internal governance that keeps the security programme accountable.

Product security

How the application itself is built and protected - authentication, access, and the controls around your workspace.

Internal security procedures

The operating procedures staff follow, from onboarding and access reviews to incident response.

Data and privacy

How personal information is handled, minimised and protected, in line with the Privacy Act and the APPs.

AI governance

AI that is grounded and answerable to you.

The drafting and review agents are useful precisely because they are constrained.

Grounded in approved sourcesOutputs draw from your knowledge base, your public record and the regulatory feeds you approve - nothing else.
Never claims certaintyDiolog surfaces risk and uncertainty rather than asserting a compliance call is settled. Judgement stays with your team.
A human signs offEvery AI output is a draft for review. Nothing reaches the market without your team's approval.
On the recordEvery draft, edit, approval and send is logged against the person who made it, with a full per-user audit trail.
Subprocessors

Who we rely on.

The third parties in scope for the service, and what each is used for.

Amazon Web ServicesCloud provider · Australia · aws.amazon.com
MongoDB AtlasData storage and processing · cloud.mongodb.com
JiraCollaboration · atlassian.com
SlackCollaboration · slack.com
Data collected

The personal information we handle.

Handled under the Privacy Act and the Australian Privacy Principles, minimised to what the service needs.

Customer personally identifiable information

Employee personally identifiable information

Personal health information

FAQ

Common questions.

Where are your servers located?

All Diolog servers are located in Australia.

Do you encrypt data at rest?

All customer data and backups are encrypted at-rest by default with MongoDB Atlas.

Who sees incoming investor communication?

All investor communication is private to the respective company of which it is being sent to. Diolog personnel do not have any access to any investor communication that is submitted or transferred via the mobile application.

Does Diolog use my company data to train AI models?

No. We configure our AI providers (such as Gemini) via enterprise APIs with zero-retention policies where applicable. We explicitly do not opt-in to sharing your data for the training of public Large Language Models (LLMs). Your proprietary data remains isolated to your workspace.

How does Diolog handle “hallucinations” or inaccurate AI outputs?

Diolog uses a technique called Retrieval-Augmented Generation (RAG). Instead of letting the AI guess, we force it to reference only your uploaded documents (announcements, policies, ASX releases) before generating an answer. If the answer isn’t in your documents, the system is designed to alert you rather than make something up.

Request access

Request our security documentation.

Our policies and reports are available to customers and prospects under review.

  • Information Security Policy (AUP)
  • Risk Management Policy
  • Asset Management Policy
  • Third-Party Management Policy
  • Human Resource Security Policy
  • Physical Security Policy
  • Information Security Roles and Responsibilities
  • Code of Conduct

Or email hello@diolog.com.au

Enter your name.

Enter a valid work email address.

Enter your company name.

Thanks - we'll review your request and be in touch shortly.