Australian accounting, audit, and tax firms hold some of the most sensitive financial information there is, whether you are a solo practitioner or a national network. The safety posture below is enforced in code, audited continuously, and visible to your IT team on request. The three guarantees below aren't aspirations; they're structural properties of how the system is built.
The agent has zero authority to delete data anywhere in the system. No row, no record, no file. Deletion is a human action that requires a human credential. The agent never holds one.
Enforced at the API boundary. Audited daily.
If Halo cannot point to the source of a number, the number does not appear. There is no fallback to a plausible value. There is no quiet rounding from an unknown input. Citations are mandatory at the type level.
Citations are required types. Builds fail otherwise.
Every file you upload is encrypted at rest and in transit, stored on Australian infrastructure, and isolated to your firm. There is no path that takes it offshore, and no other firm can reach it.
Australian regions only. AES 256 at rest, TLS 1.3 in transit.
Inbound emails, scanned documents, and third party files are kept structurally separate from the instructions you give Halo. The agent treats them as data to be read, not as commands to be obeyed, so a prompt injection inside a PDF cannot tell Halo to do anything. This is enforced at the parsing layer; there is no path by which a document's contents become an instruction.
Your data lives on Australian infrastructure. It never leaves the country. It's encrypted at rest and in transit, access is row-level and attributable, and every action is logged with the user, the Job, and the source files it read. Whether it is a single client's trial balance or your whole document store, it stays private to your firm and isolated from every other tenant.
Primary and replica regions both within Australian borders. No cross border transfers for production data.
AES 256 for data at rest. TLS 1.3 for data in transit. Customer managed keys available on the Enterprise plan.
Every query is scoped to the user, the firm, and the Job. No silent cross tenancy access. Ever.
Every action the agent takes is logged with a user, a Job, a timestamp, and the files it read. Exported on request.
Sit your IT, infosec, and risk teams down with us. No demo, just architecture, threat model, and the audit trail. Bring your hardest questions.