How access is handled
- Least-privilege service or delegated accounts
- Client-owned credentials where available
- Revocable, time-bounded access
- No secrets in source code or ordinary documents
- Access removal and ownership recorded at handover
Data and security
Every implementation begins with the workflow and the information it genuinely requires. Controls are proportionate to the systems, data, consequences and client obligations involved.
Operating principles
Collect, transfer, log and retain only what the workflow needs.
Use client-owned accounts and separate test and production configuration where practical.
Treat external inputs and system responses as untrusted until checked.
Keep human approval for sensitive or consequential actions.
Document failure behaviour, ownership, fallback and rollback.
AI use
AI-assisted extraction, classification, summarisation or drafting may be useful where its uncertainty is visible and errors can be detected. Sensitive or consequential decisions remain subject to human judgement and client approval.
Provider selection considers purpose, access, data movement, retention, location, contractual terms, failure behaviour and available controls. Project-specific providers and responsibilities are identified before access is granted.
Suspected incidents are contained, assessed and communicated according to their potential effect. Report a suspected vulnerability to security@instruo.com.au. Do not send credentials or personal records by email.
That depends on the selected client systems and providers. The data-flow and storage locations are defined for each engagement.
Instruo does not claim a security certification that has not been independently established.
Project terms and provider settings define permitted use. Client data is not treated as available for unrelated model training.
Through delegated access or client-owned service credentials where possible, stored in appropriate secret-management facilities.
Start with the workflow
A 30-minute Automation Opportunity Call is a practical first filter. We will clarify the workflow, its operational effect and whether a paid diagnostic is justified. If the case is weak, we will say so.
No charge. No obligation. Not a free technical audit.