Security built for sensitive compliance workflows

Role-based access controls help keep users inside the workflows they actually need. Sensitive areas such as suspicious matter handling are restricted to AMLCO-authorised users. Standard users should not see suspicious matter indicators on shared matter surfaces, notifications, or exports.

• Firm-scoped matter access with AMLCO and Approver policies gating sensitive actions
• Admin and AMLCO role overrides with full audit logging
• Granular permission flags for sensitive data access
• Role assignments managed at the firm level

duely is designed to protect data in transit and at rest, minimise unnecessary exposure, and keep evidence linked to the right matter record. Sensitive documents and workflow artifacts are handled with access controls and export rules appropriate to the context.

• Data protected in transit and at rest
• Separate permission flags control access to sensitive information
• Configurable export rules for different contexts
• Evidence linked to the correct matter record

Evidence packs are versioned and integrity-hashed so firms can verify that an exported record has not been altered after generation. Audit history and export context support clearer review later.

• SHA-256 hashing applied to every evidence pack version
• Tamper detection through hash comparison on access
• Integrity verification available at any future audit date
• Each version is independently SHA-256 hashed for per-version tamper detection

Tipping-off prevention isn't policy in duely — it's seven architectural layers, each enforced at a different read or write path. Shadow case object separation, AMLCO-only RBAC, UAR redaction for staff submitters, no SMR indicators on shared surfaces, evidence pack redaction, notification isolation, and audit isolation through filtered reads. The protection holds even when one layer is bypassed by mistake.

• Shadow case stored as a separate aggregate, not a flag on the matter
• AMLCO-only policy enforced at every SMR API endpoint
• UAR submitters never see whether their flag became an SMR
• Zero SMR indicators on dashboards, lists, exports, or notifications
• Evidence packs (both Standard and AMLCO-only Sensitive) never include SMR data
• Notification queue rejects SMR templates from non-AMLCO callers
• Audit events stay in the same immutable stream but filtered from non-AMLCO reads

An append-only event stream records every action taken on every matter. No edits or deletions are permitted, creating a forensic-grade record suitable for regulatory review.

• Append-only event stream — no edits or deletions permitted
• Every matter action recorded with timestamp, actor, and detail
• Forensic-grade record of all compliance decisions and changes
• Suitable for regulatory review and internal audit processes

All data is encrypted at rest and in transit. Secrets are isolated from application code so credentials never appear in source, configuration, or logs.

• Data encrypted at rest using industry-standard encryption
• TLS 1.2+ for all data in transit
• Secrets isolated from application code and excluded from logs
• Production credentials are not visible to engineers in day-to-day workflows

duely supports OIDC single sign-on so your firm can centralise access through your existing identity provider. Procurement-friendly authentication that integrates with how enterprise IT already manages staff onboarding and offboarding.

• OIDC SSO with standard OAuth 2.0 / OpenID Connect flows
• Centralised access control through your firm's identity provider
• Supports staff onboarding and offboarding workflows
• Multi-firm membership — one identity can belong to multiple firms with active firm context tracked per session

Approval authority is gated on PDD currency. An Approver who hasn't completed their personnel due diligence cannot approve an AML program or matter — the platform blocks the action rather than relying on policy alone.

• Hard block on AML approvals when an Approver's PDD is not current
• Soft block patterns for training overdue past the grace period
• Logged warnings when blocked actions are attempted
• AML decisions only flow through staff whose compliance posture is current

Notifications reach the right people through SMS, email, and in-app channels — but sensitive notification content is firewalled so only AMLCO-authorised users receive SMR-derived messages, no matter the channel.

• SMS, email, and in-app delivery — choose the right channel per template
• SMR-restricted templates blocked at the queueing layer for non-AMLCO callers
• AMLCO-targeted publishers fan out only to AMLCO recipients
• Daily digest options to reduce notification noise

duely is built around Australian data residency expectations. All data is stored in Australian data centres with no offshore processing.

• All production data hosted exclusively in Australian data centres
• No offshore processing, storage, or transfer of compliance data
• Data sovereignty maintained for Australian reporting entities

Matter records and evidence are retained in line with the firm's compliance obligations and internal controls. Anchor dates and retention reasons are tracked for each matter.

• 7-year retention period calculated from the matter anchor date
• Automatic retention management with expiry tracking
• Anchor reason documented for each matter's retention period
• Supports AML/CTF Act record-keeping obligations