Paper Clips

FAQ Service Agreement

Service Agreement

Does stSoftware make available the full source code under an escrow agreement?


What are my IP rights?

September 29, 2015

What are my IP rights?

Client IP is held in Client App and Client Data Layers


stSoftware's award winning patented multi-layered database structure separates generic and custom client code and data into different database layers. The code and data held in the Client App Layer and the Client Data Layer are the intellectual property (IP) of the client. The code and data held in the st Engine/App Layers are the IP of stSoftware.

The multi-layered database structure provides more than a designation of IP, they are integral to customising a generic solution which is rapid and affordable. Generic functionality can be easily customised rather than having to develop a custom system from scratch.

Specific client requests are normally broken down and implemented as generic features and then customized to the clients' requirements unless otherwise requested. Generic features are maintained/enhanced by stSoftware on going.  

Overview of a typical database layer structure in a custom cloud system

The client owns the IP for all code and data that is located in their Client App Layer and Client Data Layer for all stSoftware solutions.

stSoftware's Engine/App Layers

  • Generic features and data held in these layers are the IP of stSoftware
  • The cost of developing these features is shared by stSoftware and the client requesting the generic changes
  • The cost of maintaining these layers is the responsibility of stSoftware
  • There is NO client IP over any of the generic features/data in the base layers. 

Client's App Layer

  • Contains client specific screens/classes that are not generic
  • The client owns the IP (including Business Rules)
  • The client is responsible for the full cost of development and ongoing maintenance of the/Client App Layer including keeping compatibility with future browsers/features and keeping integration points compatible with other systems

Client's Data Layer(s)

  • Contains all the system's 'business data'
  • The client owns all the IP rights for the 'business data'
  • Completely private and is only accessed by ST for backup, support and redundancy purposes

Note: The structure can support multiple Client Database Layers, this is an additional benefit of the layering that enables the sharing of system functionality. For example in a franchise arrangement each franchisee has access to a discreet and totally private data layer and also has access to the shared Group App Layer and Group Data Layer

What are the security, back-up, disaster recovery and firewall services?

November 26, 2013

What are the security, back-up, disaster recovery and firewall services?

stSoftware systems have security measures, back-up procedures and a range of disaster recovery options.


Industry standard best practice for passwords for both the web server and Linux machines. Site designers do not have direct access to the underlying Linux server, the raw database or files. All changes are done within sandbox of the system. 

Back ups

All databases are backed up nightly.

All client documents are backed up nightly and consistency check of the raw file checksum is performed. 

The backups are kept for a week on site.

The machines themselves are backed up as a whole to an off site secure backup location. A full or partial restore of the machine can be done from the off site recovery centre.


The standard system is Linux will all ports closed except HTTP, HTTPS and SSH. 

SSH is configured to block IP addresses after a series of failed log in requests. All SSH requests that are from unknown locations or from foreign countries are blocked by default.


All raw files which are stored separately to the database itself are sent to both the main site and the disaster recovery site when the files are uploaded. Each version of a file is kept and never modified ( new version created ). When a file is uploaded a file checksum of the raw file is performed and stored in the database, the file is then encrypted and the key is stored in the database.  The compressed/encrypted resulting file is sent to the redundant file servers for permanent storage.

The hosting provider has a 2 hour hardware replacement

Service Delivery

What are the network and server availability guarantees?



How do foreign laws affect stSoftware privacy and security policies?


Does stSoftware perform Data Protection Impact Assessments?

February 5, 2018

Does stSoftware perform Data Protection Impact Assessments?

Yes, stSoftware follows the APP (Australian Privacy Principles) guidelines.

When implementing new processes which are likely to result in a high risk, stSoftware shall before the processing, assess the impact of the envisaged processing operations of the protection of personal data in accordance with Australian Privacy Principles. This assessment is to ensure the safekeeping of the data subjects personal information. The assessment will contain

  • A description of the processing operation and the purpose of this processing.
  • Evaluation of the necessity of the processing operation.
  • Assessment of the risks to the rights and freedoms of data subjects
  • The measures envisaged to address the possible risks, safeguards and security measures implemented.

When necessary, stSoftware shall carry out reviews to assess if the processing is in accordance with the data protection impact assessment laid down by the APP when there is any chance of risk along with undertaking its Security checks.

Tags: APP

Will stSoftware publicly notify of a Personal Data Breach?

February 5, 2018

Will stSoftware publicly notify of a Personal Data Breach?

Yes, in the case of a data breach the notifications will be as per the Australian Privacy Principles ( APP)

stSoftware takes pride in its security policies and ensures the highest security levels for our clients' data. In the unlikely case of a data breach, stSoftware will follow the Australian government guidance to notify the data breach.


The notification form will contain

  • The nature of the breach, including categories, the approximate number of data subjects concerned and the approximate number of personal records concerned.
  • Name and contact details of the data protection officer. 
  • A description of the likely consequences of the personal data breach
  • The measures are taken or proposed to address the data breach, including efforts to mitigate adverse effects.
Tags: privacy, APP

How does stSoftware handle personal information?

February 5, 2018

How does stSoftware handle personal information?

stSoftware handling of personal information is in abidance with the Australian Privacy Act 1998

stSoftware collects personal information for billing, sales and support. stSoftware meets or exceeds principles covered in the Australian Privacy Principles Privacy Act 1988. 


Tags: APP

How does stSoftware handle the collection of Personal information ?

February 5, 2018

How does stSoftware handle the collection of Personal information ?

Your privacy is essential to us at stSoftware, and we abide by all rules laid down by the (APP) 

Your privacy is vital to us at stSoftware, and we will abide by or exceed all guidelines laid out by the APP (Australian Privacy principle) 5.2 and Principle 5.1

Tags: APP

What is your Business Continuity Management Policy or process?

January 17, 2021

What is your Business Continuity Management Policy or process?

stSoftware's Business Continuity Management Policy follows the BCM Lifecycle model

stSoftware follows the principles and processes of the GPG2013 Business Continuity Management Lifecycle (BCM Lifecycle) model as the basis for business continuity management. The model is shown below:


BCM Lifecycle

The model identifies the six stages of activity, and repeat, with the overall aim of improving corporate resilience.

Do you have a process to manage complaints?

January 18, 2021

Do you have a process to manage complaints?

stSoftware has a Complaints Handling Policy

Complaints Handling

stSoftware's complaints management policy is intended to ensure that we handle complaints fairly, efficiently and effectively.

We are committed to seeking and receiving feedback and complaints about our services, systems, practices, procedures, products and complaint handling.

Any concerns raised in feedback or complaints will be dealt with within a reasonable time frame.

People making complaints will be:

  • provided with information about our complaint handling process
  • provided with multiples and accessible ways to make complaints
  • listened to, treated with respect by staff and actively involved in the complaint process where possible and appropriate, and
  • provided with reasons for our decision/s and any options for redress or review.

stSoftware expects staff at all levels to be committed to fair, effective and efficient complaint handling and promotes a culture that values complaints and their effective resolution.

Our staff are empowered to resolve complaints promptly and with as little formality as possible. Where possible, complaints will be resolved at first contact with stSoftware.

Making a complaint

Complaints can be made anonymously or with details, through the below channels;


Ph 1300 78 73 78

Int +1 917 267 7607

Complaint management process

stSoftware's complaint management system ensures a consistent approach to our complaints management process.

Complaint management system

stSoftware is committed to improving the effectiveness and efficiency of our complaint management system. To this end, we analyse learnings and engage in continuous improvement.

Alternative avenues for dealing with complaints

When possible we will inform people who make complaints to or about us about any internal or external review options available to them (including any relevant Ombudsman or oversight bodies).