Welcome! You’ve landed on our APAC website. If this isn’t right you can change regions below or click above any time.

Change to EMEA or US


Last reviewed: October 2023 


How we protect data

Thousands of customers trust Forbury with their data, and this responsibility is something we take very seriously. We maintain administrative, technical and physical safeguards designed to protect our customers information, ensuring their data is secure, confidential and maintains its integrity.

Server and Data Storage

Is the data ‘stored’ anywhere when a model is uploaded to the Portal?

Yes, it is stored in an encrypted database.


Where is this data ‘stored’?

The data is hosted in Microsoft Azure Data Servers in Australia East.

It is also geo-replicated in Australia South East for backup purposes.


How does Forbury collect our data? 

Forbury only collects data that is relevant to enable our products to work better for you. You do have choices in what information is shared, the below table shows your options in sharing your data with us:

5e216213eae367128923c38b_Secuirty Page Table-1


Does Forbury share or sell our data to any other service provider?

Does Forbury use our data for benchmarking or data mining purposes?

No, we do not. We treat your data on a highly confidential basis.



What happens to the data if we decide to no longer use Forbury?

 If you terminate your licence agreement with Forbury, at your request, we can permanently delete all sensitive data relating to you from our system.


Data Security

What security measures are undertaken to protect the database?

We ensure the confidentiality and integrity of our customers data with industry best practices.

The database is stored in Microsoft Azure data centres.

Forbury also employs at rest encryption which means all stored data is encrypted. This means that even with physical access to the Microsoft Azure data server you could still not access the contained data. 

The type of encryption at rest is Transparent Data Encryption (TDE) for Azure SQL Database. TDE adds a layer of security to help protect data at rest from unauthorised or offline access to raw files or backups. TDE encrypts the entire database using an AES encryption algorithm.

Information on Microsoft Azure can be found here.

Microsoft Azure security compliance certificates can be found here.


Who has access to the confidential data?

The individual who uploaded the data, or if uploaded to a Team/Fund then the Team/Fund members with expressed permission. If you elect to utilise Forbury Sharing, Your Data will also be shared with your nominated, approved third parties.

How does Forbury secure user accounts?

Forbury establishes an individual user login for each authorised employee. Accounts are secured with one-way encrypted passwords, as well as support for SSO & MFA for additional security. For more info on these see our FAQ.


Are you ISO 27001:2013 Certified?

Yes, Forbury is ISO/IEC 27001:2013 certified. Thousands of customers trust Forbury with their data, and this responsibility is something we take very seriously. Our ISO 27001:2013 certification demonstrates our commitment to keeping a high standard of information security and delivering a consistent service to all our customers.

ISO 27001:2013 Certificate Directory





Backup and data loss

What backup policies are in place for the data? 

Forbury has a live geo-replicated database as well as periodic snapshot backups.


What is the backup frequency that you are taking of the data, and if there was a failure what are the possible scenarios of data loss?

Forbury has established an actively updating geo-redundant database to minimise the potential database downtime in the event of a geo-specific service interruption. In an event, Forbury will redirect all database transactions to the geo-redundant database until service functionality to the primary database has been restored.

The geo-redundant database has a 5-10 minute transactional backup frequency, 12 hourly differential backups and weekly full backups that are persisted for 35 days for rollback purposes.


If you detect a security issue please report it here for review

If you have any further questions, please email us


Prefer to talk to a real person?