<aside> 💡
In summary:
Afterburner AI is a Auckland-based company offering a SaaS platform with AI-powered workflows to simplify mortgage and financial-services admin. Built by mortgage advisors for advisors and operated in compliance with privacy rules, our software is designed to assist mortgage tasks (not replacing official documents or experts). No consulting or human services are provided, just AI workflows to help mortgage advisors do the work. Your workflows with Afterburner’s platform are private and secure.
Our platform is hosted in the United Kingdom by default, we are currently in the process to transitioning out data centers closer to home with AWS Australia & New Zealand.
New to compliance? If you don’t know where to start, just reach out✌️.
</aside>
This Trust Center is being built. We’re doing our best to keep it updated regularly. The goal? This Trust Center contextualises our view of our security, data protection and IT governance. Despite this, we cannot guarantee that all areas will be up-to-date at any point in time as we are currently working towards an ISO/IEC 27001:2022 certification. It means that if you have any questions, please reach out directly to us.
ISO/IEC 27001:2022: In progress
We are aligning our processes and controls with ISO/IEC 27001:2022 and operating an Information Security Management Systems (ISMS) to be certified in the near future.
Float Mortgages
Looking for something else? Contact us.
To build trust and transparency with you our customers, here’s how we align our operations to the four core security domains defined by ISO/IEC 27001:2022.
How we as a business manages security from the top down.
| 🔑 Key Controls | What it means for you |
|---|---|
| ✅ Information Security Policies | We have rules that guide how we protect your data. |
| ✅ Roles and Responsibilities | Everyone at Afterburner knows their security duties. |
| ✅ Acceptable Use of Assets | Only approved systems and tools are used. |
| ✅ Supplier Security | Our subprocessors (like AWS, Stripe, and OpenAI) are reviewed for security. |
| ✅ //// | Data is labelled and handled based on its sensitivity. |
| ✅ Business Continuity | We plan for disruptions to minimise downtime. |
| ✅ Compliance with Laws & Regulations | We align with NZ Privacy Act 2020, GDPR and ISO 27001 requirements. |
💡 Why this matters: Organisational controls ensure that our internal practices are secure, scalable and legally compliant.
How we prepare, train and manage people to keep your data safe
| 🔑 Key Controls | What it means for you |
|---|---|
| ✅ Background Checks | We vet people before they get access to data. |
| ✅ Security Awareness Training | We educate staff on threats like phishing and social engineering. |
| ✅ Responsibilities Post-Exit | We remove access and handle offboarding securely. |
💡 Why this matters: People are often the weakest link in security. These controls reduce the risk of accidental or malicious data exposure.