Frequently asked questions.

RedRock Systems builds compliance-focused software for Australian regulated industries. We develop purpose-built SaaS products — including CoordHub for NDIS providers and RedRock AML for Tranche 2 compliance — and custom software for organisations with sector-specific requirements that generic platforms cannot address.

RedRock Systems is an Australian business. Our primary infrastructure runs in Sydney, Australia, and all products are built for Australian regulatory requirements.

RedRock Systems has been building software for regulated Australian industries and has deep familiarity with the compliance obligations that apply in sectors including NDIS, aged care, AML/CTF, financial services, construction, transport, and healthcare.

Compliance is our primary focus because that is where the cost of bad software is highest. We build software where the regulatory obligations are encoded in the system — not where you adapt a generic platform to approximate compliance. We also work on non-compliance-specific projects where there is a clear fit with our capabilities.

Our current products include CoordHub (NDIS support coordination, plan management, and service delivery), RedRock PM (practice management for professional services firms with AML/CTF compliance built in), RedRock AML (standalone AML/CTF compliance for Tranche 2 DNFBPs), and Solace (practice management for sole traders and independent workers). We also build custom software for organisations with sector-specific requirements.

Yes. We offer demonstrations for all products and, where appropriate, sandbox access so your team can evaluate the platform against your real workflows before committing. Book a call through our demo page to arrange access.

Free trial availability varies by product. Some products offer time-limited trials; others are better evaluated through a structured demonstration. Contact us or visit the relevant product page for current trial availability.

Plan inclusions vary by product. All plans include access to the core feature set for the relevant product tier, Australian-hosted data storage, and standard support. Enterprise plans include dedicated onboarding, priority support, and custom configuration. Detailed plan comparisons are available on each product page.

Primary database infrastructure is hosted in Sydney, Australia. We do not route your data through overseas servers as a primary storage location. Specific hosting details — including provider, region, and failover arrangements — are available in our Trust documentation.

Yes. Data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Sensitive compliance documents — such as AML/CTF records and SMRs — are encrypted at the application layer with AES-256-GCM in addition to database-level encryption.

No. We do not sell, share, or on-disclose client data to third parties for commercial purposes. Data is used only to provide the service you have contracted. Our privacy policy sets out the full terms of data handling.

On cancellation, you retain access to your data for a 30-day period to facilitate export. After that period, data is deleted from active systems. Deletion from backups follows our standard backup rotation schedule, which is documented in our Trust documentation. We do not retain your data after the deletion period for any commercial purpose.

Our products are built on modern web technologies including Next.js, TypeScript, PostgreSQL with row-level security, and Supabase for managed infrastructure. We use Vercel for deployment and Resend for transactional communications. Technology choices are made based on fitness for the regulatory requirements of each product — not trend.

It depends on scope and complexity. A focused compliance module for a specific regulatory obligation can be scoped, designed, and delivered in 4 to 8 weeks. A full platform with multi-module compliance, role-based access, and external integrations typically takes 3 to 6 months for an initial production release. We provide a scoping estimate after a discovery session at no cost.

Yes. All custom development engagements include a post-launch support period. Ongoing support, maintenance, and product evolution are available under a retainer arrangement. For SaaS products, support is included in the subscription and escalation paths are defined in the relevant service level terms.

Yes. We build integrations with practice management systems, accounting platforms, government portals (including PRODA and HPOS), and third-party identity verification providers. Integration scope is assessed during discovery — we will tell you what is feasible before you commit to a project.

No software product is 'NDIS certified'. The NDIS Quality and Safeguards Commission audits registered providers — it does not certify or accredit software. CoordHub is designed to support providers in meeting their obligations under the NDIS Practice Standards and Code of Conduct. Whether your organisation meets those standards is a matter of your practices, policies, and people — CoordHub gives you the systems to document and demonstrate compliance.

RedRock AML and the AML/CTF module in RedRock PM are designed to assist reporting entities in meeting their obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Compliance with those obligations is the legal responsibility of the reporting entity — not the software provider. Our software encodes the obligations and automates the workflows; your compliance officers and advisers retain responsibility for the decisions made using those systems.

Yes. Our primary database infrastructure is located in Sydney, Australia. We do not use overseas primary storage for customer data. This supports Australian data sovereignty requirements and is relevant for organisations with obligations under the Privacy Act 1988, the My Health Records Act 2012, or sector-specific data localisation requirements.

Pricing varies by product and plan. CoordHub and other SaaS products are priced on a per-organisation or per-seat basis depending on the plan. Custom development is scoped and priced per project. We publish indicative pricing on product pages and provide firm quotes after a scoping session. There are no hidden fees — what is quoted is what you pay.

Yes. Registered Australian charities and not-for-profit organisations are eligible for a discount on SaaS product subscriptions. Discounts are applied on application and verified against ACNC registration. Contact us to confirm eligibility before subscribing.

SaaS subscriptions are billed via credit or debit card (Visa, Mastercard, American Express) through Stripe. Bank transfer and invoice billing is available for annual enterprise subscriptions. Custom development projects are invoiced with agreed milestone payment schedules.

Prices displayed on our website are exclusive of GST unless stated otherwise. GST at 10% is added at checkout for Australian customers. Tax invoices are issued for all transactions.