Is ShieldBox really hosted in Australia?

Yes. 100% of ShieldBox data — every email, attachment, and contact — is stored exclusively on servers physically located in Australia (Sydney and Melbourne data centres). No data ever leaves Australian soil.

Is ShieldBox compliant with the Australian Privacy Act 1988?

Yes. ShieldBox is fully compliant with the Australian Privacy Act 1988 (Privacy Act), the Australian Privacy Principles (APPs), and holds ISO 27001:2022 certification. We also achieve ASD Essential Eight Maturity Level 3 for government users.

How does ShieldBox encryption work?

ShieldBox uses AES-256 encryption for all emails at rest and in transit. Users can optionally enable OpenPGP for zero-knowledge end-to-end encryption, meaning even ShieldBox staff cannot access your email content.

Can I use my own domain with ShieldBox?

Yes. ShieldBox supports custom domain hosting on all paid plans. You can use your own domain (e.g. you@yourcompany.com.au) with full DNS management, SPF, DKIM, and DMARC configuration.

Does ShieldBox offer a free plan?

Yes. ShieldBox offers a free plan with 5GB of Australian-hosted encrypted storage, no credit card required. Paid plans start from $9 AUD/month for additional features and storage.

How is ShieldBox different from Gmail or Outlook?

Unlike Gmail (USA) or Outlook (USA/Ireland), ShieldBox stores all data exclusively in Australia, does not scan emails for advertising, is compliant with Australian law, and uses military-grade encryption. Your data is never sold or shared with third parties.

Is ShieldBox available through government procurement frameworks?

Yes. ShieldBox is available through AusTender-registered procurement arrangements. Our government sales team can assist with panel arrangement inclusion and state government procurement framework registration.

Does ShieldBox support APS classification labels in email subjects?

Yes. ShieldBox Business and Enterprise plans support configurable email classification prefixes ([OFFICIAL], [OFFICIAL: Sensitive]) that can be enforced by domain policy, satisfying PSPF email handling requirements.

Secure Email for Government

ASD Essential Eight-aligned secure email for
Australian Government agencies and contractors

A purpose-built commercial email platform for Australian Government agencies, contractors, and organisations handling sensitive information — built to ASD Essential Eight Maturity Level 2 with full Australian data sovereignty.

Start free trial — 30 days Free migration

E8 ML2

ASD Essential Eight

ASD aligned

ML2

ASD Essential Eight

Verified

100%

Australian data sovereignty

PSPF

Policy Framework aligned

Government procurement alert: Commonwealth and state government procurement increasingly mandates ASD Essential Eight-aligned cloud services for handling government information. Non-sovereign email providers create significant PSPF compliance gaps regardless of brand recognition.

Regulatory Landscape

Government email compliance in Australia

Every compliance obligation that applies to government email — and how ShieldBox satisfies each one.

ASD Essential Eight

ASD Essential Eight ML2

The ASD Essential Eight is the primary framework for assuring government ICT security. ShieldBox is built to Essential Eight Maturity Level 2, covering all eight mitigation strategies for email infrastructure.

AGD / PSPF

Protective Security Policy Framework

The PSPF mandates how Commonwealth entities protect official and sensitive information including email. Australian data residency is a PSPF requirement for all OFFICIAL: Sensitive and above communications.

ASD / ISM

Information Security Manual (ISM)

The ASD ISM specifies technical controls for Australian Government email — DMARC enforcement, AES-256 encryption, TLS 1.2+, MFA for all access, and 7-year audit log retention. ShieldBox satisfies all applicable ISM controls.

ASD Essential Eight

ASD Essential Eight ML2

Essential Eight Maturity Level 2 is the standard baseline for most government agencies and contractors. ShieldBox is verified at ML2 with a pathway to ML3 for agencies requiring the highest assurance level.

Platform Features

Everything government needs

Built from the ground up for Australian compliance requirements specific to government.

ASD Essential Eight ML2 aligned

Built to ASD Essential Eight Maturity Level 2 across all eight mitigation strategies. Security documentation available same-day for government procurement.

100% Australian data sovereignty

All data stored in Sydney primary and Melbourne DR data centres. Zero offshore processing or storage — satisfying PSPF data sovereignty requirements.

Phishing-resistant MFA

FIDO2/passkey hardware security key support for ML3. Authenticator app MFA standard for all accounts. SMS MFA blocked by policy.

7-year tamper-proof audit logs

Complete email audit trail retained for 7 years. Tamper-proof WORM storage. Accessible for ANAO reviews, Senate estimates, and FOI responses.

DMARC p=reject enforcement

Full ISM-0272 compliance — DMARC at p=reject, DKIM signing, and SPF enforcement for all domains. Eliminates domain spoofing for government communications.

PSPF classification labels

Configurable email classification labels (OFFICIAL, OFFICIAL: Sensitive) that appear in email subjects and are enforced by data loss prevention rules.

Government Verticals

Every government setting, covered

Commonwealth Departments

45+ agencies

Non-corporate Commonwealth entities migrating from legacy on-premises email to PSPF and ISM compliant cloud infrastructure.

Get started

State Government Agencies

120+ agencies

NSW, VIC, QLD, WA, SA, TAS, ACT, and NT government agencies with state-specific information security policy requirements.

Get started

Government Contractors

380+ contractors

Consultancies, IT service providers, and professional services firms on government panels requiring ASD Essential Eight-aligned email infrastructure.

Get started

Defence-Adjacent Organisations

95+ organisations

Organisations supporting the ADF, ASIO, ASIS, and defence agencies with requirements beyond OFFICIAL: Sensitive.

Get started

Customer Stories

Trusted by Australian government professionals

“Procurement required demonstrated ASD Essential Eight alignment before we could be approved as a panel supplier. ShieldBox was on the approved list and provided security documentation same day. We won the contract.”

Annette Weston

ICT Manager

Weston Advisory Group, Canberra ACT

“We migrated three state agency email systems to ShieldBox in 90 days. The PSPF-aligned classification labels and ISO 27001 documentation satisfied the state government's ICT security review without a single finding.”

Thomas Ngata

Chief Information Officer

State Infrastructure NSW

Local Client Base

Clients in Government near you

ShieldBox serves government businesses across Australia's major cities — from national practices to local specialists, all with the same sovereign infrastructure.

Canberra

ACT · 3 government suburbs covered

All Canberra coverage

Melbourne

VIC · 2 government suburbs covered

All Melbourne coverage

Perth

WA · 2 government suburbs covered

All Government suburb coverage

Government email — Barton

ACT 2600 • 1,400 businesses

Government email — Deakin

ACT 2600 • 1,200 businesses

Government email — Braddon

ACT 2612 • 1,800 businesses

Government email — St Kilda Road

VIC 3004 • 3,800 businesses

Government email — Docklands

VIC 3008 • 4,200 businesses

Government email — West Perth

WA 6005 • 4,800 businesses

Government email — Joondalup

WA 6027 • 3,200 businesses

View all Australian locations

Free migration — we do everything

Our team migrates your complete email history from Gmail, Outlook, or any provider. Overnight, zero downtime.

View migration guide

Common Questions

Government email FAQ

ShieldBox is built to ASD Essential Eight Maturity Level 2 and aligns with the ISM and PSPF for email at OFFICIAL and OFFICIAL: Sensitive levels. For agencies requiring PROTECTED-level email, contact our government team at gov@shieldbox.com.au.

Ready to protect your government practice?

Join thousands of Australian government professionals on the only email platform purpose-built for Australian compliance. Free 30-day trial, no credit card required.

Start free trial Talk to our team

Government Compliance Centre →Defence Email Requirements →AUKUS Defence Requirements →Compliance Reporting →

ASD Essential Eight-aligned secure email forAustralian Government agencies and contractors

Government email compliance in Australia

Everything government needs

Every government setting, covered

Trusted by Australian government professionals

Clients in Government near you

All Government suburb coverage

Government email FAQ

Ready to protect your government practice?

ASD Essential Eight-aligned secure email for
Australian Government agencies and contractors