Is ShieldBox really hosted in Australia?

Yes. 100% of ShieldBox data — every email, attachment, and contact — is stored exclusively on servers physically located in Australia (Sydney and Melbourne data centres). No data ever leaves Australian soil.

Is ShieldBox compliant with the Australian Privacy Act 1988?

Yes. ShieldBox is fully compliant with the Australian Privacy Act 1988 (Privacy Act), the Australian Privacy Principles (APPs), and holds ISO 27001 certification. We also support IRAP-assessed environments for government users.

How does ShieldBox encryption work?

ShieldBox uses AES-256 encryption for all emails at rest and in transit. Users can optionally enable OpenPGP for zero-knowledge end-to-end encryption, meaning even ShieldBox staff cannot access your email content.

Can I use my own domain with ShieldBox?

Yes. ShieldBox supports custom domain hosting on all paid plans. You can use your own domain (e.g. you@yourcompany.com.au) with full DNS management, SPF, DKIM, and DMARC configuration.

Does ShieldBox offer a free plan?

Yes. ShieldBox offers a free plan with 5GB of Australian-hosted encrypted storage, no credit card required. Paid plans start from $9 AUD/month for additional features and storage.

How is ShieldBox different from Gmail or Outlook?

Unlike Gmail (USA) or Outlook (USA/Ireland), ShieldBox stores all data exclusively in Australia, does not scan emails for advertising, is compliant with Australian law, and uses military-grade encryption. Your data is never sold or shared with third parties.

Does ShieldBox support AFCA dispute resolution record production?

Yes. ShieldBox's legal hold and eDiscovery export functions are specifically designed for regulatory and dispute resolution contexts including AFCA. Exports include complete email threads with metadata, are tamper-proof, and include chain-of-custody documentation that AFCA accepts as evidence.

Secure Email for Insurance

Secure email for
Australian insurance companies, brokers and underwriters

Email infrastructure for the full Australian insurance sector — APRA CPS 234 ready, ASIC-compliant, with policyholder data sovereignty and 7-year claims communication archiving built in.

Start free trial — 30 days Free migration

650+

Insurance organisations

CPS 234

APRA compliance ready

7-yr

Claims record retention

100%

Policyholder data in Australia

APRA CPS 234 applies to all APRA-regulated insurers (general, life, private health) and requires board-level information security governance including email provider assessment. The requirement cannot be satisfied with Gmail or Microsoft 365 alone without independent security assessment documentation.

Regulatory Landscape

Insurance email compliance in Australia

Every compliance obligation that applies to insurance email — and how ShieldBox satisfies each one.

APRA Prudential

APRA CPS 234 — Information Security

All APRA-regulated insurers (general, life, private health) must maintain information security capability aligned with CPS 234. Email providers must be assessed for third-party security capability. Board-level accountability applies.

ASIC / AFSL

ASIC Record-Keeping (AFS Licensees)

Insurance companies and brokers holding AFSL must retain client communications for 7 years. ASIC can compel production of policyholder correspondence in disputes and regulatory investigations.

Privacy Act

Privacy Act 1988 — APP 8

Policyholder health information, claims data, and underwriting details are sensitive personal information. Insurance companies using offshore email create ongoing APP 8 cross-border disclosure for every policyholder communication.

AFCA

AFCA Disputes & Claims Records

AFCA resolution processes require insurers to produce complete claims communication records. Tamper-proof email archiving is essential for AFCA dispute resolution and complaint handling.

Platform Features

Everything insurance needs

Built from the ground up for Australian compliance requirements specific to insurance.

Policyholder data stays in Australia

All policyholder correspondence, claims communications, and underwriting data stored exclusively in Australian data centres. APRA and Privacy Act APP 8 satisfied.

7-year claims record archiving

WORM archiving of all claims correspondence. ASIC and AFCA-accessible exports with chain-of-custody documentation. Legal hold for disputed claims.

APRA 72-hour notification workflow

Automated breach detection with APRA incident notification workflow. Never miss the mandatory 72-hour APRA reporting window.

Health claims encrypted communications

Health insurance claims containing medical information encrypted at AES-256 standard, satisfying Privacy Act sensitive information requirements.

Claims team access controls

Claims assessors, underwriters, brokers, and compliance teams each configured with appropriate access. Client account segregation by policy type.

DMARC domain protection

p=reject enforcement prevents fraudulent claims correspondence pretending to originate from your insurer domain — a growing vector for claims fraud.

Insurance Verticals

Every insurance setting, covered

General Insurers

120+ insurers

APRA-regulated general insurance companies managing policyholder communications, claims assessments, and underwriting correspondence.

Get started

Private Health Insurers

35+ funds

Private health insurers with sensitive health claims data, member communications, and APRA CPS 234 health information security requirements.

Get started

Life & Income Insurers

45+ insurers

Life insurance companies managing policy onboarding, claims correspondence, and sensitive medical underwriting information.

Get started

Insurance Brokers

450+ brokers

Authorised AFSL insurance brokers with 7-year client communication records, placement documentation, and claims advocacy correspondence.

Get started

Customer Stories

Trusted by Australian insurance professionals

“Our APRA-appointed auditor flagged CPS 234 third-party assessment obligations for our email provider. ShieldBox's IRAP documentation and ISO 27001 certification satisfied our board's information security governance requirements completely.”

Paul Richardson

Chief Risk & Compliance Officer

Pacific General Insurance, Sydney NSW

“AFCA required us to produce 5 years of claims correspondence in a dispute. Our previous Gmail setup took 3 weeks to compile. ShieldBox's archived search produced everything in 40 minutes properly formatted for AFCA.”

Rebecca Tan

Head of Claims

Clarity Health Insurance, Melbourne VIC

Free migration — we do everything

Our team migrates your complete email history from Gmail, Outlook, or any provider. Overnight, zero downtime.

View migration guide

Common Questions

Insurance email FAQ

ShieldBox provides the documentation APRA CPS 234 third-party assessments require: current IRAP assessment scope document, ISO 27001 certification, contractual information security commitments, and audit access rights. Many APRA-regulated insurers have had ShieldBox cleared by their prudential auditors. Contact compliance@shieldbox.com.au.

Ready to protect your insurance practice?

Join thousands of Australian insurance professionals on the only email platform purpose-built for Australian compliance. Free 30-day trial, no credit card required.

Start free trial Talk to our team

APRA CPS 234 Guide →Financial Services Guide →Compliance Centre →Email Archiving Requirements →

Secure email forAustralian insurance companies, brokers and underwriters

Insurance email compliance in Australia

Everything insurance needs

Every insurance setting, covered

Trusted by Australian insurance professionals

Insurance email FAQ

Ready to protect your insurance practice?

Secure email for
Australian insurance companies, brokers and underwriters