Keeping your information secure
We take your security seriously, so you can use our services with confidence. Here’s how we help protect you, and what you can do to stay safe online.

We protect your information
We use multiple layers of security to help keep your information safe.
- Encryption
Your data is encrypted at rest and in transit. They are not readable if intercepted. - Access Controls
Only authorised staff can access your data on a need-to-know basis - Change Management
We ensure that any modification to our systems are reviewed, tested and approved before release - Regular Security Testing
Expert-led security audits and penetration tests - Continuous Monitoring
Our systems watch for unusual activity and alert our security team instantly - Employee Awareness
Our staff completes regular security and privacy training so they can recognize and prevent threats - ISO/IEC27001 certified
Our information security management system is independently audited and certified to the ISO/IEC 27001 standard - Compliance
We handle your data in compliance within accordance with the Australian Privacy Act 1988 and Australia Spam Act 2003.
Protecting Yourself Online
Simple habits can make a big difference.
Strong & unique
Turn on two-factor
Not in public
Unsecured networks can expose your information.
Use mobile data or a trusted, secure network where possible
Check before click
Log out
Update devices
How to spot a
phishing email
Phishing messages are designed to look genuine but aim to trick you into sharing personal information.
Bluestone will only contact you using our domain: bluestone.com.au.
What to look out for:
- Spelling mistakes or unusual wording
- Links that don’t match the organisation’s website
- Urgent or threatening language
- Offers that seem too good to be true
- Unexpected emails or messages, especially with attachments
If something doesn’t feel right, don’t click. Contact us immediately using trusted details.
What we don’t do
- We will never ask for your password, PIN or one‑time codes, and never in an unsolicited email, text, phone call or message
- We will never ask for remote access to your computer or devices to “fix a problem” or send you software to download
- We will never ask you to make payment through unusual mechanisms (such as stored value cards or gift cards),
- We will never ask you to transfer funds or purchase gift cards
- We will not ask you to urgently click a link and log in
- We will never request remote access to your device
- We will not pressure you to make immediate financial decisions
- Our emails will always only come from bluestone.com.au
Not sure if it’s really us?
Something not quite right?
If you’re unsure about a communication claiming to be from Bluestone, contact us directly using our official website.
If you notice suspicious activity, receive a message that doesn’t seem right, or have concerns about your data, contact us as soon as possible.
The sooner we know, the sooner we can help.