Instant Postgres REST & GraphQL APIs, authentication, object storage, and transactional email — on 100% Australian-owned infrastructure. No CLOUD Act exposure. No foreign jurisdiction. Open source at the core.
Sydney & Canberra zones · 100% Australian-owned · Open source stack
We'll be in touch with sandbox access details shortly.
Most Australian developers pick "ap-southeast-2" and assume they're compliant. But if your backend provider is a US-incorporated company, your data is legally reachable under the US CLOUD Act — regardless of where the servers sit. American authorities can compel disclosure without going through Australian courts.
The Australia-US CLOUD Act agreement came into force in May 2026, formalising cross-border data access between the two governments. Meanwhile, the Privacy Act 2024 amendments introduced penalties of up to $50 million, three times the benefit obtained, or 30% of adjusted turnover — whichever is greatest — per contravention of a serious interference with privacy.
And from 1 July 2026, the Whole-of-Government Cloud Computing Policy mandates cloud-first for all new federal digital and ICT initiatives. Agencies must use infrastructure hosted in certified, sovereignty-compliant facilities.
Sources: Privacy and Other Legislation Amendment Act 2024 (Cth) · OAIC Regulatory Action Guide · DTA Cloud Computing Policy (Dec 2025)
| Sovereignty Checkpoint | US-Owned BaaS(Firebase, Supabase Cloud, etc.) | WattleDB |
|---|---|---|
| Servers physically in Australia | ✓ Yes | ✓ Yes |
| Parent entity 100% Australian-owned | ✗ No — US parent | ✓ Yes — AU Pty Ltd |
| Outside reach of US CLOUD Act | ✗ No | ✓ Yes |
| All support staff Australian citizens | ✗ Global workforce | ✓ Onshore only |
| Transactional email routed locally | ✗ Offshore relays | ✓ AU-only SMTP |
| Object storage under AU jurisdiction | ✗ US entity control | ✓ S3-compat, AU-only |
| Architected for IRAP assessment | ✗ Not applicable | ✓ ISM-aligned controls |
The developer experience of a modern BaaS, backed by battle-tested open-source components, inside a sovereignty perimeter no foreign law can pierce.
Point WattleDB at your PostgreSQL schema and get auto-generated, production-ready REST endpoints via PostgREST. Full CRUD, filtering, pagination, and OpenAPI docs — zero backend code required.
PostgREST · Open SourceUser registration, login, password recovery, and JWT issuance — all running locally on GoTrue. Pairs natively with Postgres RLS so your access policies live in the database, not in application code.
GoTrue · Open SourceSignup confirmations, password resets, and magic links routed exclusively through Australian SMTP infrastructure. Verification tokens never traverse overseas relays or foreign-owned mail networks.
AU SMTP · On-Soil RoutingUpload and serve files with full S3 API compatibility. Patient records, government documents, user assets — stored with data residency guarantees and fine-grained access control via storage policies.
S3 API · AU ResidencyListen to database changes over secure WebSocket connections. Build collaborative features, live dashboards, and notification systems — all traffic stays within Australian network boundaries.
Coming SoonDeploy server-side logic to Australian edge nodes. Run custom business rules, webhooks, and integrations close to your users without data ever leaving the sovereignty perimeter.
Coming SoonFrom your frontend to the database — every hop, every byte, every service stays within Australian jurisdiction.
If you've used Supabase or Firebase, you already know how WattleDB works. Same developer speed — sovereign by default.
Supabase-compatible client libraries for JavaScript, Python, Dart, and Swift. Switch your connection string and you're sovereign.
Define tables in Postgres. WattleDB auto-generates type-safe REST endpoints, handles auth, and enforces RLS — no ORM, no route files.
Web-based dashboard for database management, user admin, and storage browsing. CLI for local development, migrations, and CI/CD pipelines.
Start sovereign for your AU customers. Your architecture doesn't change when you expand — just add regions later.
Tick the compliance box on day one. Close contracts your US-hosted competitors can't touch.
Meet My Health Records Act residency requirements and pass hospital procurement audits. Patient data stays under Australian jurisdiction — no CLOUD Act loophole.
OAIC · My Health Records ActAlign with the Whole-of-Government Cloud Policy (effective Jul 2026) and the Hosting Certification Framework. Build on infrastructure designed for IRAP assessment at PROTECTED level.
DTA · ISM · PSPFSatisfy APRA CPS 234 information security requirements and demonstrate data sovereignty to enterprise clients. Win RFPs that require 100% Australian jurisdictional control.
APRA CPS 234 · Privacy ActWattleDB is built on proven open-source components. Audit every line. Export your data any time. No proprietary black boxes.
The world's most advanced open-source database
Auto-generated REST API from your schema
JWT-based auth & user management
Standard object storage protocol
Self-hosting on AWS Sydney puts your data in Australia physically, but AWS is a US-incorporated company subject to the CLOUD Act. A US warrant can compel AWS to hand over data from any region without notifying you or going through Australian courts. WattleDB is a 100% Australian Pty Ltd — no foreign parent entity, no foreign legal exposure. The entire stack, including support personnel, is onshore and under Australian law.
IRAP (Infosec Registered Assessors Program) is not a certification you pass or fail — it's a risk-based assessment framework run by the Australian Cyber Security Centre. Our infrastructure is designed from the ground up to align with the Australian Government Information Security Manual (ISM) controls, making the path to a successful IRAP assessment at PROTECTED level substantially shorter and cheaper for your organisation.
Absolutely. WattleDB gives you sovereign infrastructure for your Australian data and compliance requirements. Your frontend can serve users globally — API responses are delivered over standard HTTPS. Many SaaS companies need AU sovereignty for domestic customers while operating internationally. Start sovereign, scale globally.
WattleDB uses the same open-source stack that Supabase is built on — PostgreSQL, PostgREST, and GoTrue. Our client libraries are API-compatible. In many cases, migration is as simple as updating your connection string and API URL. We provide migration tooling and guides, and our onshore team helps with hands-on support during the transition.
We'll share detailed pricing with our sandbox cohort. Expect a usage-based model similar to what you're used to from Supabase, with a free tier for development. Sovereign infrastructure has a cost premium over hyperscale providers, but it's a fraction of the compliance cost — and a rounding error next to a $50M penalty.
WattleDB is built by RR Sols Pty Ltd, a 100% Australian-owned company. Our team are Australian citizens with backgrounds in cloud infrastructure, database engineering, and regulated-industry compliance. We're building the tool we wished existed when selling SaaS into Australian government and healthcare.
We're onboarding our first cohort of Australian developers and startups. Get sandbox access, shape the product roadmap, and be first to market with a sovereign backend.
No credit card · Free sandbox tier · Cancel any time
We'll be in touch with sandbox access details shortly.