1. Zero-Knowledge Field-Level Encryption
Unlike standard clinic software that only encrypts the entire database, we use Field-Level AES-256 Encryption.
What this means: Sensitive fields such as Clinical Notes, Diagnoses, and Treatment Plans are encrypted individually on our servers before they are ever saved.
Zero-Knowledge: Your data is locked with a unique master key. This means that not even our developers or system administrators can read your clinical notes. To us, your notes look like a random string of scrambled characters.
2. Data in Transit & At Rest
In Transit
All data moving between your device and our servers is protected by SSL/TLS 1.3 (the same level of security used by global banks).
At Rest
All database backups and storage volumes are encrypted, ensuring that even in the unlikely event of a hardware breach, your data remains useless to unauthorized parties.
3. Regulatory Compliance
Our architecture is built from the ground up to be fully compliant with:
- Australian Privacy Principles (APPs):Meeting all requirements for the handling of sensitive health information under the Privacy Act 1988.
- HIPAA (USA):Adhering to the Technical Safeguards required for Protected Health Information (PHI).
- GDPR (EU):Ensuring the "right to be forgotten" and strict data sovereignty for our international users.
Our Promise
You own your data. We simply provide the vault.
We will never sell, analyze, or "peek" into your clinical records for any reason.