Your data, protected.

Your clinic's data is stored in Australia, on AWS Sydney, on SOC 2 Type 2 certified infrastructure used by thousands of businesses worldwide. It never leaves Australian infrastructure at rest.

• Encrypted everywhere

  TLS 1.2+ in transit and AES-256 at rest, on by default across every service.

• Row-level isolation

  Row-level security at the database layer. One clinic's data is architecturally isolated from another's.

• Two-factor authentication

  Available on every staff account, with enforcement options for clinic administrators.

• Logged and reviewed

  Access to sensitive data is logged and reviewed, with anomaly alerts on our internal systems.

We use a small number of specialist infrastructure providers, each certified and contracted. We never sell, share with advertisers, or hand data to brokers.

• Data centre

  Purpose

  Database and file storage (AWS Sydney)

  Certification

  SOC 2 Type 2

• Telephony

  Purpose

  Phone & SMS

  Certification

  ISO 27001, SOC 2 Type 2

• Voice AI

  Purpose

  Real-time speech synthesis and transcription

  Certification

  SOC 2 Type 2

• Payments

  Purpose

  Subscription billing

  Certification

  PCI-DSS Level 1, ISO 27001

• Hosting

  Purpose

  Web application hosting

  Certification

  SOC 2 Type 2, ISO 27001

The AI models powering our conversations are contractually prohibited from training on your data. This is guaranteed by our voice provider's agreements with the underlying model providers. We configure call data retention to the minimum needed for your clinic to operate, and we can delete transcripts and recordings on request.

We're built around the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), not retrofitted from an overseas system.

• Breach notification under the Notifiable Data Breaches (NDB) scheme (72-hour clock)
• Data export and deletion on request
• Transparent cross-border disclosure for sub-processors outside Australia