Regulatory Compliance
We are a compliant APP Entity under the Privacy Act 1988 (Cth).
We adhere to the Notifiable Data Breaches (NDB) scheme.
Our governance aligns with Aged Care Quality Standard 5 (Clinical Governance).
Data Sovereignty
Your data never leaves Australia.
Primary Database: Sydney (AWS ap-southeast-2).
AWS Services: Sydney (ap-southeast-2).
Backups: Sydney (Replicated across 3 Availability Zones).
Infrastructure Security
Hosted on Supabase (SOC 2 Type II Certified).
Data Encrypted At Rest (AES-256).
Data Encrypted In Transit (TLS 1.3).
Network protection via AWS Shield.
Security Controls
Product Security
How our application protects your data at the code level.
Row Level Security (RLS)
Every database query is cryptographically verified. Users can only access data belonging to their specific organisation.
Authentication
We use secure JWTs (JSON Web Tokens) for session management. Passwords are hashed using bcrypt and never stored in plaintext.
Role-Based Access (RBAC)
Granular permissions ensure staff members only see the data required for their specific role (e.g., carer vs. administrator).
Automated Scanning
Our codebase undergoes automated vulnerability scanning (SAST/DAST) prior to every deployment.
Trusted Subprocessors
We use a minimal set of enterprise-grade providers to deliver our service. We do not sell data.
| Provider | Service Provided | Location | Security Certifications |
|---|---|---|---|
| Supabase (AWS) | Core Database, Auth, Edge Functions | Sydney, AU | SOC 2 Type II HIPAA |
| AWS | SES, Integrations, Amplify, AI/LLM | Sydney, AU | SOC 2 Type II ISO 27001 |
| Zoho Desk | Customer Support Ticketing | Sydney, AU | ISO 27001 GDPR |
Frequently Asked Questions
Information valid as of: November 25, 2025