Back to Home
Last Updated: 1 October 2025
Enterprise Security

Security Center

Your trust is our priority. Learn how we protect your sensitive healthcare data with industry-leading security measures and compliance standards.

HIPAA Compliant
APP Compliant
SOC 2 Standards
ISO 27001 Aligned
256-bit
AES Encryption
99.9%
Uptime SLA
24/7
Monitoring
100%
Australian Hosted

Security Overview

AudZone implements defense-in-depth security strategies to protect your sensitive healthcare data. Our multi-layered approach ensures that your patient information, clinical documentation, and practice data remain secure at every level.

Defense in Depth

Multiple security layers from network to application

Continuous Monitoring

24/7 threat detection and incident response

Regular Audits

Independent security assessments and penetration testing

DevSecOps

Security integrated into development lifecycle

Data Encryption

Encryption at Rest

AES-256 Encryption

All stored data encrypted with industry-standard AES-256

Encrypted Backups

All backups encrypted and stored in secure Australian data centers

Key Management

Encryption keys managed through secure key management service

Encryption in Transit

TLS 1.3

Latest TLS protocol for all data transmission

Certificate Pinning

Prevents man-in-the-middle attacks

Perfect Forward Secrecy

Ensures past communications remain secure

End-to-End Protection: Your data is encrypted from the moment it leaves your device until it's securely stored in our Australian data centers.

PHI Protection

Protected Health Information (PHI) requires special handling. Our comprehensive PHI protection system ensures patient privacy at every step.

Comprehensive PHI Protection

Data Minimization

All personal identifiers are automatically removed before any external processing, ensuring maximum privacy protection.

Multi-Layer Protection

Multiple detection and sanitization layers ensure comprehensive coverage of all sensitive data types.

Industry Standards Compliance

HIPAA Safe Harbor

Full compliance with de-identification standards

Privacy by Design

Privacy protection built into every system component

Zero Trust Architecture

Never trust, always verify approach to data access

Network Security: All sensitive data is protected using industry best practices for secure transmission and storage.

Access Control

Authentication

Secure Authentication

  • • PKCE flow implementation
  • • Magic link options
  • • Session timeout controls
  • • Password complexity requirements

Multi-Factor Options

  • • Email verification
  • • Time-based OTP
  • • Biometric support
  • • Device recognition

Authorization

Role-Based Access Control (RBAC)

Granular permissions based on user roles

Row-Level Security (RLS)

Database-enforced access restrictions

Multi-Tenant Isolation

Complete data separation between organizations

Principle of Least Privilege

Users only access what they need

Infrastructure Security

Australian Data Sovereignty

All your data stays in Australia, ensuring compliance with Australian privacy laws.

Primary Database

Supabase - Sydney, Australia

  • • SOC 2 Type II certified
  • • 99.9% uptime SLA
  • • Automated backups

Application Hosting

Vercel - Australia Region

  • • Edge network
  • • DDoS protection
  • • Auto-scaling

Network Security

Web Application Firewall (WAF)

Protection against common web vulnerabilities

DDoS Protection

Automatic mitigation of distributed attacks

Content Security Policy (CSP)

Prevents XSS and injection attacks

Rate Limiting

API protection against abuse

Application Security

Secure Development

  • • Security-first development practices
  • • Continuous security testing
  • • Regular dependency updates
  • • Automated vulnerability scanning

Input Protection

  • • Comprehensive input validation
  • • Protection against injection attacks
  • • Cross-site scripting prevention
  • • Request forgery protection

Secure Logging

  • • No sensitive data in logs
  • • Comprehensive audit trails
  • • Secure log storage
  • • Anomaly detection

Error Handling

  • • Generic error messages
  • • No stack traces exposed
  • • Graceful degradation
  • • Error monitoring

Compliance & Standards

HIPAA Compliance

  • ✓ Administrative safeguards
  • ✓ Physical safeguards
  • ✓ Technical safeguards
  • ✓ Safe Harbor de-identification

Australian Privacy Principles

  • ✓ APP compliant data handling
  • ✓ Data sovereignty maintained
  • ✓ User rights implementation
  • ✓ Breach notification ready

SOC 2 Type II

  • ✓ Security controls
  • ✓ Availability measures
  • ✓ Processing integrity
  • ✓ Confidentiality protection

ISO 27001 Aligned

  • ✓ Information security management
  • ✓ Risk assessment framework
  • ✓ Continuous improvement
  • ✓ Incident management

Regular Audits: We undergo independent security assessments annually and maintain continuous compliance monitoring to ensure the highest standards of security.

Incident Response

Response Plan

Our comprehensive incident response plan ensures rapid detection and mitigation of security events.

1

Detection & Analysis

Automated monitoring and threat detection within minutes

2

Containment

Immediate isolation of affected systems

3

Eradication & Recovery

Remove threat and restore normal operations

4

Communication

Notify affected parties within 72 hours as required

5

Post-Incident Review

Learn and improve security measures

24/7 Response Team: Our security team is available around the clock to respond to potential security incidents.

Your Security Responsibilities

Security is a shared responsibility. Here's how you can help protect your account and data:

Password Security

  • • Use strong, unique passwords
  • • Never share login credentials
  • • Enable multi-factor authentication
  • • Change passwords regularly

Access Management

  • • Review user permissions regularly
  • • Remove inactive users promptly
  • • Use role-based access control
  • • Monitor access logs

Device Security

  • • Keep devices updated
  • • Use antivirus software
  • • Lock screens when away
  • • Avoid public Wi-Fi

Data Handling

  • • Obtain patient consent
  • • Report suspicious activity
  • • Follow data retention policies
  • • Secure physical documents

Security Updates & Transparency

Continuous Improvement

We continuously update our security measures to address emerging threats and maintain the highest standards of protection.

Regular Updates

Security patches applied within 24-48 hours of release

Dependency Management

Automated vulnerability scanning and updates

Bug Bounty Program

Rewards for responsible disclosure of vulnerabilities

Transparency Reports

We believe in transparency about our security practices and incidents:

  • • Annual security audit summaries
  • • Incident statistics (anonymized)
  • • Security improvement initiatives
  • • Compliance certification status

Report Security Issues

If you discover a security vulnerability or have concerns about our security practices, please contact us immediately.

Security Team Contact

privacy@audzone.com.au

For security vulnerabilities

PGP Key Available

For encrypted communications

24-hour response

For critical vulnerabilities

Responsible Disclosure

We appreciate security researchers who:

  • • Report vulnerabilities privately first
  • • Provide detailed reproduction steps
  • • Allow reasonable time for fixes
  • • Don't access other users' data

Eligible for bug bounty rewards

Your security is our priority. Thank you for helping us maintain the highest standards of protection for healthcare data.

AudZone Trust Center

Security isn't just a feature—it's fundamental to everything we do. We're committed to protecting your data with the highest standards of security and privacy.

256-bit Encryption
Australian Hosted
HIPAA Compliant
24/7 Monitoring
PHI Protected

© 2025 AudZone Pty Ltd. All rights reserved.

Security is our commitment to you.

Privacy PolicyTerms of ServiceContact