SECURITY CENTER

How we protect your data

Your patients trust you with their health information. We take that responsibility seriously. Here's exactly how we keep it safe.

Healthcare-Grade SecurityAPP Compliant100% Australian HostedAES-256 Encryption

256-bit AES

Encryption Standard

High

Availability

270+

RLS-Protected Tables

100%

Australian Hosted

OUR APPROACH

Security overview

We build security into every layer of the platform, not as an afterthought, but as a foundational principle.

Defense in Depth

Multiple layers of security controls protect your data at every level, from network to application to database.

Platform Monitoring

Automated monitoring via our infrastructure providers detects unusual activity across the platform.

Ongoing Reviews

Internal security reviews and continuous compliance monitoring ensure our practices meet the highest standards.

DevSecOps

Security is integrated into every stage of our development lifecycle, from design through to deployment.

ENCRYPTION

Data encryption

Your patient data is encrypted at every stage, whether it's sitting in our database or moving between your browser and our servers.

At Rest

AES-256 encryption for all stored data
Encrypted database backups in Australian data centres
Application-level AES-256-GCM for patient PII fields

In Transit

TLS 1.2+ encryption for all connections
Automated certificate management
Secure transport protocols

PHI PROTECTION

Protecting health information

Patient health information is treated with the highest level of care, following privacy-by-design principles throughout.

Data Minimization

We only collect and retain what's clinically necessary. No unnecessary data storage, no selling or sharing of patient information.

Multi-Layer Protection

Encryption, access controls, and comprehensive audit logging work together to protect every piece of patient data.

Continuous Oversight

Every access to patient data is logged, monitored, and auditable, so you always know your information is handled responsibly.

Australian Privacy PrinciplesPrivacy by DesignDefense in Depth

ACCESS CONTROL

Who can access what

Every request is authenticated, authorized, and isolated. Here's how we ensure only the right people see the right data.

Authentication

Secure login with PKCE flow
Passwordless magic links
Automatic session timeout

Multi-Factor Options

Email verification
One-time passwords (OTP)
Quick access PIN

Authorization

Role-based access control
Row-level security (RLS)
Multi-tenant isolation
Principle of least privilege

COMPLIANCE

Compliance framework

We align with and comply with the industry's most respected security and privacy frameworks.

Compliant

APP

Australian Privacy Principles

Compliant

HSP / Medicare

Australian Audiology Regulatory Compliance

Infrastructure

SOC 2

Via Supabase & Vercel (Type II certified)

Aligned

ISO 27001

Information Security Management

Questions about security?

We're happy to walk you through our security practices in more detail. Our privacy team is always available to discuss your specific needs and compliance requirements.

privacy@audzone.com.au

SECURITY CENTER

How we protect your data

Your patients trust you with their health information. We take that responsibility seriously. Here's exactly how we keep it safe.

Healthcare-Grade SecurityAPP Compliant100% Australian HostedAES-256 Encryption

256-bit AES

Encryption Standard

High

Availability

270+

RLS-Protected Tables

100%

Australian Hosted

OUR APPROACH

Security overview

We build security into every layer of the platform, not as an afterthought, but as a foundational principle.

Defense in Depth

Multiple layers of security controls protect your data at every level, from network to application to database.

Platform Monitoring

Automated monitoring via our infrastructure providers detects unusual activity across the platform.

Ongoing Reviews

Internal security reviews and continuous compliance monitoring ensure our practices meet the highest standards.

DevSecOps

Security is integrated into every stage of our development lifecycle, from design through to deployment.

ENCRYPTION

Data encryption

Your patient data is encrypted at every stage, whether it's sitting in our database or moving between your browser and our servers.

At Rest

AES-256 encryption for all stored data
Encrypted database backups in Australian data centres
Application-level AES-256-GCM for patient PII fields

In Transit

TLS 1.2+ encryption for all connections
Automated certificate management
Secure transport protocols

PHI PROTECTION

Protecting health information

Patient health information is treated with the highest level of care, following privacy-by-design principles throughout.

Data Minimization

We only collect and retain what's clinically necessary. No unnecessary data storage, no selling or sharing of patient information.

Multi-Layer Protection

Encryption, access controls, and comprehensive audit logging work together to protect every piece of patient data.

Continuous Oversight

Every access to patient data is logged, monitored, and auditable, so you always know your information is handled responsibly.

Australian Privacy PrinciplesPrivacy by DesignDefense in Depth

ACCESS CONTROL

Who can access what

Every request is authenticated, authorized, and isolated. Here's how we ensure only the right people see the right data.

Authentication

Secure login with PKCE flow
Passwordless magic links
Automatic session timeout

Multi-Factor Options

Email verification
One-time passwords (OTP)
Quick access PIN

Authorization

Role-based access control
Row-level security (RLS)
Multi-tenant isolation
Principle of least privilege

COMPLIANCE

Compliance framework

We align with and comply with the industry's most respected security and privacy frameworks.

Compliant

APP

Australian Privacy Principles

Compliant

HSP / Medicare

Australian Audiology Regulatory Compliance

Infrastructure

SOC 2

Via Supabase & Vercel (Type II certified)

Aligned

ISO 27001

Information Security Management

Questions about security?

We're happy to walk you through our security practices in more detail. Our privacy team is always available to discuss your specific needs and compliance requirements.

privacy@audzone.com.au