Security & Privacy
Your clients trust you with sensitive information. We take that responsibility seriously.
Where is my data stored?
Your data is stored in Australia on enterprise-grade cloud infrastructure. We use industry-leading cloud providers that comply with Australian data sovereignty requirements. All data remains within Australian jurisdiction.
Is my client data secure?
Absolutely. We protect your data with multiple layers of security:
- Bank-level encryption for all data in transit and at rest
- Strict access controls ensuring only authorised users can see client information
- Automatic backups to prevent data loss
- 24/7 security monitoring by our infrastructure providers
Who can access my client information?
Only you and the clinicians in your practice that you authorise. We have strict internal policies against accessing client data without explicit consent. Our systems enforce access controls at the database level — queries simply won't return data you're not authorised to see.
Is ClientForms designed for healthcare privacy?
Yes. We're built with healthcare privacy requirements in mind:
- Data encrypted everywhere it moves and where it's stored
- Secure authentication with multi-factor options
- Data isolation — each practice's data is completely separate
- Built on infrastructure trusted by healthcare organisations worldwide
What happens if there's a security incident?
We have multiple layers of protection:
- Enterprise DDoS and attack prevention
- Real-time threat detection
- If an incident ever occurred, we'd notify affected users within 72 hours as required by Australian privacy law
Can I export or delete my data?
You have complete control over your data. You can request full account deletion at any time, and we honour all data subject access requests. Data export functionality is on our roadmap — in the meantime, you can view all assessment results directly in your dashboard.
Do you share data with third parties?
We never sell your data. The only third parties involved are:
- Payment processing — for billing only, no clinical data is shared
- Cloud infrastructure — they store but cannot read your encrypted data
Australian Privacy Principles
We follow all 13 Australian Privacy Principles (APPs) under the Privacy Act 1988. Here's what each one means for you.
We're upfront about what we collect
This page is our privacy policy. No hidden data collection, no surprises. If anything changes, we'll update this page and let you know.
Patients can use initials or pseudonyms
Forms capture what clinicians need for assessment. Patients aren't required to provide full legal names — initials or preferred names work fine for clinical purposes.
We only collect what's clinically necessary
Forms ask only for information needed to complete the assessment. No unnecessary fields, no data harvesting.
Unrequested information is handled carefully
If someone sends us information we didn't ask for, we assess whether we're allowed to keep it. If not, we delete it securely.
Patients know what they're submitting
Each form clearly shows what information is being collected and for what purpose. Consent is captured before submission.
Data is used only for clinical care
Assessment data goes to the clinician who requested it. We don't sell it, share it with marketers, or use it for anything other than delivering your service.
Patients never receive marketing from us
Patient information is never used for marketing. Clinicians may receive product updates, with a clear unsubscribe option in every email.
Data stays in Australia
All clinical data is stored on servers in Sydney. It doesn't leave Australian jurisdiction, giving you confidence about where sensitive information lives.
Government IDs aren't used as identifiers
We generate our own internal identifiers. Medicare numbers, driver's licences, and other government IDs are never adopted as account or patient identifiers.
Assessment data is preserved accurately
Form responses are timestamped and stored exactly as submitted. This maintains clinical integrity and supports audit requirements.
Strong security protects everything
Bank-level encryption, strict access controls, and continuous monitoring. We follow healthcare record retention — adult records kept 7 years, children's records until they turn 25.
You can access or delete your data
Want to see what we hold? Need something removed? Just ask. We honour requests promptly, subject to healthcare retention requirements.
Patient details can be corrected
Clinicians can edit patient contact details directly in the dashboard.
Learn more about the Australian Privacy Principles at oaic.gov.au
Questions about security?
We're happy to discuss your specific requirements.