Data Storage Policy

1. Introduction

MEDsort Pty Ltd (“MEDsort”, “we”, “us”, or “our”) provides an AI-powered medical document workflow automation platform for healthcare practices across Australia. Given the sensitive nature of health information processed through our Service, we maintain the highest standards for data storage, handling, and security.

This Data Storage Policy outlines where and how your data is stored, processed, and protected. It should be read in conjunction with our Privacy Policy, which explains the types of information we collect and how we use it.

We recognise that medical practices entrust us with highly sensitive patient health information. This policy reflects our commitment to maintaining that trust through transparent, robust, and Australian-based data management practices.

2. Our Commitment to Australian Data Sovereignty

All data processed by MEDsort is stored and processed exclusively within Australia. We do not transfer, replicate, or process customer data — including patient health information, practice data, user accounts, and uploaded documents — in any jurisdiction outside of Australia.

This commitment means:

• All primary databases and storage systems are hosted in Australian data centres
• All backup and disaster recovery infrastructure is located within Australia
• All AI and document processing occurs on infrastructure located within Australia
• No customer data is transmitted to overseas servers, even temporarily, for processing, analytics, or any other purpose
• All third-party service providers that handle customer data are contractually required to process data exclusively within Australian territory

This approach ensures that your data remains under Australian jurisdiction at all times, subject to Australian privacy law including the Privacy Act 1988 (Cth), and is not exposed to foreign government access requests or surveillance regimes.

3. Storage Infrastructure

3.1 Data Centre Locations

MEDsort infrastructure is hosted across geographically separated data centres within Australia to ensure high availability and disaster resilience. Our primary and secondary data centres are located in:

• Sydney, New South Wales — Primary data centre for application hosting, database services, and document storage
• Melbourne, Victoria — Secondary data centre for failover, backup replication, and disaster recovery

3.2 Data Centre Standards

Our data centre providers maintain the following certifications and standards:

• ISO 27001 certification for information security management
• SOC 2 Type II compliance for security, availability, and confidentiality
• Physical security including 24/7 monitoring, biometric access controls, and multi-layer perimeter security
• Redundant power supplies with uninterruptible power systems (UPS) and diesel generator backup
• Redundant cooling and fire suppression systems
• Redundant network connectivity with multiple tier-1 carriers

3.3 Database Architecture

Customer data is stored in managed PostgreSQL databases hosted within our Australian infrastructure. Databases are configured with:

• Automatic failover to standby replicas within the same region
• Point-in-time recovery capability with continuous write-ahead log archiving
• Logical separation of customer data at the application layer
• Connection encryption enforced for all database communications

4. Data Processing Locations

All data processing — including application logic, API requests, background jobs, and scheduled tasks — occurs on compute infrastructure located within Australia.

4.1 Application Processing

Our web application, API servers, and background workers run on Australian-based compute instances. User requests are routed through Australian-based load balancers and never leave the country for processing.

4.2 Document Upload and Storage

When medical documents (PDFs, emails, attachments) are uploaded to MEDsort, they are:

• Received by our Australian-based application servers
• Encrypted and stored in Australian-based object storage
• Processed by our Australian-hosted AI infrastructure (see Section 5)
• Retained in encrypted form within our Australian database infrastructure

At no point during the upload, processing, or storage lifecycle does document data leave Australian jurisdiction.

4.3 Analytics and Logging

Application logs, error tracking, and performance monitoring data are processed and stored within Australian infrastructure. Any analytics data used for service improvement is aggregated and de-identified before processing.

5. AI and Document Processing

MEDsort uses artificial intelligence to extract structured information from medical documents. Given the sensitivity of health information, we have implemented strict controls around AI processing.

5.1 Australian-Based AI Infrastructure

All AI processing of medical documents occurs exclusively on infrastructure hosted within Australia. We utilise AI model deployments that are hosted in Australian data centres, ensuring that document content — including patient names, health identifiers, test results, and clinical findings — is never transmitted outside of Australia for processing.

5.2 Processing Lifecycle

When a document is submitted for AI processing:

• The document content is transmitted over encrypted channels to our Australian-hosted AI processing infrastructure
• The AI model analyses the document and extracts structured data including patient details, test types, results, and clinical notes
• Extracted data is returned to our application servers (also hosted in Australia) and presented to the user for review
• Document content is not retained by the AI processing infrastructure after the extraction is complete

5.3 Model Training and Data Isolation

Customer data is not used to train, fine-tune, or improve general-purpose AI models. Each document processing request is treated as an isolated transaction. We do not aggregate patient data across practices for model training purposes.

5.4 AI Provider Requirements

Any third-party AI provider we engage is contractually required to:

• Process data exclusively within Australian-based infrastructure
• Not retain, log, or store document content after processing
• Not use customer data for model training or improvement
• Maintain security certifications equivalent to or exceeding our own standards
• Undergo regular security assessments and provide audit reports

6. Encryption and Security

6.1 Encryption in Transit

All data transmitted between your browser and our servers, and between our internal services, is encrypted using TLS 1.2 or higher. We enforce HTTPS on all endpoints and employ HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.

6.2 Encryption at Rest

All stored data is encrypted at rest using AES-256 encryption, including:

• Database contents (patient records, user accounts, extracted data)
• Uploaded documents and attachments in object storage
• Database backups and archived data
• Application logs and audit trails

6.3 Key Management

Encryption keys are managed through a dedicated key management service hosted within Australian infrastructure. Keys are rotated regularly, and access to key management operations is restricted to a minimal set of authorised personnel with appropriate audit logging.

6.4 Network Security

• Virtual private cloud (VPC) isolation for all production infrastructure
• Network firewalls and security groups restricting traffic to required ports and protocols
• Web application firewall (WAF) protection against common attack vectors
• DDoS mitigation through Australian-based traffic filtering
• Intrusion detection and prevention systems monitoring for anomalous activity

7. Access Controls

7.1 Customer Access

Access to data within the MEDsort platform is governed by role-based access controls (RBAC) configured by practice administrators. Available roles include:

• Practice Administrator — Full access to practice settings, user management, and all patient data
• Practitioner — Access to patient records, document processing, and clinical workflows
• Receptionist — Access to document inbox and patient demographics, with restricted access to clinical data

All user authentication supports multi-factor authentication (MFA), and Enterprise plans include single sign-on (SSO) integration.

7.2 MEDsort Staff Access

Access to production systems and customer data by MEDsort personnel is strictly controlled:

• Production access is limited to senior engineering and operations staff on a need-to-access basis
• All production access requires MFA and is performed through audited access management systems
• Access sessions are time-limited and automatically revoked
• All access to customer data is logged with full audit trails including the staff member, timestamp, action performed, and business justification
• Staff undergo background checks and sign confidentiality agreements before being granted any access

7.3 Third-Party Access

No third-party vendor is granted standing access to customer data. Where temporary access is required for support or maintenance purposes, it is granted on a time-limited, least-privilege basis with full audit logging and customer notification where applicable.

8. Backups and Redundancy

8.1 Backup Strategy

We maintain a comprehensive backup strategy to protect against data loss:

• Continuous backups — Write-ahead log archiving enables point-in-time recovery to any moment within the retention window
• Daily snapshots — Full database snapshots are taken daily and retained for 30 days
• Weekly archives — Weekly backup archives are retained for 90 days
• Document storage — Uploaded documents are stored with built-in redundancy across multiple availability zones within Australia

8.2 Geographic Redundancy

All backups are replicated to our secondary data centre in a geographically separate Australian location. This ensures data survivability in the event of a localised disaster affecting our primary data centre. Both primary and secondary locations are within Australia.

8.3 Recovery Testing

We perform regular disaster recovery testing to validate our backup and restoration procedures. Recovery time objectives (RTO) and recovery point objectives (RPO) are documented and tested quarterly.

9. Data Retention and Deletion

9.1 Retention Periods

• Active account data — Retained for the duration of your subscription, stored in our Australian databases
• Processed documents and extracted data — Retained within your practice's account for the duration of your subscription
• Audit logs — Retained for 12 months in identifiable form, then in de-identified aggregated form
• Billing records — Retained for 7 years in accordance with Australian Taxation Office requirements

9.2 Account Termination

Upon termination of your subscription, we follow a structured data deletion process:

• A 30-day grace period during which your data remains accessible for export
• After the grace period, all customer data is scheduled for secure deletion
• Data is securely deleted from primary storage within 60 days of the grace period ending
• Backup copies are purged as they naturally expire through the backup rotation cycle (maximum 90 days)

9.3 Secure Deletion

When data is deleted, we employ cryptographic erasure and secure deletion methods that render the data unrecoverable. Deletion events are logged for compliance and audit purposes.

9.4 Data Export

You may request a full export of your data at any time during your active subscription. Exports are provided in standard, machine-readable formats (CSV, JSON) and include all patient records, processed documents, and extracted data associated with your account.

10. Incident Response

10.1 Security Incident Handling

We maintain a documented incident response plan that covers identification, containment, eradication, recovery, and post-incident analysis. Our incident response team is available 24/7 to respond to potential security events.

10.2 Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act)
• Notify affected customers and individuals as soon as practicable, and no later than 30 days after becoming aware of the breach
• Provide clear information about what data was affected, the likely consequences, and the steps we are taking in response
• Offer guidance to affected individuals on protective measures they can take

10.3 Vulnerability Management

We conduct regular vulnerability assessments and penetration testing of our infrastructure and application. Critical vulnerabilities are patched within 24 hours of identification, and high-severity vulnerabilities within 72 hours.

11. Compliance and Standards

MEDsort's data storage and handling practices are designed to meet or exceed the following standards and regulatory requirements:

• Privacy Act 1988 (Cth) — Including the Australian Privacy Principles (APPs) and the Notifiable Data Breaches scheme
• My Health Records Act 2012 — Where applicable to the handling of My Health Record information
• State and territory health records legislation — Including the Health Records Act 2001 (VIC) and the Health Records and Information Privacy Act 2002 (NSW)
• Australian Signals Directorate Essential Eight — We align our security controls with the ASD Essential Eight maturity model
• OWASP Top 10 — Our application development practices address the OWASP Top 10 web application security risks

We engage independent auditors to periodically assess our compliance with these standards and are committed to transparency in our security and compliance posture.

12. Changes to This Policy

We may update this Data Storage Policy from time to time to reflect changes in our infrastructure, technology, security practices, or regulatory requirements. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify registered users via email or through an in-app notification
• Provide at least 30 days' notice before any change that would alter the geographic location of data storage or processing

We are committed to maintaining Australian-based data storage and processing. Any change to this commitment would require explicit opt-in consent from affected customers.

13. Contact Us

If you have questions about this Data Storage Policy, our security practices, or wish to request information about where your data is stored, please contact us:

For our full privacy practices including information collection, use, and your rights, please refer to our Privacy Policy.