Security

Security and privacy by design

Staff compliance data is sensitive — especially in healthcare. PracticeCentred is built on Australian cloud infrastructure with strict access controls and a full audit trail.

Australian AWS hosting
Private encrypted storage
Strict tenant isolation
Append-only audit logs

Not a clinical records system — no patient data

PracticeCentred is for staff compliance and operational checks only — registrations, credentials, tasks, checklists and workplace incidents involving staff. Do not enter patient names, clinical notes, Medicare numbers or any patient health information.

If patient data is accidentally uploaded, flag it immediately in the platform so it can be removed and the action recorded in the audit log.

Infrastructure

Your data stays in Australia

Built on AWS in Australian regions — the same foundation used by regulated industries across the country.

Australian cloud hosting

Customer data is stored in Australian AWS regions (ap-southeast-2). Staff compliance data is not sent offshore for processing.

Encrypted at rest

Documents and backups are stored in private S3 buckets with encryption. There are no public file URLs.

Tenant isolation

Every record is scoped to your organisation. Workflows enforce organisationId on every query — not just the UI.

Tested on every release

Automated tests verify that one practice cannot access another practice's staff, documents or audit history.

Access control

The right people see the right information

Managers use authenticated accounts. Staff can act via secure links — including team members without a work email — with OTP verification on sensitive flows.

Role-based access

Owner, Manager/Admin and Staff roles control who can view, approve, export or manage billing. Staff see only their own profile and documents.

Secure action links

Staff receive time-limited links for uploads, tasks and acknowledgements. Links are tied to a specific person and purpose.

OTP verification

Sensitive secure-link flows verify identity with a one-time code sent to the staff member's mobile or email.

Authenticated managers

Practice managers sign in with email and password via AWS Cognito. Sessions are required for all admin actions.

Audit & monitoring

Traceable actions when it matters

From document approvals to incident updates — sensitive actions leave a record your practice can review.

Document access logging

Views and downloads of sensitive files are recorded. You can see who accessed what, and when.

Append-only audit trail

Approvals, waivers, offboarding, billing changes and incident updates are logged. Entries cannot be edited or deleted.

Patient data flagging

Tools to flag and remove accidentally uploaded patient information, with a minimal audit record of the action.

Incident evidence controls

Workplace incident records and attachments follow the same private storage and access rules as compliance documents.

Our commitments

How we handle your data

PracticeCentred is an operational tool for your practice — not a data broker. Read our full policies for legal detail.

We do not sell your organisation's data or use staff information for advertising.
Email and SMS are sent only to deliver service notifications you configure.
Security OTP messages send even at zero SMS credit balance — verification is never blocked by billing.
You control who is invited, what they can see, and when staff are offboarded.
You are responsible for staff consent under the Australian Privacy Act 1988.

Compliance you can trust

Australian-hosted staff compliance with private documents and a full audit trail.

Australian AWS infrastructure
Secure links with OTP verification
Role-based access for your team

Start free trial See all features

Loading page...

Not a clinical records system — no patient data

If patient data is accidentally uploaded, flag it immediately in the platform so it can be removed and the action recorded in the audit log.