Australian-hosted. Identifier-separated. AHPRA-aligned.
Patient records are held within Australian-standard infrastructure. Identifying information is separated from clinical content before any automation runs. Access is restricted to AHPRA-registered specialists. This page is the operational summary; the binding text is in the privacy policy.
Six commitments, stated plainly.
What BrainScribe commits to today, and what is on the roadmap rather than already in place. Each tile is a working description, not a logo.
Designed against the Australian Privacy Principles. Records, consent paths and breach response are built to APP wording — not adapted from a foreign standard.
Patient records, transcripts and report drafts are stored and processed within Australian-standard infrastructure. No production data leaves Australia.
Records are encrypted in storage and on every connection, with HSTS enforced. Keys are managed; encryption is not optional.
Identifying information is held separately from clinical content. The automation only sees the clinical content. Re-identification happens at render, on the clinician's screen.
Eligible data breaches are responded to under the Notifiable Data Breaches scheme. A documented response runbook covers assessment, containment, and OAIC notification timelines.
Access is restricted to AHPRA-registered specialists. Registration is verified at sign-up. If a practitioner's AHPRA status lapses or is suspended, account access is reviewed and suspended in line with that change.
ISO 27001 and SOC 2 are on the roadmap; not yet certified. The roadmap section below names the order BrainScribe is approaching them in.
Identifying information stays off the automation path.
The clinical content that needs scoring, drafting, or interpretation is the only content the automation touches. Names, dates of birth, addresses and identifiers are held separately and merged back in only when the clinician renders the record on their own screen.
Held separately, in Australia.
- ·Patient name, DOB, address
- ·Contact details, Medicare/DVA
- ·Practitioner credentials
- ·Audit metadata
The only thing the automation sees.
- ·Scale items and responses
- ·Performance test scores
- ·De-identified transcript text
- ·Clinician-typed observations
The clinician sees the patient's name on their screen. The automation does not.
Five rules about patient content.
Patient data is not training data.
Patient content is not used to train any model — BrainScribe's or anyone else's. Commercial automation providers are bound by contract to the same rule.
The clinician owns the record.
The practitioner is the data custodian for the records they create on the platform. Export to DOCX or PDF is always available, with the audit trail attached.
Deletion means deletion.
When an account closes, patient records held on the practitioner's behalf are deleted within thirty days. Backups roll out within the documented retention window. Practitioners retain their own clinical records on their own systems in line with AHPRA record-keeping obligations.
Audit, on every artefact.
Every scale, score, transcript line and report section carries a timestamp, an actor, and a source. Audit lines are exported alongside the report so the record stands up to query later.
Email never carries clinical content.
Notification emails carry a link and a broad result band — never percentile, item-level responses, or identifying clinical narrative. Detail requires the clinician's platform password, with two-factor verification on a new device.
How session recordings will be handled.
The integrated session described on the integrated session page is on the closed-beta build path. The data-handling commitments below describe how audio and video material will be governed when that surface lands; nothing on this page is currently in production for recordings.
Recording requires the recording consent.
The consent.video_recording object must be signed by the client before recording can be enabled — regardless of who is asking for it. Audio-only and audio + video are governed by the same consent object with a captured mode flag.
Transcript requires its own consent.
The consent.transcript object is distinct from the recording consent. A client may consent to record but not to transcribe; model-assisted processing of the recording is disabled until the transcript consent is signed.
Recordings live in the assessment record.
Audio and video files attach to the assessment record they belong to. Access is scoped to the clinician (and, on Practice tier, the practice members with role-based access). Retention follows the practice-level schedule. Export, deletion, and withdrawal of consent are first-class actions, not support tickets.
Identifier separation extends to the transcript.
Identifiers are substituted out of the transcript text before any model-assisted processing routes content into sections. The clinician sees the un-substituted transcript on their screen; the automation sees only the tokenised content.
Australian-hosted, no cross-border processing.
Recordings, transcripts and the model-assisted processing that derives sections from them remain within Australian-standard infrastructure. The audio and video layer does not leave Australian jurisdiction.
Where BrainScribe is, and where it's going.
BrainScribe is built to the operational standard above today. External certification is on the roadmap. Stating that plainly is part of the brand.
Australian Privacy Principles · NDB scheme · Australian-standard hosting
Design and operations align with APP wording and the Notifiable Data Breaches scheme. Production data does not leave Australia.
Encryption at rest and in transit · identifier separation · AHPRA-aligned access
Records are encrypted in storage and in transit, identifying information held in a separate encrypted store, AHPRA registration verified at signup and on registration changes.
ISO/IEC 27001 · information security management
External audit and certification under ISO/IEC 27001. Currently scoped; not yet certified. Targeted before general availability.
SOC 2 Type II · trust services criteria
Annual SOC 2 Type II report against the security, availability and confidentiality criteria. Currently scoped; not yet certified.
Sub-processor register · public version
A published sub-processor register with current vendors, their role in the platform, and their Australian data-residency position.
Two addresses, monitored.
Specific subject lines are read first. General privacy questions go to the privacy officer; vulnerability reports go to the security contact.
privacy@brainscribe.health
For privacy enquiries, access requests, complaints under the Australian Privacy Principles, and OAIC-related correspondence. Use subject line Privacy enquiry or Privacy complaint.
Open mail client →security@brainscribe.health
For vulnerability reports and security researchers. Coordinated disclosure preferred — please don't open public issues. Acknowledgement within two business days; resolution timeline depends on severity.
Open mail client →Join the closed beta.
AHPRA registration required · 5 free assessments / clinician / month · No credit card.