Privacy & Security

Your client trusts you.
You can trust us.

Handing protected health information to a platform is not a small decision. This page is for you — not your IT team. We'll show you exactly what happens to your client's data, what the AI sees (and doesn't), and what you can tell a board if it's ever asked.

No black boxes. No fine print. No data leaves Australia.

Stays in Australia
AI never sees
who your client is
Never used to
train AI
Every action
audit-logged
You are
always the clinician
Your data is yours.
Leave anytime.
The Full Picture

What happens to a client's data, end to end.

Six steps. Every step happens inside Australia. The AI only ever sees a stripped-down clinical payload — never your client's identity.

01
You upload
Encrypted in transit (TLS 1.3) from your browser
02
Stored in Sydney
AWS ap-southeast-2, encrypted at rest. No offshore replicas.
03
Identity stripped
Names, DOB, Medicare # replaced with tokens before any AI request
04
AI analyses
De-identified clinical data only. No training, minimal retention.
05
You review & sign
Analysis returns as a draft. You decide what stays. Your signature, your report.
06
Audit logged
Every step timestamped & attributed. Exportable. Retained 7 years.
No step in this flow happens outside Australia. No CDN, no edge cache, no offshore backup.
The Honest Answer

What the AI sees, and what it doesn't.

The one question every clinician asks. Here it is, side by side.

✓ AI sees

Clinical signal

  • Test scores — raw, scaled, percentile
  • Observations and behavioural notes — what you wrote, with identifiers removed
  • Patterns and clinical descriptions — symptom profiles, history themes
  • Assessment context — referral question, age band, presenting concerns
× AI never sees

Anything that identifies your client

  • Names — client, family, school, employer
  • Dates of birth, addresses, contact details
  • Medicare number, NDIS number, file numbers
  • Anything that could re-identify the person — replaced with tokens before the request even leaves our infrastructure
Clinical Authority

You're the clinician. Always.

AI drafts. You decide. The platform never finalises a report on its own, and no diagnostic decision is made without you.

Alix drafts
Research-backed analysis
Synthesises scores, observations, history. Cites sources. Asks if it's not sure.
You review
Read, challenge, change
Every line is editable. Disagree with the AI? Rewrite it. Ask Alix to explain its reasoning.
You sign
Your name, your call
AHPRA-verified signature. The report goes out under your professional authority — never the platform's.
The registered psychologist retains full professional authority and responsibility for all clinical decisions. The platform's role is to make your work faster — not to make it for you.
If You're Ever Asked

The audit trail is your professional protection.

If a report is questioned — by a client, a colleague, AHPRA, the OAIC, or a court — you can produce a complete, timestamped record of every step. Here's what one looks like.

09:14:32
Referral document uploaded to Client #4471
Dr Sarah Chen · AHPRA PSY0001234567
09:18:07
BASC-3 administered, 132 items scored
Dr Sarah Chen · AHPRA PSY0001234567
09:22:51
AI request sent — payload de-identified, tokenised
Alix Advisor mode · prompt & response stored
09:23:14
AI analysis returned, re-attached to Client #4471
Alix Advisor mode · 6 citations referenced
09:31:08
Report draft revised — clinician override on §3 Recommendations
Dr Sarah Chen · 2 paragraphs edited
09:34:22
Report finalised & signed
Dr Sarah Chen · AHPRA PSY0001234567
Every action — every upload, every AI call, every edit, every sign-off — captured with timestamp and attribution. Exportable in CSV / JSON. Retained 7 years in line with Australian healthcare record-keeping.
The Hard Questions

The things you're actually wondering.

Plain answers, no marketing.

Will my client's data ever leave Australia?
No. Storage, processing, backups, and disaster recovery all stay in AWS Sydney. There is no setting that can route data offshore — it's an architectural constraint, not a configuration choice.
Will my client's data be used to train an AI?
No. Our AI processing providers operate under contracts that explicitly prohibit training on customer inputs or outputs. Retention is minimised to what's required to process each request.
Can admrl staff read my client records?
Not casually. Internal access is restricted by role, requires documented justification, is fully logged, and uses separation of duties — the people who build the platform cannot approve access to client data alone.
Will the AI see my client's name?
No. Before any AI request leaves our infrastructure, names, DOBs, addresses, Medicare numbers and other identifiers are replaced with tokens. The analysis is re-attached to the client on your side only.
What if AHPRA asks for an audit?
You're covered. Every action is logged with timestamp and attribution. You can export the full audit trail in CSV or JSON. Reports are designed to AHPRA documentation expectations for registered psychologists.
What if I want to leave?
Your data is yours. Export all client data in standard formats, anytime. Request full account and data deletion — honoured within 30 days, subject only to active legal retention requirements. No lock-in.
What if there's a data breach?
You'll know. We operate under the Notifiable Data Breaches scheme. Eligible breaches are notified to affected individuals and the OAIC within the legislated timeframe — and we'll tell you what happened, what was affected, and what we're doing about it.
Will my data be sold or used for ads?
Never. We don't sell data. We don't share it with advertisers. We don't use clinical content for marketing. The only third parties who touch it are our AI processor (de-identified), our Australian cloud host, and — if compelled — Australian regulators or courts.
The Frameworks

Aligned to the standards your work depends on.

If you're handed a vendor security questionnaire, this is what to point at.

Frameworks & certifications

Designed to align with Australian privacy law (APPs, Privacy Act 1988), HIPAA-aligned controls, AHPRA professional standards, and the OAIC's Notifiable Data Breaches scheme. Hosted on infrastructure certified to ISO 27001, SOC 2 Type II, and IRAP (PROTECTED).

APP Privacy Act 1988
HIPAA aligned
AHPRA standards
OAIC NDB scheme
ISO 27001
SOC 2 Type II
IRAP PROTECTED

Still have questions about your data?

We're happy to walk you, your practice manager, or your IT consultant through any of this in detail — including the full security architecture.

security@admrl.ai privacy@admrl.ai