Security & Compliance
Built for Australian healthcare from the ground up. Your clinical data deserves the highest level of protection — and that's exactly what we deliver.
Built for Australian Healthcare
Grounded Scribe is designed specifically for Australian health, allied health, and education professionals. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). All clinical data is stored in Australia, and audio recordings are deleted immediately after transcription. We never use your data to train AI models.
How We Protect Your Data
Australian Privacy Act (APPs)
Full compliance with the Privacy Act 1988 (Cth) and all 13 Australian Privacy Principles. Designed specifically for Australian healthcare professionals and their regulatory requirements.
AES-256 Encryption
All data encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Your clinical notes, transcripts, and client data are unreadable to anyone but you.
Audit Logging
Complete audit trail of all data access with 7-year retention. Track who viewed what and when — essential for AHPRA compliance and practice audits.
Immediate Audio Deletion
Audio recordings are automatically deleted immediately after successful transcription. No audio is ever permanently stored on our servers. Your sessions are never retained.
Australian Data Storage
All clinical data is stored on Australian servers in the Sydney region. Your notes, transcripts, and client records never permanently leave Australian soil.
No AI Training on Your Data
Your clinical data is never used to train, fine-tune, or improve AI models. Our AI providers operate under zero-retention policies — your data is processed and immediately discarded.
Audio Deleted Immediately After Transcription
Unlike other platforms that retain your audio recordings, Grounded Scribe deletes audio immediately after transcription is complete — for both clinical sessions and AI phone reception calls. The only data we store is text-based clinical notes, transcripts, and call summaries — encrypted and in Australia.
Data Flow Summary
A step-by-step overview of how your data moves through Grounded Scribe.
| Stage | Location | Duration | Data Retained |
|---|---|---|---|
| 1. Recording | Practitioner device | During session | Temporary |
| 2. Upload | Australia (encrypted) | Seconds | No |
| 3. Transcription | United States | Minutes | No (zero retention) |
| 4. Note Generation | Australia (Sydney) | Seconds | No (zero retention) |
| 5. Storage | Australia | Persistent | Yes (encrypted) |
Third-Party Providers
We carefully select providers who meet the highest security and compliance standards.
| Service | Location | Certifications | Data Retention |
|---|---|---|---|
| Healthcare-grade speech recognition | United States | SOC 2 Type II | Zero retention |
| AI clinical documentation | Australia (Sydney) | SOC 2 | Zero retention |
| Australian cloud infrastructure | Australia (Sydney) | ISO 27001, SOC 2 | Encrypted at rest |
| Payment processor | United States | PCI DSS Level 1 | Payment data only |
| Email delivery | United States | SOC 2 | Transactional only |
| Telecommunications (SMS & phone reception) | United States (Australian phone numbers) | SOC 2 Type II | No audio retained — recordings deleted after transcription |
Compliance & Certifications
APPs Compliant
Australian Privacy Principles
Grounded ScribeSOC 2 Type II
Security & availability controls
Our providersAustralian Data Residency
All data hosted in Sydney, Australia
Grounded ScribePCI DSS Level 1
Payment card security
Payment processorRegulatory Compliance
Grounded Scribe is a clinical documentation tool. It is not a medical device under the Therapeutic Goods Act 1989 (Cth). It transcribes and structures clinical conversations into written records and does not generate diagnoses or treatment recommendations.
In addition to the Privacy Act and APPs compliance described above, Grounded Scribe operates within the following regulatory frameworks: the Cyber Security Act 2024, the National Registration and Accreditation Scheme (AHPRA), the Australian Consumer Law, and ACSQHC guidance for AI in clinical practice.
View Full Regulatory InformationClient Consent Template
Download our ready-to-use consent form template to inform your clients about AI documentation. Compliant with Australian Privacy Principles.
View Consent Template