aurii

aurii / trust

Trust is a procurement question. We answer it.

AU data residency, tenant isolation, audit log integrity, sub-processor transparency. The legal answer is on this page; the technical answer is on the security page.

Promises

Four things we will not negotiate on

CH 01 · DATA

Your data is in Australia.

  • Patient records, encounters, notes, letters, prescriptions, billing: Microsoft Azure Australia East (Sydney).
  • Backups: Australia Southeast (Melbourne). Geo-redundant storage.
  • No transit through US or EU regions for clinical data.

CH 02 · ACCESS

You decide who sees what.

  • Tenants are isolated end-to-end. Application-layer plus database-layer enforcement.
  • Roles: owner, admin, doctor, read-only. Mapped to clinical scope.
  • Patient sharing across doctors is explicit, audit-logged, revocable.

CH 03 · INCIDENT

Breach response is on a timer.

  • OAIC notification within seventy-two hours of confirmation.
  • Affected patients notified through the practice-admin loop.
  • Postmortem published to tenants on a no-blame schedule.

CH 04 · PROCUREMENT

Procurement-ready out of the box.

  • DPA on file. Sub-processor list public.
  • Hospital security questionnaire pre-completed for the common tracks (HISO, ISO 27001 lineage).
  • Network diagram and data-flow diagram on request.
Sub-processors

Who touches the data

Every sub-processor that handles clinical or audit data is listed here. We update this list before any change goes live. Reach privacy@aurii.com.au with questions.

aurii sub-processor list. Sub-processor name, purpose, data scope, and processing region.
Sub-processor Purpose Data scope Region
Microsoft Azure Application + database + storage hosting All clinical, account, audio, audit data Australia East (Sydney), Australia Southeast (Melbourne) for backups
AssemblyAI Voice transcription (dictation + ambient capture) Audio + transcript text AU / EU routing
Anthropic Clinical decision-support inference (aurii.ai) De-identified note context + structured prompts AU / EU routing
Stripe Subscription billing (Solo Checkout, Hospital Invoice) Customer + billing metadata. No clinical data. AU entity
SendGrid Transactional email (sign-in, billing, notifications) Email address + message content Region-controlled mail relay
Medical Objects Secure clinical messaging gateway (Module 08 letters + Module 13 pathology) Discharge letters, pathology summaries, recipient HPI-O Australia
Azure AI Document Intelligence OCR for hospital labels, chart front pages, medication charts (Module 02) Page image at capture time. Extracted fields persist; raw image dropped. Australia East
Cloudflare Edge TLS termination, DNS, caching for marketing surface Public marketing assets only. No PHI passes through. Global edge
Documents

On request

  • Data Processing Addendum (DPA), AU template.
  • Network diagram and data-flow diagram.
  • HISO 10029 alignment summary.
  • Sub-processor change log.

Email security@aurii.com.au with the document name and your role. We respond inside one business day.