How we handle your data.
Plain-English answers about where Clearline stores NDIS data, who can access it, and what we've built so far. The principle behind all of it: one shared, consented record the whole care team is accountable to — and the family controls.
Hosted in Australia, full stop.
Production data is stored on Supabase Postgres running on AWS infrastructure in the Sydney region (ap-southeast-2). Our API runs on Fly.io in their Sydney region (syd). Same city, same regulatory jurisdiction, sub-5ms latency between the two.
- Participant and worker data is stored and processed in Australia. A small number of US sub-processors handle narrow jobs (error reporting, payments, AI features) — each is named in our privacy policy
- Single-region Australian deployment — no offshore database replicas; the only data that leaves Australia goes to named sub-processors (error reporting, payments, AI), listed in our privacy policy
- Postgres project provisioned 2026-04-17, region Oceania (Sydney) in Supabase's UI labels
Daily, automated, verified.
Supabase takes a physical (block-level) backup of the database every 24 hours, retained for a rolling 7-day window. We monitor backup status and confirm completion before claiming a successful day.
- Daily automated backups — physical (block-level) via continuous WAL archiving
- 7-day rolling backup retention
- All recent backups completing successfully (last verified 2026-05-14, audit on file)
- Backups stored in the same AWS Sydney region as the live database
- Point-in-time recovery (PITR) is available on request for enterprise customers — not enabled by default on standard plans
Encrypted at rest, encrypted in transit.
Every connection to Clearline uses TLS 1.2 or higher. Database storage is encrypted at rest. Application secrets — API keys, database credentials, signing keys — live in platform secret management, never in source code or committed config files.
- TLS 1.2+ enforced on every endpoint — HTTP is rejected, not redirected silently
- Postgres encrypted at rest (Supabase default, AES-256)
- NDIS numbers stored as SHA-256 hash with a server-side pepper — never as plaintext
- Application secrets held in Fly.io's secret management, separated from the application image
- Audit log on every state-changing action across the platform (~22 distinct event types live today)
The participant is the centre of their data.
Connect — our cross-product layer — routes every data flow through the participant's nominated consent owner. Families approve who joins their participant's care team, and every connection waits on a tap from both sides — a home-screen nudge shows who's asking, and nothing is shared until both approve. Either side can revoke at any time. Every cross-product access is logged for the consent owner to see.
- Participants and their nominees can request a data export by emailing support@clearlinehealth.com.au
- Consent revocation flows are wired into the platform via the Connect identity layer — revoke from your account at any time
- On revocation, cross-product data flow stops within seconds. The provider sees a notice in their app; further reads of the revoked scope return 403
- On account closure: data deleted within 90 days, except where retention is required by law
- NDIS compliance records (shifts, incidents, participant records) are retained for 7 years per NDIS requirements — the legal floor we have to meet. See the full retention table in our Privacy Policy § 5.4
Connect isn't a metaphor — it's a real software layer. Here's what sits between the four products and routes the consent flows described above.
The honest list.
Trust pages that only list strengths are marketing. This is the list of things we have not done. We surface it on the same page as the rest so a buyer's IT lead can make an informed call.
- No SOC 2 or ISO 27001 certification. Planned once revenue justifies the cost of the audit. Not started.
- No third-party penetration test yet. Planned for 2026, scope still being defined.
- No 24/7 security operations team. Incidents are triaged by the founder. We aim to acknowledge security reports within two business days.
- Point-in-time recovery not enabled by default. Available on enterprise plans on request. Standard plans rely on the daily 7-day-retention snapshot ladder.
- Single-region deployment. No multi-region active-active failover. If AWS Sydney has a regional outage, the platform is unavailable until the region recovers.
- No formal employee security training programme. The team is small enough that this is operationally moot today — it will be added before headcount grows.
One person to email.
Security disclosures and data-handling questions go to a single mailbox monitored by the founder. No security@ alias, no triage tier, no support runaround. Faster for everyone.
Richard Patriquin · Founder, Clearline Health Pty Ltd
Built for the NDIS, not adapted from generic SaaS.
Clearline is built specifically around NDIS workflows — PACE reports, Practice Standards, SIL operational compliance, support-coordinator funding justifications, family consent. We build Clearline to help providers meet their obligations under the NDIS Practice Standards and the NDIS Code of Conduct, and to give participants and families clear visibility over their own data. The Practice Standards apply to registered NDIS providers, not to software vendors — but the workflows we build are shaped around them. A dedicated NDIS compliance page is in development covering how the platform maps to specific Practice Standards and audit expectations.
Questions about how we handle data?
Email support@clearlinehealth.com.au. The founder reads every message. We aim to acknowledge within two business days.