Trust & Security — how we handle your data

01 · Where your data lives

Hosted in Australia, full stop.

Production data is stored on Supabase Postgres running on AWS infrastructure in the Sydney region (ap-southeast-2). Our API runs on Fly.io in their Sydney region (syd). Same city, same regulatory jurisdiction, sub-5ms latency between the two.

All participant and worker data stays in Australia — no data leaves the region for storage, processing, or backups
Single-region deployment — no offshore replicas, no cross-border data flow
Postgres project provisioned 2026-04-17, region Oceania (Sydney) in Supabase's UI labels

02 · Backups & recovery

Daily, automated, verified.

Supabase takes a physical (block-level) backup of the database every 24 hours, retained for a rolling 7-day window. We monitor backup status and confirm completion before claiming a successful day.

Daily automated backups — physical (block-level) via continuous WAL archiving
7-day rolling backup retention
All recent backups completing successfully (last verified 2026-05-14, audit on file)
Backups stored in the same AWS Sydney region as the live database
Point-in-time recovery (PITR) is available on request for enterprise customers — not enabled by default on standard plans

03 · Encryption & access

Encrypted at rest, encrypted in transit.

Every connection to Clearline uses TLS 1.2 or higher. Database storage is encrypted at rest. Application secrets — API keys, database credentials, signing keys — live in platform secret management, never in source code or committed config files.

TLS 1.2+ enforced on every endpoint — HTTP is rejected, not redirected silently
Postgres encrypted at rest (Supabase default, AES-256)
NDIS numbers stored as SHA-256 hash with a server-side pepper — never as plaintext
Application secrets held in Fly.io's secret management, separated from the application image
Audit log on every state-changing action across the platform (~22 distinct event types live today)

04 · Consent & participant rights

The participant is the centre of their data.

Connect — our cross-product layer — routes every data flow through the participant's nominated consent owner. Families approve who joins their participant's care team. Either side can revoke at any time. Every cross-product access is logged for the consent owner to see.

Participants and their nominees can request a data export by emailing support@clearlinehealth.com.au
Consent revocation flows are wired into the platform via the Connect identity layer — revoke from your account at any time
On revocation, cross-product data flow stops within seconds. The provider sees a notice in their app; further reads of the revoked scope return 403
On account closure: data deleted within 90 days, except where retention is required by law
NDIS compliance records (shifts, incidents, participant records) are retained for 7 years per NDIS requirements — the legal floor we have to meet. See the full retention table in our Privacy Policy § 5.4

Connect isn't a metaphor — it's a real software layer. Here's what sits between the four products and routes the consent flows described above.

Four products. One identity. Connect is the layer that keeps them in sync.

05 · What we haven't done yet

The honest list.

Trust pages that only list strengths are marketing. This is the list of things we have not done. We surface it on the same page as the rest so a buyer's IT lead can make an informed call.

No SOC 2 or ISO 27001 certification. Planned once revenue justifies the cost of the audit. Not started.
No third-party penetration test yet. Planned for 2026, scope still being defined.
No 24/7 security operations team. Incidents are triaged by the founder. We aim to acknowledge security reports within two business days.
Point-in-time recovery not enabled by default. Available on enterprise plans on request. Standard plans rely on the daily 7-day-retention snapshot ladder.
Single-region deployment. No multi-region active-active failover. If AWS Sydney has a regional outage, the platform is unavailable until the region recovers.
No formal employee security training programme. The team is small enough that this is operationally moot today — it will be added before headcount grows.

06 · Who's accountable

One person to email.

Security disclosures and data-handling questions go to a single mailbox monitored by the founder. No security@ alias, no triage tier, no support runaround. Faster for everyone.

Richard Patriquin · Founder, Clearline Health Pty Ltd

Contact · support@clearlinehealth.com.au Acknowledgement · within two business days ABN · 16 707 891 605 Based in Australia

07 · NDIS sector posture

Built for the NDIS, not adapted from generic SaaS.

Clearline is built specifically around NDIS workflows — PACE reports, Practice Standards, SIL operational compliance, support-coordinator funding justifications, family consent. We build Clearline to help providers meet their obligations under the NDIS Practice Standards and the NDIS Code of Conduct, and to give participants and families clear visibility over their own data. The Practice Standards apply to registered NDIS providers, not to software vendors — but the workflows we build are shaped around them. A dedicated NDIS compliance page is in development covering how the platform maps to specific Practice Standards and audit expectations.

Questions about how we handle data?

Email support@clearlinehealth.com.au. The founder reads every message. We aim to acknowledge within two business days.

Email support How Connect works →

How we handle your data.