1. How your API key is stored
You paste your Cliniko API key once into a single field on your dashboard. From there:
- Validated against the Cliniko API live so you see immediately whether it works.
- Encrypted at rest with authenticated symmetric encryption before it touches our database.
- Never logged, never echoed back to you in full — only the last 4 characters appear as a hint in your dashboard and audit log.
- Never shared with any third party other than Cliniko itself (which is whose API the key authenticates against).
2. What we read from your Cliniko account
The key gives Kookaburra Health the same read access Cliniko's API exposes to any authorised app. We use it strictly to build your business intelligence report. We read:
- Appointments (time, type, practitioner, business — for capacity + booking metrics)
- Invoices + payments (for revenue split + LTV)
- Practitioners + businesses (for breakdown by clinician + location)
- Patient records as required for retention + recall analytics
We do not read clinical notes, treatment notes, or attached documents. We do not write to your Cliniko account. We do not delete or modify records.
3. How patient data is handled
Where patient-level data is needed to compute a metric (e.g. retention cohorts, LTV), we de-identify at the boundary:
- Names, dates of birth, phone numbers, emails, and Medicare numbers are replaced with stable opaque IDs before the data enters our analytics layer.
- The mapping between Cliniko patient ID and opaque ID is stored encrypted, separate from the analytic data, and is only decrypted at runtime if you explicitly invoke a function that needs it.
- Free-text fields (e.g. note content, custom appointment notes) are not ingested into our analytics layer.
4. Where data lives and how it's protected
Your practice data and its AI analysis stay in Australia. Multiple layers of encryption protect it at rest and in transit:
- Hosting — Australian cloud infrastructure (Sydney). TLS to your browser; internal services are not exposed to the public internet.
- Database — managed cloud database service in Sydney with full disk encryption, TLS-only connections, and encrypted automated backups.
- Application-layer encryption on the most sensitive fields (API credentials, chat conversations, patient identifiers). Even with full database access, these cannot be read without our application's key. Plaintext exists only transiently in memory while a request is being processed.
- AI processing — Anthropic Claude via Amazon Bedrock in Sydney (ap-southeast-2) only. Our access policy makes calling AI outside Australia technically impossible. No data is used to train AI models — contractually committed in our AWS Data Processing Addendum.
- Email — sent via a major transactional email service over HTTPS.
- Logging — operational metadata only. Prompt content and patient identifiers never reach application logs or error-tracking services.
This is the position we can defend under APP 8 of the Privacy Act 1988 (Cth): your patient information never crosses the Australian border for any processing under our control.
5. Not clinical advice
Kookaburra Health is a business intelligence product. It is not clinical decision support, clinical record-keeping software, or a medical device. We make no claims that using our service improves clinical outcomes for any patient. AHPRA practice standards and your professional indemnity remain your responsibility.
6. Audit trail
We keep an append-only audit log of security-relevant events on your account — key added, key validated, subscription started, report generated, report emailed — for seven years. The log never contains the API key itself; only metadata (timestamp, IP, user agent, action, last 4 characters of any key involved).
7. Deleting your key and account
You can remove your API key from your dashboard at any time — it is permanently deleted from our database within seconds. To delete your account entirely (including all derived analytics and the audit trail beyond what we are legally required to keep), email contact@kookaburra.health. We action requests within 7 days.
8. If something goes wrong
If we become aware of an actual or suspected breach involving your data, we will notify you by email within 72 hours, alongside any notifications required under the Notifiable Data Breaches scheme of the Privacy Act 1988 (Cth).
9. Changes to this brief
If we change anything material in how we handle your data, we'll publish a new version of this brief and email all active customers. The version number and effective date at the top of this page tells you what you signed up under.
10. Questions
Reply to any email from Kookaburra Health, or write to contact@kookaburra.health. I read every message personally.
— Kookaburra Health