Kookaburra Health

Supplement

Data Handling Brief

Effective 26 May 2026 · Version 1.0 · One-page summary

A focused summary of how we handle your Cliniko API key and the data we read through it. Reads as a supplement to the Terms of Service and Privacy Policy — those documents control where they differ.

1. How your API key is stored

You paste your Cliniko API key once into a single field on your dashboard. From there:

  • Validated against the Cliniko API live so you see immediately whether it works.
  • Encrypted at rest with Fernet (AES‑128‑CBC + HMAC‑SHA256, PBKDF2 100k iterations) before it touches our database.
  • Never logged, never echoed back to you in full — only the last 4 characters appear as a hint in your dashboard and audit log.
  • Never shared with any third party other than Cliniko itself (which is whose API the key authenticates against).

2. What we read from your Cliniko account

The key gives Kookaburra Health the same read access Cliniko's API exposes to any authorised app. We use it strictly to build your business intelligence report. We read:

  • Appointments (time, type, practitioner, business — for capacity + booking metrics)
  • Invoices + payments (for revenue split + LTV)
  • Practitioners + businesses (for breakdown by clinician + location)
  • Patient records as required for retention + recall analytics

We do not read clinical notes, treatment notes, or attached documents. We do not write to your Cliniko account. We do not delete or modify records.

3. How patient data is handled

Where patient-level data is needed to compute a metric (e.g. retention cohorts, LTV), we de-identify at the boundary:

  • Names, dates of birth, phone numbers, emails, and Medicare numbers are replaced with stable opaque IDs before the data enters our analytics layer.
  • The mapping between Cliniko patient ID and opaque ID is stored encrypted, separate from the analytic data, and is only decrypted at runtime if you explicitly invoke a function that needs it.
  • Free-text fields (e.g. note content, custom appointment notes) are not ingested into our analytics layer.

4. Where data is hosted

All data is stored on servers located in Sydney, Australia (DigitalOcean SYD1). We do not transfer your data outside Australia. Email is sent via SendGrid (transactional API, port 443 over TLS).

5. Not clinical advice

Kookaburra Health is a business intelligence product. It is not clinical decision support, clinical record-keeping software, or a medical device. We make no claims that using our service improves clinical outcomes for any patient. AHPRA practice standards and your professional indemnity remain your responsibility.

6. Audit trail

We keep an append-only audit log of security-relevant events on your account — key added, key validated, subscription started, report generated, report emailed — for seven years. The log never contains the API key itself; only metadata (timestamp, IP, user agent, action, last 4 characters of any key involved).

7. Deleting your key and account

You can remove your API key from your dashboard at any time — it is permanently deleted from our database within seconds. To delete your account entirely (including all derived analytics and the audit trail beyond what we are legally required to keep), email contact@kookaburra.health. We action requests within 7 days.

8. If something goes wrong

If we become aware of an actual or suspected breach involving your data, we will notify you by email within 72 hours, alongside any notifications required under the Notifiable Data Breaches scheme of the Privacy Act 1988 (Cth).

9. Changes to this brief

If we change anything material in how we handle your data, we'll publish a new version of this brief and email all active customers. The version number and effective date at the top of this page tells you what you signed up under.

10. Questions

Reply to any email from Kookaburra Health, or write to contact@kookaburra.health. I read every message personally.

— Tradd Horne · Kookaburra Health