Security & Data Residency

Your residents' data deserves the highest level of protection. CaaS is built with security at every layer.

Australian Data Residency

All data is stored and processed exclusively within Australian data centres. Voice recordings, transcripts, and compliance evidence never leave Australian borders. No exceptions, no fallback regions.

End-to-End Encryption

AES-256 encryption for all data at rest. TLS 1.3 for all data in transit. Encryption keys are managed using industry-standard key management services with automatic rotation.

Role-Based Access Control (RBAC)

Granular access control ensures staff only see data relevant to their role and facility. Coordinators see their unit. Managers see their facility. Admins see their organisation. No more, no less.

Row-Level Security (RLS)

Database-level security policies enforce access control at the row level. Even if application logic fails, the database itself prevents unauthorised data access. Defence in depth.

Comprehensive Audit Logging

Every access, modification, and export is logged with timestamps, user identity, and action details. Audit logs are immutable and retained for the full regulatory period.

Full Security Documentation Portal

Access our comprehensive security documentation, policies, and compliance reports through our dedicated security portal.

Visit security.careplans.io

ISO 27001 ISMS

CareplanAI maintains an Information Security Management System (ISMS) aligned to the ISO 27001:2022 standard. This framework governs how we identify, assess, and manage information security risks across all aspects of the platform.

Risk assessment and treatment methodology
Asset management and classification
Access control policies and procedures
Incident response and management
Business continuity planning
Supplier security management
Security awareness training
Continuous monitoring and improvement

Trailing Stop AI Safety

The Trailing Stop is an independent AI safety system that monitors every call in real time. It operates as a separate LLM instance, independent of the conversation model, continuously evaluating the interaction for safety concerns.

How It Works

A secondary LLM processes the conversation stream in parallel, evaluating for distress signals, clinical risk indicators, and situations requiring human intervention. If risk thresholds are breached, it triggers automatic escalation to on-call staff, can adjust the conversation tone, or gracefully end the call with appropriate care messaging.

Defence in Depth

The Trailing Stop cannot be influenced or overridden by the conversation model. Its safety decisions are final and logged immutably. This creates a true defence-in-depth architecture for AI safety in clinical settings.

Supplier Certifications

SupplierServiceCertifications
AWS (Sydney Region)Cloud Infrastructure
SOC 2 Type IIISO 27001IRAP ProtectedPCI DSS
SupabaseDatabase & Auth
SOC 2 Type IIISO 27001HIPAA
AnthropicAI / LLM Provider
SOC 2 Type IIISO 27001
TwilioVoice / Telephony
SOC 2 Type IIISO 27001PCI DSSHIPAA

Need More Detail?

Request access to our full security assessment documentation, including penetration test results and compliance reports.

Request Security Assessment Access