Everything we do at PhysiPal starts with user data ownership, security and privacy
Our data is securely stored in Azure and AWS data centers located in Melbourne and Sydney. All databases are encrypted both at rest and in transit using the Transport Layer Security (TLS) protocol. We employ 256-bit encryption, a robust standard adopted by leading organisations focused on privacy.
Our hosting partners are fully certified.
All video and audio calls utilise WebRTC and are end to end encrypted. Besides an initial handshake to establish communication all call data is peer to peer meaning no outside systems (including PhysiPal) have access to the call data unless one of the two connected parties records it themselves.
For particularly sensitive files such as clinical reports we have SecBox which ensures files are not only encrypted at rest and transit but also obfuscated. Access to files requires a deliberate unlock action by an authenticated user which grants ephemeral access to the file. All SecBox file links are short lived making them useless for threat actors even in phishing scams outside PhysiPal.
All data is stored in secure data centers with guarded access with georedundancies to ensure high levels of data availability and security.
We guarantee no data is stored or used for training. Rather than relying on third party APIs we work directly with Microsoft to host our AI models domestically. As we manage the data ourselves we don't have to trust a third party is being responsible with your data. We also do not rely on georedundancy fallbacks, features or cost savings by running AI compute in certain countries to ensure maximum security and peace of mind, even at cost to our business operations.
We believe our users own their data and as such have provided the ability for any account to delete all their data and related information in PhysiPal, permanently and irreversibly.