Your patient data, protected

Where your patient data goes, in plain English.

No jargon. Here is exactly where your patients' information lives, who can see it, and why using Refera does not add any new risk on top of the practice systems you already trust every day.

  • Stays in Australia
  • Never trains the AI
  • Same ground as your PMS
Your patient data, held inside Australia and locked An outline of Australia. Inside it sit the two things that touch your data - storage and the AI - shown as small dots that stay within the outline. A padlock sits closed on the border, showing the data cannot leave the country. Sydney, Australia
Point 1 of 6

It lives in Australia, and it stays here

Your patients' information is stored in Australia, in Sydney. The computer that runs the AI over a referral is in Sydney too. Both sit in the same Australian data-centre region, run by Amazon Web Services. Nothing about your data is kept overseas.

Storage and AI both run in Sydney - Amazon Web Services, Australia (region ap-southeast-2).

Storage and AI, both inside Australia An outline of Australia containing two labelled boxes - Storage and AI - and a pin marking Sydney. Both boxes are inside the country. Storage AI Sydney

What you are looking at. An outline of Australia holding your Storage and the AI, both in Sydney. Nothing sits offshore.

Point 2 of 6

The AI reads it inside Refera's own Australian walls

When the AI reads a referral, it happens inside Refera's own Australian cloud, through an Amazon service called Bedrock. Your data goes to the AI and back without ever leaving that Australian boundary. It is never handed to a chatbot out on the public internet.

Scans and handwriting are read the same way. A state-of-the-art Claude vision model on Bedrock, inside that same Australian boundary, turns a faxed or photographed referral into text - so a picture of a letter is captured as faithfully as a typed one. The image is encrypted in transit and at rest and is never used to train any model, and anything the model is not confident about is set aside for a person to check, never quietly guessed at.

This is a proven, well-trodden path - running health work on Australian AWS with Bedrock is an established approach across healthcare. Refera is not experimenting on your data.

The referral is read inside the Australian boundary A boxed area labelled Australian AWS, Sydney. Inside it, the referral goes to Amazon Bedrock and the answer comes back, all within the box. A line leading out to a public chatbot on the internet is crossed out, showing the data is not sent there. Australian AWS · Sydney Referral Amazon Bedrock public chatbot not sent here

What you are looking at. The referral goes to Amazon Bedrock and back, all inside the Australian AWS boundary. The path to a public internet chatbot is blocked.

Point 3 of 6

The AI never learns from your data

Amazon Bedrock does not use your information, or the AI's answers, to train or improve any model. And when the AI runs through Bedrock, the company that makes it (Anthropic) cannot see your data. Your patients' information is used to do the one job you asked for, and nothing else.

Your data is never used to train the AI, and the AI's provider cannot see it.

Your data is not used to train the AI, and the provider cannot see it The referral goes into the AI and an answer comes out. An arrow that would feed your data into a training library is blocked. A closed padlock with a struck-through eye shows the AI provider cannot see your data. Referral AI Answer train a model provider can't see

What you are looking at. The referral produces an answer, but the arrow that would feed it into training is blocked, and the provider cannot see your data.

Point 4 of 6

It cannot leave the country

This is not just a promise on a page. A region lock is built into the Amazon infrastructure itself: it refuses to let the storage and the AI run anywhere outside Australia. Because it is a hard "deny", no setting can quietly override it - a call from overseas is simply refused.

A region lock denies these services anywhere outside Australia. It is enforced in the infrastructure, not just promised.

A region lock keeps data inside Australia An outline of Australia with a locked border. An arrow trying to leave the country is stopped at the border and stamped Denied. A closed padlock sits on the border. your data DENIED

What you are looking at. Your data stays inside the outline. An attempt to send a data service overseas is refused at the border and stamped Denied.

Point 5 of 6

You don't have to take our word for it

The Australia-only lock is enforced in the Amazon infrastructure, and every action is watched and written down. A tamper-evident audit log records where each call ran, a threat-detection service keeps watch, and an automated check re-proves - on demand - that everything is still in Australia. It is enforced and audited, not just asserted.

Enforced in the infrastructure. Logged and continuously audited. Re-proven by an automated check you can run any time.

Enforced, logged, audited and re-provable A shield holding a padlock, beside three ticked lines: every access is logged, threats are watched for, and residency is re-proven automatically with a Pass result. Every access logged tamper-evident audit trail Watched for threats threat detection kept on Residency re-proven automated check, on demand PASS

What you are looking at. The lock is enforced, every access is logged, threats are watched for, and an automated check re-proves residency with a Pass result.

Point 6 of 6

Built to Australian privacy standards

Refera is built to the Australian Privacy Principles under the Privacy Act 1988, and it handles health information the way Australian law requires. It runs on Amazon's Australian infrastructure, which is independently certified to the ISO 27001 security standard. Refera's own ISO 27001 certification is on the roadmap as the company grows - we say that plainly rather than claim a badge we do not hold yet.

Australian privacy standards and certification status Three badges. First, built to the Privacy Act 1988 and the Australian Privacy Principles. Second, the AWS infrastructure is independently ISO 27001 certified. Third, Refera's own ISO 27001 is on the roadmap, not yet held. Privacy Act 1988 and the APPs AWS: ISO 27001 certified Refera: ISO 27001 on the roadmap

What you are looking at. Refera is built to the Privacy Act 1988 and the APPs; the AWS infrastructure is independently ISO 27001 certified; Refera's own ISO 27001 is honestly marked as roadmap.

The reassurance

The same foundation as the systems you already use

Here is the part that matters most. This is the same ground your existing practice systems already stand on. Australia's leading cloud practice management systems - Gentu, by Magentus, and Zedmed - also run on Amazon Web Services in Australia. So if you already trust your cloud practice system with patient data, Refera sits on the same foundation.

Same trusted foundation as your PMS. You are not taking on any additional risk.

Gentu, Zedmed and Refera all stand on AWS in Australia A single platform labelled Amazon Web Services in Australia. Standing on it, side by side, are three blocks - Gentu, Zedmed and Refera - showing they share the same foundation. Gentu Zedmed Refera Amazon Web Services · in Australia

What you are looking at. Gentu, Zedmed and Refera all stand on the same Australian AWS foundation - so Refera adds no new ground to trust.

In one breath

The whole thing, said simply

If you read nothing else, this is it - the six points as a plain checklist you can keep.

  • Stays in Australia. Storage and the AI both run in Sydney (AWS ap-southeast-2).
  • Read inside our own walls. The AI reads it through Amazon Bedrock, inside the Australian boundary - not on a public chatbot.
  • Never trains the AI. Your data is not used to train any model, and the AI's provider cannot see it.
  • Cannot leave the country. A region lock denies these services anywhere outside Australia - enforced, not just promised.
  • Enforced and audited. Every access is logged and watched, and residency is re-proven by an automated check.
  • Same ground as your PMS. Gentu and Zedmed run on AWS in Australia too - no additional risk.

How to read this page. This is how Refera is built and how it runs. Public website and onboarding requests contain business account information only. Every real-data control described here is verified before any real patient data is handled. The full, testable detail lives on the Trust page and in the data-residency documentation.