Your patient data, protected
Where your patient data goes, in plain English.
No jargon. Here is exactly where your patients' information lives, who can see it, and why using Refera does not add any new risk on top of the practice systems you already trust every day.
- Stays in Australia
- Never trains the AI
- Same ground as your PMS
It lives in Australia, and it stays here
Your patients' information is stored in Australia, in Sydney. The computer that runs the AI over a referral is in Sydney too. Both sit in the same Australian data-centre region, run by Amazon Web Services. Nothing about your data is kept overseas.
Storage and AI both run in Sydney - Amazon Web Services, Australia (region ap-southeast-2).
What you are looking at. An outline of Australia holding your Storage and the AI, both in Sydney. Nothing sits offshore.
The AI reads it inside Refera's own Australian walls
When the AI reads a referral, it happens inside Refera's own Australian cloud, through an Amazon service called Bedrock. Your data goes to the AI and back without ever leaving that Australian boundary. It is never handed to a chatbot out on the public internet.
Scans and handwriting are read the same way. A state-of-the-art Claude vision model on Bedrock, inside that same Australian boundary, turns a faxed or photographed referral into text - so a picture of a letter is captured as faithfully as a typed one. The image is encrypted in transit and at rest and is never used to train any model, and anything the model is not confident about is set aside for a person to check, never quietly guessed at.
This is a proven, well-trodden path - running health work on Australian AWS with Bedrock is an established approach across healthcare. Refera is not experimenting on your data.
What you are looking at. The referral goes to Amazon Bedrock and back, all inside the Australian AWS boundary. The path to a public internet chatbot is blocked.
The AI never learns from your data
Amazon Bedrock does not use your information, or the AI's answers, to train or improve any model. And when the AI runs through Bedrock, the company that makes it (Anthropic) cannot see your data. Your patients' information is used to do the one job you asked for, and nothing else.
Your data is never used to train the AI, and the AI's provider cannot see it.
What you are looking at. The referral produces an answer, but the arrow that would feed it into training is blocked, and the provider cannot see your data.
It cannot leave the country
This is not just a promise on a page. A region lock is built into the Amazon infrastructure itself: it refuses to let the storage and the AI run anywhere outside Australia. Because it is a hard "deny", no setting can quietly override it - a call from overseas is simply refused.
A region lock denies these services anywhere outside Australia. It is enforced in the infrastructure, not just promised.
What you are looking at. Your data stays inside the outline. An attempt to send a data service overseas is refused at the border and stamped Denied.
You don't have to take our word for it
The Australia-only lock is enforced in the Amazon infrastructure, and every action is watched and written down. A tamper-evident audit log records where each call ran, a threat-detection service keeps watch, and an automated check re-proves - on demand - that everything is still in Australia. It is enforced and audited, not just asserted.
Enforced in the infrastructure. Logged and continuously audited. Re-proven by an automated check you can run any time.
What you are looking at. The lock is enforced, every access is logged, threats are watched for, and an automated check re-proves residency with a Pass result.
Built to Australian privacy standards
Refera is built to the Australian Privacy Principles under the Privacy Act 1988, and it handles health information the way Australian law requires. It runs on Amazon's Australian infrastructure, which is independently certified to the ISO 27001 security standard. Refera's own ISO 27001 certification is on the roadmap as the company grows - we say that plainly rather than claim a badge we do not hold yet.
What you are looking at. Refera is built to the Privacy Act 1988 and the APPs; the AWS infrastructure is independently ISO 27001 certified; Refera's own ISO 27001 is honestly marked as roadmap.
The same foundation as the systems you already use
Here is the part that matters most. This is the same ground your existing practice systems already stand on. Australia's leading cloud practice management systems - Gentu, by Magentus, and Zedmed - also run on Amazon Web Services in Australia. So if you already trust your cloud practice system with patient data, Refera sits on the same foundation.
Same trusted foundation as your PMS. You are not taking on any additional risk.
What you are looking at. Gentu, Zedmed and Refera all stand on the same Australian AWS foundation - so Refera adds no new ground to trust.
In one breath
The whole thing, said simply
If you read nothing else, this is it - the six points as a plain checklist you can keep.
- Stays in Australia. Storage and the AI both run in Sydney (AWS ap-southeast-2).
- Read inside our own walls. The AI reads it through Amazon Bedrock, inside the Australian boundary - not on a public chatbot.
- Never trains the AI. Your data is not used to train any model, and the AI's provider cannot see it.
- Cannot leave the country. A region lock denies these services anywhere outside Australia - enforced, not just promised.
- Enforced and audited. Every access is logged and watched, and residency is re-proven by an automated check.
- Same ground as your PMS. Gentu and Zedmed run on AWS in Australia too - no additional risk.
How to read this page. This is how Refera is built and how it runs. Public website and onboarding requests contain business account information only. Every real-data control described here is verified before any real patient data is handled. The full, testable detail lives on the Trust page and in the data-residency documentation.