For aged care assessorssee how Hinterflow fits your workflow
Security & Privacy

Your data. Handled with care.

We built Hinterflow with data security as a foundation, not an afterthought. Here's exactly how we handle your information.

Contact our privacy officer Read privacy policy

Stored in Australia

AWS Sydney · ap-southeast-2

AI runs in Australia

No data leaves the country

Voice audio never retained

Transcribed live, discarded

No AI training on your data

Never, by us or AWS

Your data

In plain English.

Where it lives.

Everything you record — transcripts, extracted fields, account info — is stored on AWS infrastructure in Sydney. AI transcription and field extraction also run in Sydney. Nothing leaves Australia. Not at rest, not in transit, not during AI processing.

What we don't keep.

Voice audio is transcribed in real time and discarded immediately — we never store recordings. When you delete a session, the transcript and extracted data are removed from our systems within seconds, and from encrypted backups within 30 days.

What we don't do.

We don't train AI on your data — not us, not AWS. It's prohibited by contract, not just by policy. We don't sell or share your data with third parties. Access to customer data is restricted to authorised staff and audit-logged; we don't browse it.

Common questions
If I delete a session, is it really gone?

Yes. It's removed from production systems within seconds and from encrypted backups within 30 days. After that, it's unrecoverable — including by us.

Who at Hinterflow can see my data?

Only authorised staff, and only when necessary for support or operations. Access is logged. We don't browse customer data, and no one outside our team has access.

Is everything encrypted?

Yes. Data at rest is encrypted with AES-256, and all connections use TLS 1.2 or higher. Voice audio in transit is also TLS-encrypted.

What happens if there's a data breach?

If a breach is likely to result in serious harm, we notify affected users and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme. You'll hear from us directly, not through a press release.

Can my organisation review your security controls?

Yes. We can share our control mapping and answer specific questions under NDA. Email privacy@hinterflow.com to start the conversation.

Where does the Hinterflow Fill browser extension fit in?

The extension reads form fields on a page you're already viewing and writes your reviewed session data into them. It doesn't transmit anything from third-party websites back to us. Full details in the privacy policy.

Compliance

Privacy first. Always.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including transparency, security, access, and cross-border disclosure.

In the event of a notifiable data breach, we follow the OAIC's Notifiable Data Breaches scheme.

Security questions or concerns?

Contact our privacy officer directly. We respond to all security enquiries personally.

privacy@hinterflow.com Read our privacy policy