Security & Privacy

Your data.
Handled with care.

We built Hinterflow with data security as a foundation, not an afterthought. Here's exactly how we handle your information.

Stored in Australia

All data at rest in Sydney (ap-southeast-2)

Voice audio not retained

Transcribed live, discarded immediately

Encrypted in full

At rest and in transit, always

No AI training on your data

Never, under any circumstance

Data handling

What data does
Hinterflow handle?

Every piece of data has a purpose and a retention policy. Here's exactly what we hold and how we protect it.

privacy@hinterflow.com

Voice audio

Audio from the voice interview is processed in real time to produce a transcript. The raw audio stream is never recorded or stored. Once transcribed, it is gone.

Stored: Never — processed live, immediately discarded
Retention: Zero

Interview transcript

The text transcript of the interview is stored in your account. It's used to extract assessment fields and is associated with your organisation only.

Stored: Yes — in your account
Location: Australia
Encryption: At rest and in transit
Retention: Until you delete the session or close your account

Extracted assessment data

The structured field values extracted from your transcript — what gets used to fill the form. Stored in your account, associated with the session it belongs to.

Stored: Yes — in your account
Location: Australia
Encryption: At rest and in transit
Retention: Until you delete the session or close your account

AI inference

Voice transcription and field extraction are processed by AI models running on AWS infrastructure in the United States. This processing is transient — data is sent, the result returned, and nothing is retained by the AI provider.

Processing location: United States (AWS us-east-1)
Retained by AI provider: No — transient only
Used for training: Never — prohibited by contract

Account information

Your name, email address, and organisation. Required for your account. Nothing clinical.

Stored: Yes — required for your account
Location: Australia
Retention: Until account closure
Infrastructure

Built on enterprise
cloud infrastructure.

Hinterflow runs on enterprise cloud infrastructure in Australia, with security controls across every layer — traffic, authentication, access, storage, and monitoring. We use managed security services throughout rather than rolling our own.

Data stored in Australia

All data at rest in Sydney (ap-southeast-2)

AI inference via AWS

Processed in US under Data Processing Agreement

Traffic protection

Rate limiting and threat detection on every request

Encrypted at rest

AES-256 on all stored data

Encrypted in transit

TLS 1.2+ on all connections

Secure authentication

Managed identity with MFA support

Least-privilege access

Services access only what they need

Compliance

Privacy first.
Always.

Australian Privacy Principles

We handle personal information in accordance with the Privacy Act 1988 (Cth), including requirements around transparency, security, access, and cross-border disclosure.

Data stored in Australia

All your data — transcripts, extracted fields, account information — stays in Australia on AWS infrastructure in Sydney. AI processing happens in the US under contract, but nothing is retained there.

No AI training on your data

We don't use your data to train AI models. Not us, not our AI providers. Your data is used to provide the service, nothing else.

Security questions or concerns?

Contact our privacy officer directly. We respond to all security enquiries personally.

privacy@hinterflow.com Read our privacy policy