Skip to main content
Open Book Clinical/Trust & Security Centre

Trust & Security Centre

Security, Privacy & Clinical Governance

Everything a hospital, university, or NDIS provider needs to evaluate OpenBook Clinical for clinical use. Written for procurement teams and ethics committees.

Australian data hosting

Supabase — AWS ap-southeast-2 (Sydney)

Zero AI training on your data

Anthropic zero-data-retention API

Anthropic Claude exclusively

Not shared with other AI providers

Download Security Summary (PDF)
Section 1

Who processes your queries — and how

OpenBook Clinical uses Anthropic Claude (claude-3-5-sonnet) exclusively to generate evidence synthesis. We do not use OpenAI, Google Gemini, or any other AI provider. Your queries are never routed to multiple providers or switched based on load.
  • Zero-data-retention agreement: Anthropic processes queries under a zero-data-retention API agreement — no query or response is stored by Anthropic after processing.
  • No model training on your data: Anthropic contractually commits that API customer data is never used to train foundation models. See Anthropic API Terms, Section 5.
  • Provider change notification: We will notify all users in writing within 48 hours if we ever change AI providers. This is a binding operational commitment.
Section 2

Where your data goes

Clinician BrowserChrome / Safari / FirefoxVercel Edge NetworkGlobal CDN · DDoS protection · SOC 2Next.js App (Serverless)Vercel Functions · no persistent serverSupabase AuthJWT · PKCE · MFA availableAnthropic Claude APIUnited StatesZero-retention · No AI trainingSupabase PostgresAWS ap-southeast-2 · Sydney, AustraliaAES-256 at rest · Row-Level SecuritySupabase StoragePrivate buckets · ap-southeast-2Supabase RealtimeWebSocket · Push notificationsVercel Cron JobsData retention enforcementPostmark SMTPTransactional email · SOC 2StripeBilling · PCI DSS Level 1HTTPS TLS 1.3invokeJWT authAPI queryRLS enforcedLEGENDClinician (user)App layer (Vercel)AU-hosted (AWS ap-SE-2)US-hostedAI query text crosses AU border.No user PII is stored in the US.User data stays in Australia (ap-southeast-2) · AI query text sent to Anthropic (US) under zero-retention agreement
→ Anthropic

Your search queries are sent to Anthropic for processing. They are NOT stored by Anthropic after the response is returned.

→ Supabase

Search queries and results ARE stored in our Supabase database for your search history feature. You can delete your history at any time from your dashboard.

✗ Not used

We do not use vector databases, external embedding stores, or RAG pipelines that retain your content between sessions.

✗ Not stored

We do not store documents you paste into search queries beyond the active session.

Section 3

Exactly how long we keep your data

Data typeRetention periodHow to delete
Search queries & resultsUntil account deletion or manual clearDashboard → History → Clear all
CPD session recordsUntil account deletionDashboard → CPD → Delete entry
Evidence bookmarksUntil account deletion or manual deleteDashboard → Bookmarks → Remove
Account & profile data30 days after account closureEmail openbookclinical@gmail.com to close account
Billing records7 years (Australian tax law — ITAA 1997)Cannot be deleted (legal obligation)
Server logs (Vercel)30 days (Vercel platform default)Automatic — no action required
Error reports30 daysAutomatic — no action required
Stripe payment data7 years (PCI DSS requirement)Cannot be deleted (legal obligation)

All retention periods comply with the Privacy Act 1988 (Cth), Australian Taxation Law, and PCI DSS. Where legal obligations require longer retention, we apply the minimum period permitted by law.

Section 4

Security infrastructure certifications

Our infrastructure is built on providers that hold industry-leading security certifications. We are transparent about what we hold directly versus what applies through our providers.

ProviderCertificationScope
Supabase (AWS ap-southeast-2)SOC 2 Type IIDatabase, authentication, storage — all user data at rest
VercelSOC 2 Type IIWeb hosting, edge network, serverless functions
StripePCI DSS Level 1All payment card processing — highest PCI tier
AnthropicSOC 2 Type IIAI API processing of queries
PostmarkSOC 2 Type IITransactional email delivery
Direct certifications: OpenBook Clinical itself does not currently hold ISO 27001, SOC 2 Type II, or IRAP certification. We are on a pathway to SOC 2 Type II and will publish our report when complete. If your organisation requires a specific certification before onboarding, contact us at openbookclinical@gmail.com to discuss your requirements — we can provide detailed security architecture documentation on request.
Section 5

Who can see your data

You

Full access to your own search history, CPD logs, bookmarks, and account data. Row-level security enforced at the database level via Supabase RLS — no query can return another user's data.

Practice admin users

Can see team members' plan status and CPD totals only. Individual search queries are not visible to admin users.

OpenBook Clinical staff

Can access database records for authorised support purposes only. All administrative access is logged. Staff are subject to confidentiality obligations. We never proactively access your search history.

Support requests

If you contact us for support, we may ask you to share specific records to diagnose issues. We will never proactively access your history without your consent.

AI provider (Anthropic)

Receives your search query to generate a synthesis response. Does not store or retain it under our zero-data-retention agreement.

Your employer or institution

Cannot access your individual search queries through OpenBook Clinical. We do not share search content with institutions, employers, or AHPRA.

Section 6

Our commitments — in plain language

Binding commitments

  • We do not train AI models on your queries, ever.
  • We do not sell your data to any third party.
  • We do not use your queries to improve Anthropic's models.
  • We do not share individual search queries with your employer or institution.
  • We do not perform automated profiling for advertising.
  • We do not store documents beyond your active session if you paste text into a query.
  • We do not route your queries through multiple AI providers.
  • We will notify you within 48 hours if we ever change our AI provider.
Section 7

Regulatory classification

OpenBook Clinical is classified as Clinical Decision Support (CDS) software — specifically, a literature retrieval and evidence synthesis tool. It is not a diagnostic device and does not recommend specific treatment for specific patients.

TGA & IMDRF classification basis

Under Australia's Therapeutic Goods Administration (TGA) framework and the International Medical Device Regulators Forum (IMDRF) Software as a Medical Device (SaMD) guidance, a tool that retrieves and summarises published clinical literature without making patient-specific diagnostic or treatment recommendations is generally considered outside the SaMD classification.

Important caveat

This classification does not mean we take a less rigorous approach to quality. It means our regulatory obligations are different. We maintain clinical governance documentation, incident reporting procedures, and a clinical advisory approach consistent with best practice for CDS software.

We recommend all clinicians treat OpenBook Clinical as a literature search tool that supplements — but does not replace — clinical judgement, AHPRA-regulated professional expertise, and institution-specific protocols.

Section 8

University and research use — what to consider

We recognise that universities and research organisations face heightened information governance requirements. The following is honest, practical guidance for research users.

✓ Safe to enter

  • Clinical questions using published or public information
  • Hypothetical or de-identified clinical scenarios
  • Literature search queries for publicly known topics
  • Questions about published guidelines and systematic reviews

✗ We recommend you do NOT enter

  • Unpublished manuscripts or pre-publication data
  • Grant applications or ethics applications
  • Confidential peer review content
  • Novel algorithms or proprietary methods
  • Patient identifiers or participant data
  • Content your institution classifies as confidential

For formal research governance

Contact us at openbookclinical@gmail.com to request a Data Processing Agreement (DPA), security architecture document, or institutional agreement. We respond within 2 business days.

Section 9

How we handle security incidents

We maintain an incident response procedure aligned with the Australian Privacy Act 1988 Notifiable Data Breach (NDB) scheme.

01

Detect & contain

We identify and contain the breach as rapidly as possible and assess likely impact on affected individuals.

02

Notify

We notify affected users and the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of a qualifying breach.

03

Remediate

We take corrective action, document findings, and publish a post-incident summary where appropriate.

Report a security concern

Email openbookclinical@gmail.com with subject line: Responsible Disclosure — [Summary]. We treat all security disclosures as confidential and respond within 1 business day.

Read our Vulnerability Disclosure Policy →

Section 10

How our evidence citations work

Real databases only

All citations are retrieved from real academic databases: PubMed/MEDLINE, Europe PMC, Semantic Scholar, and CORE. We do not generate citations from an AI model's training memory.

No fabricated PMIDs

We do not generate fake PMIDs or fabricate citations. Every citation links to a real database record that was retrieved during your search.

Retraction awareness

We flag retracted papers when the retraction notice is indexed in the databases we query. We recommend clinicians check for retractions independently for critical citations.

Verify before clinical use

We cannot guarantee citations are free from AI synthesis errors. Always verify critical citations against the original source before clinical use.

Clinical use advisory: We strongly recommend clinicians verify all AI-synthesised evidence summaries against the primary literature before applying them in clinical decision-making. OpenBook Clinical is a decision support tool — final clinical judgement rests with the treating practitioner.

Ready to proceed?

Need documentation for your governance review?

Security Summary PDF

One-page summary for procurement teams.

Download PDF

Data Processing Agreement

For university ethics and institutional agreements.

Request DPA

Security team contact

Direct line for security and governance questions.

Contact security