Security White Paper
Detailed technical security documentation — encryption, access controls, audit, and compliance — for procurement teams and infosec reviewers.
Read white paper →About OpenBook Clinical
Company background, ownership structure, conflict of interest disclosure, funding independence, and research IP policy.
Read disclosure →Who processes your queries — and how
- Zero-data-retention agreement: Anthropic processes queries under a zero-data-retention API agreement — no query or response is stored by Anthropic after processing.
- No model training on your data: Anthropic contractually commits that API customer data is never used to train foundation models. See Anthropic API Terms, Section 5.
- Provider change notification: We will notify all users in writing within 48 hours if we ever change AI providers. This is a binding operational commitment.
Where your data goes
Your search queries are sent to Anthropic for processing. They are NOT stored by Anthropic after the response is returned.
Search queries and results ARE stored in our Supabase database for your search history feature. You can delete your history at any time from your dashboard.
We do not use vector databases, external embedding stores, or RAG pipelines that retain your content between sessions.
We do not store documents you paste into search queries beyond the active session.
Exactly how long we keep your data
| Data type | Retention period | How to delete |
|---|---|---|
| Search queries & results | Until account deletion or manual clear | Dashboard → History → Clear all |
| CPD session records | Until account deletion | Dashboard → CPD → Delete entry |
| Evidence bookmarks | Until account deletion or manual delete | Dashboard → Bookmarks → Remove |
| Account & profile data | 30 days after account closure | Email openbookclinical@gmail.com to close account |
| Billing records | 7 years (Australian tax law — ITAA 1997) | Cannot be deleted (legal obligation) |
| Server logs (Vercel) | 30 days (Vercel platform default) | Automatic — no action required |
| Error reports | 30 days | Automatic — no action required |
| Stripe payment data | 7 years (PCI DSS requirement) | Cannot be deleted (legal obligation) |
All retention periods comply with the Privacy Act 1988 (Cth), Australian Taxation Law, and PCI DSS. Where legal obligations require longer retention, we apply the minimum period permitted by law.
Security infrastructure certifications
Our infrastructure is built on providers that hold industry-leading security certifications. We are transparent about what we hold directly versus what applies through our providers.
| Provider | Certification | Scope |
|---|---|---|
| Supabase (AWS ap-southeast-2) | SOC 2 Type II | Database, authentication, storage — all user data at rest |
| Vercel | SOC 2 Type II | Web hosting, edge network, serverless functions |
| Stripe | PCI DSS Level 1 | All payment card processing — highest PCI tier |
| Anthropic | SOC 2 Type II | AI API processing of queries |
| Postmark | SOC 2 Type II | Transactional email delivery |
Who can see your data
You
Full access to your own search history, CPD logs, bookmarks, and account data. Row-level security enforced at the database level via Supabase RLS — no query can return another user's data.
Practice admin users
Can see team members' plan status and CPD totals only. Individual search queries are not visible to admin users.
OpenBook Clinical staff
Can access database records for authorised support purposes only. All administrative access is logged. Staff are subject to confidentiality obligations. We never proactively access your search history.
Support requests
If you contact us for support, we may ask you to share specific records to diagnose issues. We will never proactively access your history without your consent.
AI provider (Anthropic)
Receives your search query to generate a synthesis response. Does not store or retain it under our zero-data-retention agreement.
Your employer or institution
Cannot access your individual search queries through OpenBook Clinical. We do not share search content with institutions, employers, or AHPRA.
Our commitments — in plain language
Binding commitments
- ✓We do not train AI models on your queries, ever.
- ✓We do not sell your data to any third party.
- ✓We do not use your queries to improve Anthropic's models.
- ✓We do not share individual search queries with your employer or institution.
- ✓We do not perform automated profiling for advertising.
- ✓We do not store documents beyond your active session if you paste text into a query.
- ✓We do not route your queries through multiple AI providers.
- ✓We will notify you within 48 hours if we ever change our AI provider.
Regulatory classification
OpenBook Clinical is classified as Clinical Decision Support (CDS) software — specifically, a literature retrieval and evidence synthesis tool. It is not a diagnostic device and does not recommend specific treatment for specific patients.
TGA & IMDRF classification basis
Under Australia's Therapeutic Goods Administration (TGA) framework and the International Medical Device Regulators Forum (IMDRF) Software as a Medical Device (SaMD) guidance, a tool that retrieves and summarises published clinical literature without making patient-specific diagnostic or treatment recommendations is generally considered outside the SaMD classification.
Important caveat
This classification does not mean we take a less rigorous approach to quality. It means our regulatory obligations are different. We maintain clinical governance documentation, incident reporting procedures, and a clinical advisory approach consistent with best practice for CDS software.
We recommend all clinicians treat OpenBook Clinical as a literature search tool that supplements — but does not replace — clinical judgement, AHPRA-regulated professional expertise, and institution-specific protocols.
University and research use — what to consider
We recognise that universities and research organisations face heightened information governance requirements. The following is honest, practical guidance for research users.
✓ Safe to enter
- • Clinical questions using published or public information
- • Hypothetical or de-identified clinical scenarios
- • Literature search queries for publicly known topics
- • Questions about published guidelines and systematic reviews
✗ We recommend you do NOT enter
- • Unpublished manuscripts or pre-publication data
- • Grant applications or ethics applications
- • Confidential peer review content
- • Novel algorithms or proprietary methods
- • Patient identifiers or participant data
- • Content your institution classifies as confidential
For formal research governance
Contact us at openbookclinical@gmail.com to request a Data Processing Agreement (DPA), security architecture document, or institutional agreement. We respond within 2 business days.
How we handle security incidents
We maintain an incident response procedure aligned with the Australian Privacy Act 1988 Notifiable Data Breach (NDB) scheme.
Detect & contain
We identify and contain the breach as rapidly as possible and assess likely impact on affected individuals.
Notify
We notify affected users and the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of a qualifying breach.
Remediate
We take corrective action, document findings, and publish a post-incident summary where appropriate.
Report a security concern
Email openbookclinical@gmail.com with subject line: Responsible Disclosure — [Summary]. We treat all security disclosures as confidential and respond within 1 business day.
How our evidence citations work
Real databases only
All citations are retrieved from real academic databases: PubMed/MEDLINE, Europe PMC, Semantic Scholar, and CORE. We do not generate citations from an AI model's training memory.
No fabricated PMIDs
We do not generate fake PMIDs or fabricate citations. Every citation links to a real database record that was retrieved during your search.
Retraction awareness
We flag retracted papers when the retraction notice is indexed in the databases we query. We recommend clinicians check for retractions independently for critical citations.
Verify before clinical use
We cannot guarantee citations are free from AI synthesis errors. Always verify critical citations against the original source before clinical use.
Ready to proceed?