OpenBook Clinical Security White Paper
This document describes the security architecture, controls, and compliance posture of OpenBook Clinical. It is intended for hospital procurement teams, university IT security reviewers, NDIS provider governance committees, and infosec professionals evaluating the platform.
Executive Summary
OpenBook Clinical is an AI-assisted clinical evidence retrieval and synthesis platform designed for Australian allied health professionals. The platform is operated by OpenBook Clinical Pty Ltd (ABN 38 698 494 656), a Sydney-based company. Security, data privacy, and clinical governance are core design principles — not afterthoughts.
What we protect: Clinician account data (name, email, AHPRA number where provided), clinical search queries and history, CPD activity records, and billing tokens. We do not collect or process patient data.
How we protect it: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Row-Level Security is enforced at the database layer on every table. Authentication uses industry-standard PKCE flows with optional MFA. AI query processing uses Anthropic's API under a zero-data-retention agreement, with no user PII included in AI requests.
Who is responsible: OpenBook Clinical Pty Ltd is the data controller and bears primary responsibility for data protection. Our key sub-processors (Supabase, Vercel, Anthropic, Stripe, Postmark) each hold their own industry certifications and are bound by contractual data protection obligations.
Infrastructure Architecture
OpenBook Clinical runs on a serverless architecture using three primary infrastructure providers. All user data at rest is hosted within Australia.
| Component | Provider | Region | Certification |
|---|---|---|---|
| Web application & API | Vercel Inc. (USA) | Global edge + serverless | SOC 2 Type II |
| Database (Postgres) | Supabase (on AWS) | ap-southeast-2 (Sydney, AU) | SOC 2 Type II |
| Authentication service | Supabase Auth (on AWS) | ap-southeast-2 (Sydney, AU) | SOC 2 Type II |
| File/document storage | Supabase Storage (on AWS) | ap-southeast-2 (Sydney, AU) | SOC 2 Type II |
| AI query processing | Anthropic PBC (USA) | United States | SOC 2 Type II |
| Payment processing | Stripe Inc. (USA) | USA / EU | PCI DSS Level 1 |
| Transactional email | Postmark (ActiveCampaign, USA) | USA | SOC 2 Type II |
Serverless model
The application layer runs on Vercel serverless functions. There are no persistent application servers, no long-running processes, and no server-side ports exposed to the internet. This significantly reduces the attack surface compared to traditional server-based architectures — each function invocation is ephemeral and stateless.
No self-managed infrastructure
OpenBook Clinical does not operate any self-managed servers, virtual machines, or on-premises infrastructure. The entire stack runs on managed cloud services (Vercel, AWS via Supabase), which means OS patching, hardware security, and physical data centre controls are handled by our providers under their respective certifications.
Encryption
In transit
All communications between the client (browser) and the Vercel edge network use TLS 1.3. Vercel enforces HTTPS-only connections with HSTS (HTTP Strict Transport Security) preloading. TLS 1.0 and 1.1 are disabled. TLS 1.2 is supported for legacy client compatibility where required.
All API calls between Vercel serverless functions and Supabase, Anthropic, Stripe, and Postmark use TLS-encrypted connections over the public internet. Service credentials are never transmitted in plaintext.
At rest
All data stored in Supabase (Postgres database, Auth records, Storage files) is encrypted at rest using AES-256, managed by AWS Key Management Service (AWS KMS). Encryption keys are managed by AWS and rotated automatically. OpenBook Clinical does not manage encryption keys directly.
Application secrets
All API keys, database connection strings, and service credentials are stored as environment variables in the Vercel deployment platform. They are never committed to version control, never logged, and never exposed in client-side code. The Supabase service role key (which bypasses RLS) is used only in server-side serverless functions — it is never sent to the browser.
Authentication & Authorisation
Authentication
User authentication is handled by Supabase Auth, which implements the OAuth 2.0 PKCE (Proof Key for Code Exchange) flow. PKCE prevents authorisation code interception attacks and is the recommended flow for single-page applications. Session tokens (JWTs) are short-lived and automatically refreshed.
Multi-factor authentication (MFA/TOTP) is available to all users via the account settings panel. Institutional accounts with elevated access requirements are encouraged to enforce MFA as a condition of access.
Row-Level Security (RLS)
Every table in the Supabase Postgres database has Row-Level Security policies enforced at the database level. This means that even if an application-layer bug produced an incorrect query, the database engine itself would prevent any user from accessing another user's data. RLS policies are deployed and version-controlled as part of the application codebase.
Service role key isolation
Supabase provides two authentication tokens: the public anon key (safe to expose in browser code, restricted by RLS) and the service role key (bypasses RLS, used only for server-side operations). The service role key is stored only in Vercel environment variables and is never accessible from client-side code.
Session management
JWT access tokens expire after one hour. Refresh tokens are rotated on use and expire after 30 days of inactivity. Sessions can be revoked instantly via the account security settings or via an administrative action for institutional accounts.
Network Security
HTTP security headers
The following security headers are applied to all HTTP responses from the Next.js application:
| Header | Value / Policy |
|---|---|
| Content-Security-Policy (CSP) | default-src 'self'; script-src 'self'; connect-src 'self' *.supabase.co api.anthropic.com |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| X-Frame-Options | DENY |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | strict-origin-when-cross-origin |
| Permissions-Policy | camera=(), microphone=(), geolocation=() |
DDoS protection
Vercel's global edge network provides layer 3/4 DDoS mitigation as a platform default. API rate limiting is enforced at the application layer on all public endpoints. Aggressive or anomalous traffic patterns trigger automatic throttling.
No exposed server ports
The serverless architecture means there are no persistent server processes listening on network ports. There is no SSH access to production, no open database ports on the public internet, and no server-side administrative interfaces exposed outside the Vercel and Supabase management planes.
Data Classification
| Data type | Classification | Where stored | Notes |
|---|---|---|---|
| Clinician name, email, AHPRA number | Protected — PII | Supabase Postgres (AU) | Encrypted at rest, RLS enforced |
| Clinical search queries | Functional — anonymised server-side | Supabase Postgres (AU) | Query text sent to Anthropic without user PII |
| CPD activity records | Clinician-owned — controlled by user | Supabase Postgres (AU) | User can delete at any time |
| Billing tokens (Stripe) | Payment — not stored by us | Stripe (USA) | OpenBook never stores card numbers |
| Patient data | Not collected | Not stored | PII detection active; users instructed to de-identify |
| Session logs (Vercel) | Operational | Vercel (30-day retention) | Contains IP address; auto-deleted |
Patient data controls
OpenBook Clinical does not collect, store, or process patient personal information. Users are instructed not to include patient names, dates of birth, Medicare numbers, or other patient identifiers in their search queries. Technical controls including PII detection patterns are applied to warn users when potentially identifiable information is detected in query text.
AI query anonymisation
Before a search query is sent to the Anthropic API, the application strips authentication context. The request to Anthropic contains only the clinical query text and a system prompt — no user identifiers, account data, or session tokens are included. Anthropic processes these queries under a zero-data-retention agreement and does not associate queries with OpenBook Clinical accounts.
Vulnerability Management
Responsible disclosure
OpenBook Clinical operates a responsible vulnerability disclosure programme. Security researchers and users who discover potential vulnerabilities are encouraged to report them via our Vulnerability Disclosure Policy or by emailing openbookclinical@gmail.com with subject line “Responsible Disclosure”. We acknowledge receipt within 1 business day and commit to keeping reporters informed of remediation progress.
Dependency management
npm dependencies are monitored for known vulnerabilities via automated tooling (GitHub Dependabot). Security advisories trigger priority patch reviews. Critical vulnerabilities in production dependencies are addressed within 72 hours of notification where a patch is available.
No legacy OS exposure
The serverless model means OpenBook Clinical has no traditional OS footprint to patch. Vercel manages the runtime environment (Node.js) and handles underlying OS security. Supabase manages the Postgres database engine on AWS-managed infrastructure.
Essential Eight alignment
Our Essential Eight maturity posture is documented at /security/essential-eight. The serverless, no-persistent-server architecture natively satisfies several Essential Eight controls (patch OS, restrict admin privileges, disable untrusted macros).
Incident Response
OpenBook Clinical maintains an incident response procedure aligned with the Australian Privacy Act 1988 Notifiable Data Breach (NDB) scheme. All incidents are assessed, classified, and managed according to the following framework.
Incident classification
| Priority | Description | Response SLA |
|---|---|---|
| P1 — Critical | Confirmed data breach with likely harm to individuals; platform completely unavailable | < 1 hour to engage response team |
| P2 — High | Suspected breach; significant platform degradation; active attack detected | < 4 hours |
| P3 — Medium | Minor security incident; isolated access anomaly; partial service degradation | < 24 hours |
| P4 — Low | Vulnerability report; minor anomaly; informational security event | < 72 hours |
NDB notification obligations
Under the Privacy Act 1988 (Cth) Notifiable Data Breach scheme, if OpenBook Clinical becomes aware of an eligible data breach — defined as unauthorised access or disclosure of personal information likely to result in serious harm — we are obligated to:
- Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
- Notify affected individuals as soon as practicable
- Complete notification within 30 days of becoming aware of the breach
For institutional subscribers with a signed DPA, we also commit to notifying the institutional Controller within 72 hours of becoming aware of any breach affecting their users' data, in accordance with the DPA breach notification clause.
Incident response contacts
Security incidents and suspected breaches should be reported to openbookclinical@gmail.com. This address is monitored continuously and triaged within 4 hours on business days.
Third-Party Risk
Sub-processor due diligence
All sub-processors (Supabase, Vercel, Anthropic, Stripe, Postmark) are selected based on: independent security certifications (SOC 2 Type II or PCI DSS); data processing agreements (DPAs) that impose equivalent obligations to those owed to our users; and publicly documented data handling practices.
Sub-processor contracts
Each sub-processor is bound by a data processing agreement requiring them to: process data only on our documented instructions; notify us of security incidents affecting our data within 72 hours; impose equivalent obligations on their own sub-processors; and delete our data upon termination.
Change notification
We maintain a current sub-processor list at /governance/sub-processors. Institutional subscribers are notified of any sub-processor additions or replacements with not less than 30 days' notice, giving the opportunity to object.
Annual review
Sub-processor certifications and DPAs are reviewed annually. Where a sub-processor's security posture materially changes, we assess the impact and update our governance documentation accordingly.
Audit & Compliance
OpenBook Clinical's compliance posture relies on a combination of direct controls, provider certifications, and contractual obligations.
| Entity | Certification | Scope |
|---|---|---|
| Supabase (on AWS ap-southeast-2) | SOC 2 Type II | Database, auth, storage — all Australian-hosted user data |
| Vercel | SOC 2 Type II | Web hosting, edge network, serverless compute |
| Anthropic | SOC 2 Type II | AI API processing of search queries |
| Stripe | PCI DSS Level 1 | All payment card data processing |
| Postmark | SOC 2 Type II | Transactional email delivery |
OpenBook Clinical direct certifications
Privacy Act 1988 compliance
OpenBook Clinical is committed to compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Our full Privacy Policy is available at /privacy. Data subject access, correction, and deletion requests are processed within 30 days of receipt.
Data Residency
Summary
All OpenBook Clinical user data at rest — account data, search history, CPD records, uploaded files — is stored exclusively in AWS ap-southeast-2 (Sydney, Australia) via Supabase. No user data is stored in the United States or any other country.
Australian data hosting
When an OpenBook Clinical account is created, all associated data (profile information, search queries, CPD records) is written to Supabase Postgres, which runs on AWS infrastructure in the ap-southeast-2 region (Sydney). Supabase Storage (for any uploaded files) uses the same region. Supabase Auth session data is similarly hosted in ap-southeast-2.
Cross-border data flow — AI processing only
The only data that leaves Australia is the text content of search queries, which is sent to Anthropic's API (hosted in the United States) for AI synthesis. This text is:
- Stripped of all user identifiers before transmission — Anthropic receives only the clinical query text
- Processed under a zero-data-retention agreement — Anthropic does not store the query or response after processing
- Never used to train Anthropic's AI models
- Never associated by Anthropic with any OpenBook Clinical user account
Billing data
Payment card data is processed by Stripe. OpenBook Clinical never receives or stores card numbers, CVVs, or bank account details. Stripe stores a payment token in its own data centres (USA/EU under PCI DSS Level 1 compliance). The token stored by Stripe is used only to initiate future charges at the user's direction.
Transactional email
Account notification emails (signup confirmation, billing receipts, security alerts) are sent via Postmark, a US-based SMTP provider. The email recipient address (user's email) and message content is transmitted to Postmark servers for delivery. Postmark retains email logs for 45 days under its standard terms.
Questions about this white paper?
Contact our security team for questions, to request additional documentation, or to arrange an institutional security review. We respond to all security enquiries within 2 business days.
openbookclinical@gmail.com