Security & Data Handling

1. The most important rule: no patient identifiers

GPguide is designed so no patient identifying information is required. Do not enter identifiers such as:

• Name
• Date of birth
• Address
• Medicare number
• Phone/email
• Medical record numbers (MRN), appointment identifiers
• Any combination of details that could reasonably identify a person

This rule is a core safety control and reduces privacy risk when using AI drafting tools, consistent with OAIC guidance to be cautious about entering personal and sensitive information into generative AI tools.

2. What we store (and what we don’t)

3. Where GPguide is hosted (data location)

GPguide is hosted in Australia.

4. Security controls (high-level)

We use reasonable security measures appropriate to the nature of the service, including:

• Access controls to protect accounts and administrative access
• Encryption and transport security features provided by our infrastructure providers (including Supabase)
• Least-privilege principles for operational access where practicable
• Multi-factor authentication available for user accounts
• Rate limiting and monitoring to mitigate brute-force and abuse patterns
• Ongoing maintenance and updates to reduce risk of vulnerabilities

Our infrastructure providers (including Supabase) describe encryption in transit (TLS) and at rest (AES-256) as part of their security posture. We aim to align our operational practices with recognised standards such as ISO 27001 and implement application-level controls appropriate to the nature of our service.

No security measure can guarantee absolute security. We take reasonable steps consistent with Australian privacy expectations and the nature of the information we hold.

5. What GPguide is NOT (important boundaries)

• GPguide is not an electronic medical record (EMR) and is not an integration into your clinical software at this time.
• GPguide is not an AI scribe and does not require recording patient consultations for its intended use.
• GPguide does not provide billing advice and does not guarantee Medicare compliance, eligibility, rebate entitlement, or audit outcomes.
• GPguide is not a medical device — it is not classified as Software as a Medical Device (SaMD) under the Therapeutic Goods (Medical Devices) Regulations 2002 (Cth) or the TGA.

Comparable clinical documentation platforms emphasise user responsibility to review outputs and include strong disclaimers about accuracy and non-advice.

6. Your responsibilities (helps protect you and us)

To use GPguide safely, you agree to:

• Not enter patient identifiers (see Section 1)
• Review and edit all outputs before use
• Keep your login credentials secure
• Use GPguide in accordance with our Acceptable Use Policy and Terms of Use

7. If you think you’ve entered identifying information

If you believe patient identifying information was entered:

• Stop and do not reuse the output
• Remove identifying details from your input (do not re-enter them)
• Contact support so we can assist with next steps

9. Data retention

We retain information only for as long as necessary:

• Drafting inputs/outputs: Not stored — GPguide does not retain the text you enter or the drafts generated
• Account information: Retained while your account is active and for a reasonable period after closure
• Billing records: Retained as required by Australian tax law (generally up to 5 years)
• Technical/security logs: Retained for a limited period to maintain service reliability, then destroyed or de-identified

For full details on data retention and destruction, see our Privacy Policy.

10. Reporting a security issue

If you believe you’ve found a security vulnerability, please contact:

Email: support@gpguide.com.au

Please include:

• A description of the issue
• Steps to reproduce (if safe to do so)
• Screenshots/logs if relevant