Briefly. is built with security at its core. We protect your patient data with enterprise-grade encryption, mapped safeguards, and 24/7 monitoring.
Security controls mapped to healthcare data protection standards
We implement administrative, physical, and technical controls designed around healthcare privacy and security standards to protect sensitive health information.
BAA available for all healthcare organizations. Clearly defines our responsibilities in protecting your patient data.
Our SOC 2 Type II independent assurance program is in progress across availability, confidentiality, and privacy controls.
Data stored in your designated region with controls aligned to applicable healthcare privacy standards.
Patient data stored securely. Controls are mapped to applicable healthcare privacy standards.
Patient records are stored in your designated region (AU, NZ, US, or EU). Some backend processing — such as transcription and letter generation — uses secure providers under data protection agreements.
No. Patient data is never sent to language models for training. Your clinical data is processed securely and never retained by third-party providers. Briefly processes your data to generate letters and then it is not used for any other purpose.
Briefly Health Limited is registered in New Zealand. Your data is subject to the privacy laws applicable to your region. For Australian users, this includes the Privacy Act 1988 and all 13 Australian Privacy Principles. For NZ users, the Privacy Act 2020 applies.
Multi-layered protection for your sensitive patient data
AES-256 encryption for data at rest and TLS 1.3 for data in transit. Industry-leading encryption standards protect every byte.
Multi-layered data protection with regular backups, disaster recovery, and 99.9% uptime SLA.
Role-based access control (RBAC) and multi-factor authentication (MFA) ensure only authorized access.
24/7 security monitoring with real-time threat detection and automated incident response.
Enterprise infrastructure with healthcare-grade reliability
Hosted on AWS with enterprise-grade security across multiple regions (AU, NZ, US, EU).
Your patient data is never used for model training. Complete data isolation guaranteed.
Immutable audit trails for all system access and data modifications. Audit-ready traceability.
Documented incident response plan with <1 hour notification SLA for security events.
Security is embedded in every stage of our development process
Need detailed security documentation, want to report a vulnerability, or have questions about our compliance?
We take security reports seriously and respond promptly.
For enterprise security documentation:
Request our security whitepaper, SOC 2 report, penetration test results, or Business Associate Agreement.
For vulnerability disclosure:
We welcome responsible disclosure. Security researchers who report valid vulnerabilities will be acknowledged in our security hall of fame.