How Fusenite protects your health data

Health data is among the most sensitive information about you. Here's how we treat it.

Where your data lives

All Fusenite data is hosted in Australia, in the Sydney region. Your health information does not leave the country. We use Supabase (Sydney) for application data and AWS Sydney as the underlying infrastructure.

How it's encrypted

Encryption in transit uses TLS 1.3 — the modern standard. Encryption at rest uses AES-256 at the database layer, plus an additional column-level encryption layer for sensitive PII (Medicare numbers, identity documents) using keys stored in Supabase Vault.

Who can access it

Your AHPRA-registered doctor, the Fusenite team members directly involved in your care, and the technical team for system maintenance. Every access is logged. Sharing your data with anyone outside Fusenite (your regular GP, a specialist, a pharmacy) requires your explicit consent.

Compliance posture

We're built on Australian Privacy Principles (APPs 1–13). We're working towards ISO 27001 certification — when complete, we'll publish the date. We do not currently hold ACHS, QIP, or NSQPCH accreditation; when we do, we'll list it on the /trust page.

Your rights

You can request a copy of your health record, ask for a correction, restrict certain uses, or delete your account. Health records are retained for the legally required period (typically 7 years for adults, longer for under-18s) then permanently deleted. Email privacy@fusenite.com for any of the above.

Breach disclosure

If a notifiable data breach occurs, we will inform affected patients and the Office of the Australian Information Commissioner within the timeframes required under the Notifiable Data Breaches scheme. We'll publish a public summary on /trust.

This is general health information and not medical advice. Your doctor will discuss your specific situation during a consultation.