Australian data residency
ClinicMira runs on Microsoft Azure in Australia. Clinical and candidate data stays onshore — no offshore replication of your records.
Security & compliance
Occupational health data is sensitive, regulated and audited. ClinicMira is built accordingly — Australian data residency, encryption, enterprise identity and an audit trail on everything. Send this page to your security team.
01 Platform foundations
Security is not an afterthought. It is how the platform is hosted, deployed, monitored and recovered.
ClinicMira runs on Microsoft Azure in Australia. Clinical and candidate data stays onshore — no offshore replication of your records.
Data is encrypted in transit and at rest across the platform — application traffic, databases, document storage and backups.
Secrets, keys and credentials are managed in Azure Key Vault — never in code, config files or developer machines.
An ongoing external penetration testing program probes the platform the way an attacker would. Findings are triaged and remediated on a defined cadence.
API and authentication endpoints are rate-limited, with abuse safeguards on candidate sessions, OTP issuance and public-facing surfaces.
Monitoring and alerting across the stack — New Relic, Prometheus and Grafana — so anomalies are seen and acted on, not discovered later.
Releases ship to a parallel environment and cut over only when healthy — changes land without taking clinics offline mid-shift.
Automated backups with tested recovery procedures underpin our 99.9% uptime record. Migrated historical records live in a dedicated legacy archive.
02 Identity, access & audit
Microsoft Entra ID single sign-on with automatic user provisioning — access follows your directory, and offboarding is immediate.
Role templates define exactly what each user can see and do — per tenant, per business, down to individual documents.
Workers complete forms and view their bookings through one-time-passcode sessions — no accounts, no passwords to leak.
Every clinical entity carries an immutable audit trail — bookings, candidates, businesses, documents, forms, tenants, users, billing and notifications.
03 Responsible AI
Our voice and chat agents answer phones and book appointments 24/7 — inside a governance framework your compliance team can actually read.
Voice and chat agents book, remind and answer operational questions. Anything clinical is routed to a human — by design, not by hope.
Every AI agent can be halted instantly — per tenant, per channel. Recording consent and retention controls are configurable to your policy.
Agents can only touch the tools policy allows. Booking and status enquiries are gated by caller identity verification, with prompt-injection safeguards on every input.
A usage ledger records billable minutes and cost, and call analytics track volume, outcomes and transfers — rate limits and quiet hours enforced per tenant.
04 Compliance
We describe our posture precisely: aligned means aligned. No borrowed badges, no certifications we don't hold.
Data handling aligned with the Australian Privacy Principles — collection, use, disclosure and access.
Security practices aligned with ISO 27001 — access management, change control, incident response and supplier review.
Hosted on Microsoft Azure in Australia. Your data does not leave the country.
Immutable trails on all clinical entities give regulators and enterprise clients the evidence they ask for.
99.9%
Uptime
100%
Audit-trail coverage
Australia
Data residency
Zero
Deploy downtime
Architecture, hosting, encryption and access-control detail for procurement and IT due diligence.
Request the packExecutive summary of our latest external penetration test, available under NDA.
Request summaryHow we collect, store and process data under the Privacy Act 1988 and the APPs.
Talk to usVulnerability disclosure
Found a security issue? Tell us at hello@clinicmira.com — we take reports seriously and respond quickly.
A working demo built around your services, your clients and a live AI agent on a real phone number — with a security pack ready for procurement.
Australian-based implementation team · Migration included · Enterprise SSO & audit trails