Trust Centre
OnScribe is designed with privacy and security as the foundational priorities, ensuring compliance with Australian healthcare regulations and the Australian Privacy Act 1988. All sensitive information is processed and retained within Australian borders, never transferred offshore.
Encryption Architecture
Dual-Layer Security Model
OnScribe employs AES-256-GCM authenticated encryption for master key protection and AES-256-CBC encryption for patient data at rest. All data in transit is protected by HTTPS/TLS.
Local Device Protection
Database-level AES-256-CBC encryption for all patient data
Passphrase (OnKey)-derived master key is the root of security
The master key is encrypted using AES-GCM and stored in Azure Key Vault, with a local cache on device
Local cache is hardware keystore protected (Android Keystore/iOS Keychain) and expires every 30 days
Authenticated encryption automatically detects tampering - if data is modified, decryption fails
If cache is invalidated (expiry, corruption, biometric change, or tampering detected), the OnKey passphrase must be re-entered to decrypt local data
Transmission Security
All data transmitted via industry-standard HTTPS/TLS-encrypted channels
Firebase authentication tokens verify every request
Request ID validation prevents response tampering
Keys Management
Azure Key Vault manages encryption keys securely
TLS provides forward secrecy for all data in transit
Zero-knowledge architecture: neither OnScribe nor cloud providers can decrypt patient data
Data Sovereignty & Processing
100% Australian Processing – all data stored and processed exclusively in Australia
Primary Processing: Microsoft Azure (Sydney)
Storage Infrastructure: Google Cloud Platform (Australia regions)
Traffic Routing: No international transfers
Email Reception (opt-in - Platinum tier): Microsoft 365 Exchange Online (Australia) — for automatic referral processing only.
Real-Time Audio, Smart PDF and Automatic Referral Processing
Audio transcribed in real-time on Azure Sydney servers
Audio files hard-deleted immediately after processing
Only encrypted-at-rest transcription results retained
Zero persistent audio storage
A similar mechanism applies to Smart PDF Import, where referral letters are processed securely in-memory and deleted immediately after extraction.
Automatic Referral Processing (opt-in - Platinum tier): Referral emails are received by a Microsoft 365 mailbox in Australia, PDF attachments are extracted and processed by Microsoft Azure Services (Sydney), encrypted using the user's key from Azure Key Vault, and stored as pending referrals. The email is permanently deleted immediately after PDF extraction. No unencrypted patient data is retained at any point in the pipeline.
Access Controls & Security
Zero-Trust Architecture
Principle of Least Privilege enforced
Multi-factor authentication for all admin access
Time-limited access tokens
Audit trails for all access and modifications
For users who opt in to automatic referral processing, a copy of the user's encryption key is stored in Azure Key Vault. Storing this key means the user's account operates outside the zero-knowledge architecture while the key is held. The user can delete the key at any time from the Auto-Referral Settings page (https://onscribe.app) to restore zero-knowledge status
Secondary Recipient (Admin) Access to Web Portal
Admin access only when explicitly authorised by a healthcare professional
OnKey Passphrase sharing required for admin access
Audit logging for all admin access
Vendor Security
OnScribe leverages Microsoft Azure and Google Cloud Platform in Australia
Both providers maintain compliance with leading security standards:
Azure: SOC 2, ISO 27001, HITRUST
Google Cloud: SOC 2, ISO 27001, IRAP
Providers cannot access or decrypt PHI
AI Processing & Privacy
Microsoft Azure (Sydney) Cognitive Services used for transcription
Microsoft Azure (Sydney) LLM processing for document enhancement
No offshore processing
No training data use – user data is never used to train AI models
Zero-knowledge architecture ensures OnScribe cannot view patient content
AI Limitations and Intended Use
OnScribe’s AI systems assist with transcription, document enhancement, and summarisation.
They may occasionally generate additional or imprecise wording (“hallucinations”), which can sound interpretive or therapeutic.
Such output is unintended and does not represent diagnostic, prognostic, or treatment advice.
AI models are trained to avoid therapeutic recommendations, and clinicians must not rely on AI-generated or summarised text for clinical decision-making.
Compliance & Legal Assurance
Patient consent must be obtained by the healthcare professional before recording
OnScribe provides consent reminders in-app
Therapeutics Goods Administration ( TGA) exempt – OnScribe is a documentation tool, not a diagnostic or therapeutic device
Australian Privacy Principles compliance maintained
Regular internal compliance reviews conducted
Free trial users (Pro/Platinum) are subject to the same security, encryption, and retention policies as paid users.
Platform Security
Mobile App Security:
Hardware keystore protection (Android Keystore/iOS Keychain)
Biometric authentication with 30-day sessions
Passphrase-derived encryption keys with Azure Key Vault backup
Database-level AES-256-GCM encryption for all patient data
Automatic tamper detection and integrity verification
App sandboxing enforced
Web Portal (Platinum only):
Encrypted session tokens
HTTPS/TLS encrypted connections
Content Security Policy applied
Temporary Files:
During PDF/DOCX generation or image processing, the app may create temporary files within the device’s secure sandbox. These files are automatically cleared on app restart and are not transmitted or stored in the cloud. On standard devices this process is fully secure. On rooted or jailbroken devices, however, system-level access may expose such temporary files. OnScribe does not support the use of rooted or jailbroken devices for this reason.
Data Lifecycle Management
Retention & Deletion Policies
Plus users: Data stored locally only; users control retention or deletion.
Pro & Platinum users:
Local recordings auto-deleted after 14 days
Cloud recordings auto-deleted after 21 days (Pro) / 28 days (Platinum) unless user deletes earlier
Transcriptions remain in cloud until user deletes
Account data: Retained for service provision/legal requirements
Audit logs: Retained per compliance needs
Deletion
Users can delete data anytime
Secure deletion protocols applied
Exported files (PDF/DOCX):
Once shared, documents are no longer encrypted within OnScribe. Clinicians must ensure secure handling of these files under their professional and legal obligations.
Incident Response & Monitoring
24/7 monitoring for system security events
Immediate isolation of affected systems if incident detected
Regulator notification within mandated timeframes
User notification if their data is impacted
Post-incident review and security improvement
Security Contact & Support
Liability Cap
Security: security@docworks.com.au
Privacy Officer: privacy@docworks.com.au
Support: support@docworks.com.au
Compliance & Certifications
Australian Privacy Act 1988 – full compliance
TGA exempt (documentation tool, not a medical device)
Hosted on Azure & Google Cloud – both certified to SOC 2, ISO 27001, and more
Internal compliance reviews and security monitoring in place
External audits planned as OnScribe scales
OnScribe Trust Centre – Security and privacy for Australian healthcare professionals.
Last updated: 08/03/2026
Next review: 08/09/2026
© 2026 Docworks Pty Ltd. All rights reserved.