KOOKA TECH

Trust Center

Privacy,
without shortcuts.

Aged-care data deserves more than a tick-box. KOOKA TECH runs on Australian onshore infrastructure with no auto-integration to your EMR — your clinical record stays under your control.

Data Stored in Australia
APPs Compliant
Encrypted in Transit & At Rest
MFA Enforced

Security posture

Four claims we hold ourselves to.

01

Data residency

100% Australian onshore hosting.

02

Compliance

Full adherence to the Australian Privacy Principles (APPs).

03

Infrastructure

Encrypted storage, MFA, strict access logs.

04

Roadmap

Currently progressing toward ISO 27001-aligned information security processes.

The shadow workflow

KOOKA never writes
to your EMR.

Zero risky integrations. The nurse remains the gatekeeper between draft and clinical record — by design.

  1. Step 01

    Voice note

    Captured at point of care.

  2. Step 02

    KOOKA draft

    Generated within seconds.

  3. Step 03

    Nurse review

    Edited and signed off.

  4. Step 04

    Manual transfer to EMR

    By the nurse, never automatically.

No auto-write to your EMR

Compliance documentation

The package providers ask for.

Available on request — share the facility name and the documents you need and we'll have them in your inbox within one business day.

  • Privacy Policy
  • Security Overview
  • Resident Consent Templates (including cognitive impairment)
  • Participant Information Sheet
  • Clinical Safety Statement

Research engagements

KOOKA TECH supports facilities engaged in clinical research and welcomes engagement with your facility's ethics processes, including Human Research Ethics Approval (HREC).

Security FAQ

The questions every IT team asks.

Where is our data stored?

All clinical audio, transcripts, and generated drafts are stored on Australian-hosted infrastructure. Data does not leave Australia.

Who at KOOKA TECH can access our content?

Access is role-scoped, MFA-enforced, and logged. Only a small number of named engineers can reach production data, and every access is recorded against an audit trail.

How long is data retained?

Retention is configured per facility. By default, draft documentation is retained for the period your facility's clinical-records policy specifies, and source audio is deleted on a shorter cycle once the draft has been reviewed.

How does KOOKA TECH respond to a security incident?

We follow a documented incident response plan: detection, containment, written notification to affected facilities, and a post-incident report. Reportable breaches are escalated under the Notifiable Data Breaches scheme.

What sub-processors are involved?

A current list of sub-processors — and the country each operates in — is available on request as part of the Security Overview. Material changes are notified to facilities in advance.

What happens when we offboard?

On contract end, all clinical content belonging to the facility is exported in a portable format and then deleted from KOOKA TECH systems within an agreed window. A certificate of destruction is issued on request.

Have a question for our governance team?