Where is NoteGate participant data stored?

All participant and resident data is stored exclusively on AWS servers in Australia (ap-southeast-2, Sydney). No participant data is transmitted to or stored on servers outside Australia, except for AI validation calls which are protected by a Zero Data Retention agreement with Anthropic.

Is NoteGate compliant with APP 8 (cross-border disclosure of personal information)?

Yes. NoteGate satisfies APP 8 through three independent mechanisms: a contractual Zero Data Retention agreement with Anthropic prohibiting data storage after the API call, DeIDProxy tokenisation ensuring no identifiable data leaves Australia, and an immutable audit log of every AI transmission available to the NDIS Commission or Aged Care Commission on request.

What Australian legislation governs NoteGate's data sovereignty commitments?

NoteGate's data sovereignty controls are designed to satisfy the Privacy Act 1988 (Cth) Australian Privacy Principle 8, the NDIS Act 2013 Part 7 Division 2 (protected NDIS information), the Aged Care Act 2024, and the Strengthened Aged Care Quality Standards effective 1 November 2025.

Data Sovereignty — NoteGate™

Q: Does NoteGate send NDIS participant identifiers to overseas AI systems?

No. Before any shift note is sent to the AI validation API, NoteGate's DeIDProxy service replaces all participant identifiers — full name, NDIS number, date of birth, address — with cryptographic tokens. The mapping to real identifiers is stored exclusively in Australia and never transmitted.

Our commitment: All participant and resident personal information, clinical documents, shift note content, and validation results are stored exclusively on servers in Australia (AWS ap-southeast-2, Sydney). No participant data is transmitted to, stored in, or accessible from servers outside Australia — except for the single AI validation API call, which is protected by three independent mechanisms described below.

Australian data residency — how it is enforced

Data sovereignty is not a policy statement at NoteGate — it is enforced by the infrastructure itself. The following technical controls make it structurally impossible for participant data to leave Australia unintentionally.

Resource	Location	Control	Status
Database	AWS RDS ap-southeast-2	Private subnet — no public access. Deletion protection enabled.	Active
Clinical documents (S3)	AWS S3 ap-southeast-2	Region-deny bucket policy: all requests from outside ap-southeast-2 are denied at the policy level.	Active
PDF exports (S3)	AWS S3 ap-southeast-2	Region-deny bucket policy. HTTPS-only policy. Presigned URLs expire in 1 hour.	Active
Application servers	AWS ap-southeast-2	Private subnet. All internal cloud service calls route through private network endpoints — traffic never traverses the public internet.	Active
Secrets and API keys	AWS ap-southeast-2	Encrypted secrets management service. Accessed via private network only.	Active
Email delivery	Resend (outbound only)	Only subscriber email addresses transmitted. No participant clinical data in email content.	Active

The AI validation exception — and how it is protected

NoteGate uses the Anthropic Claude API to validate shift note quality. This is the only point at which data crosses an international boundary. This disclosure is protected by three independent mechanisms — each of which independently satisfies the APP 8 equivalent protections requirement.

Contractual

Zero Data Retention (ZDR) Agreement

NoteGate has executed a Zero Data Retention agreement with Anthropic PBC. Under this agreement, API request payloads and response content are not stored, logged, or retained by Anthropic after the API call completes — for any purpose, including abuse monitoring, model evaluation, or AI training. This is the contractual foundation of our APP 8 compliance.

Technical

DeIDProxy — identifier tokenisation

Before any shift note content is transmitted to the Anthropic API, NoteGate's DeIDProxy service replaces all participant and resident identifiers — full name, NDIS number, date of birth, address — with cryptographic tokens. The mapping between tokens and real identifiers is stored exclusively in Australia and is never transmitted. Even if an API request were intercepted or retained contrary to the ZDR agreement, the content would contain no identifiable information.

Audit

ai_transmission_log — immutable audit trail

Every API call to the Anthropic validation engine is recorded in an immutable internal log. The log records: timestamp, call type, input and output token counts, response code, latency, whether de-identification was applied (boolean), and whether ZDR was active (boolean). No prompt content or response content is stored. This log is retained for 3 years and is available for inspection by the NDIS Quality and Safeguards Commission, Aged Care Quality and Safety Commission, or the Department of Veterans' Affairs on request.

What this means for your organisation

As a subscribing NDIS provider, aged care provider, or DVA service provider, you can tell participants, residents, veterans, families, and regulators:

All participant and resident data is stored in Australia (Sydney)
No participant identifiers are transmitted to overseas AI systems
The AI validation system is contractually prohibited from storing or training on your data
An auditable log of every AI interaction is maintained and available to regulators

Documentation available on request

The following documents are available to subscribing organisations on request for inclusion in your own privacy documentation or regulatory submissions:

ZDR agreement summary (non-confidential terms)
Sub-processor disclosure document (names, locations, data handling obligations)
AWS ap-southeast-2 data residency confirmation
S3 region-deny bucket policy excerpt
ai_transmission_log schema

Request these documents at: privacy@notegate.com.au

Legislative framework

Our data sovereignty commitments are designed to satisfy obligations under the following legislation:

Privacy Act 1988 (Cth) as amended 2024 — Australian Privacy Principle 8 (cross-border disclosure)
NDIS Act 2013 — Part 7, Division 2 (protected NDIS information — unauthorised disclosure is a criminal offence)
Aged Care Act 2024 — information obligations and SIRS reporting security requirements
Strengthened Aged Care Quality Standards (eff. 1 November 2025) — clinical governance and data integrity requirements
Veterans' Entitlements Act 1986 (Cth) — DVA community nursing and home care record-keeping obligations
Military Rehabilitation and Compensation Act 2004 (Cth) — MRCA treatment provider documentation requirements

Request documentation or ask a question

For sub-processor disclosure documents, ZDR agreement summaries, or data sovereignty questions from regulators:

privacy@notegate.com.au
AgenticX Australia · ABN: 27 680 398 305
Queensland, Australia