Choose country of your location.
Singapore
Australia
Medcallz is committed to protecting all information handled within its digital healthcare technology platform. As a provider of software and digital infrastructure, Medcallz recognises the importance of maintaining the confidentiality, integrity, and availability of data, particularly where personal and healthcare-related information is involved.
Medcallz operates strictly as a technology platform provider and does not deliver clinical care or medical services. Any healthcare services facilitated through the platform are provided independently by healthcare practitioners or third-party organisations, who remain solely responsible for clinical decision-making and regulatory compliance.
This policy outlines Medcallz’s approach to the collection, processing, storage, use, and disposal of data. It applies to all employees, contractors, developers, partners, and authorised users interacting with Medcallz systems. All such parties are required to comply with this policy when accessing or handling information within the Medcallz environment.
Medcallz maintains a comprehensive cybersecurity framework incorporating physical, administrative, and technical safeguards. These controls are designed to protect information against unauthorised access, disclosure, alteration, or loss, while ensuring systems remain secure, reliable, and resilient.
Security practices are aligned with recognised industry standards and are regularly reviewed to ensure continued effectiveness in a rapidly evolving digital environment.
Medcallz operates a secure, cloud-based infrastructure hosted on Amazon Web Services (AWS). All systems are deployed within controlled environments located in Australia and Singapore, ensuring appropriate data handling and regional resilience.
To maintain strong separation of systems and minimise risk, Medcallz maintains distinct operational environments for development, testing, and production. These environments are fully segregated, ensuring that live data is protected and not accessible outside authorised production systems.
This structured approach ensures that system changes can be safely developed and tested without compromising the security or integrity of operational data.
Medcallz utilises a range of modern cloud technologies to support its platform. These include secure hosting, managed databases, encrypted storage systems, and monitoring tools that provide visibility over system performance and activity.
All infrastructure is centrally managed and maintained under strict governance processes. Changes to systems are controlled, documented, and subject to appropriate review prior to implementation.
Medcallz implements multiple layers of network protection to safeguard its systems. Access to the platform is restricted to authorised users and controlled through secure authentication mechanisms.
External access to systems is limited to secure channels, and all communication is encrypted to prevent interception or unauthorised access. Internal system access is carefully controlled, ensuring that sensitive components such as databases are not exposed to the public internet.
Direct access to servers is restricted, and system interaction is managed through controlled processes to reduce the risk of unauthorised changes or breaches.
Access to Medcallz systems is governed by strict identity and access management controls. Each user is assigned a unique account, and access permissions are granted based on role requirements.
The principle of least privilege is applied, ensuring individuals only have access to the information necessary to perform their duties. Multi-factor authentication is required for administrative access, and user permissions are reviewed regularly.
Access is promptly revoked when no longer required, including upon termination of employment or changes in role.
Medcallz applies strong encryption standards to protect data both in storage and during transmission. All sensitive information is secured using industry-recognised encryption methods to prevent unauthorised access.
Data is handled in accordance with strict governance practices, ensuring it is only stored within approved systems and is not transferred or retained in unauthorised locations. Measures are in place to minimise the amount of data collected and to ensure it is used only for its intended purpose.
Medcallz maintains a structured data governance framework that defines how information is managed throughout its lifecycle. This includes clear processes for data collection, usage, storage, and disposal.
Data is retained only for as long as required to meet operational, legal, and regulatory obligations. Where healthcare-related information is involved, retention practices align with applicable Australian regulatory requirements.
Medcallz also supports appropriate mechanisms to enable authorised users to access, update, or request deletion of their data where applicable.
Medcallz follows secure software development practices to ensure that applications are built and maintained in a controlled and secure manner. All code is managed through controlled repositories with restricted access.
Changes to systems are implemented through structured deployment processes, ensuring that updates are tested and approved before being introduced into production environments. Sensitive information, such as credentials or encryption keys, is never embedded within application code.
Medcallz maintains continuous monitoring of its systems to detect potential security threats, performance issues, or unauthorised activity. System activity is logged and retained to support audit, investigation, and compliance requirements.
Regular reviews are conducted to ensure systems remain secure, up to date, and operating effectively. Any anomalies or potential risks are investigated promptly.
Medcallz maintains regular backups of its systems and data to ensure continuity of service in the event of system failure or disruption. Backup processes are automated and designed to enable restoration of systems and data within acceptable timeframes.
Recovery procedures are in place to support restoration of full systems, specific datasets, or individual records where required. These measures ensure that Medcallz can maintain service availability and minimise disruption to users.
Medcallz has established a formal incident management framework to respond to security events. This includes processes for identifying, containing, investigating, and resolving incidents.
Systems are continuously monitored for potential threats, and alerts are generated when unusual activity is detected. When an incident occurs, it is managed in a structured manner to minimise impact and prevent recurrence.
Relevant stakeholders are notified where required, and corrective actions are implemented following investigation.
Medcallz aligns its practices with applicable privacy and security regulations, including the Australian Privacy Principles (APPs). Its cloud infrastructure is supported by internationally recognised standards, including ISO 27001 and SOC 2 frameworks.
Medcallz operates under a shared responsibility model with its cloud provider. While infrastructure-level security is managed by the provider, Medcallz retains full responsibility for application security, data protection, and access control.
All Medcallz systems are hosted within secure cloud data centres operated by AWS. These facilities incorporate strict physical security measures, including controlled access, continuous surveillance, and environmental monitoring.
Medcallz does not operate or maintain any physical servers or on-premise infrastructure.
Medcallz is committed to ongoing improvement of its cybersecurity posture. Enhancements to monitoring, threat detection, and system resilience are continually assessed and implemented as part of its security roadmap.
This includes the adoption of advanced security tooling, improved redundancy measures, and enhanced system resilience to support long-term growth and evolving security requirements.
Compliance with this policy is mandatory for all personnel and authorised users of Medcallz systems.
Failure to comply may result in:
