Daobook

Legal

Data Security

How Daobook protects your clinic and patient data.

Last updated April 13, 2026

Australian TCM practitioners trust Daobook with confidential patient records. This page describes the technical and operational measures we use to keep that data safe — what is in place today, not aspirational claims.

Where your data lives

Daobook runs entirely on Amazon Web Services infrastructure in the Sydney region (ap-southeast-2). Application servers, the production database, the cache layer, and file storage are all hosted in Australia, which keeps clinic and patient data within Australian jurisdiction.

  • Application servers run on EC2 instances inside a private VPC
  • The production database (PostgreSQL on Amazon RDS) sits on a private subnet and is only reachable from the application and background-job servers
  • File uploads (consent forms, attachments, etc.) are stored in an Amazon S3 bucket with all public access blocked
  • Background-job state and caching use Amazon ElastiCache (Redis), also on a private subnet

Encryption

Data is encrypted both in transit and at rest:

  • In transit: HTTPS is enforced for all browser traffic. TLS termination happens at an AWS Application Load Balancer using a certificate managed by AWS Certificate Manager.
  • At rest — database: RDS storage encryption is enabled, so the underlying volumes and automated snapshots are encrypted at the disk level (AES-256, AWS-managed).
  • At rest — files: S3 server-side encryption is enabled on the storage bucket using AWS KMS, with object versioning turned on.
  • At rest — cache: ElastiCache supports both at-rest and in-transit encryption, with an auth token required for connections.
  • Sensitive third-party tokens (such as Square OAuth tokens used by clinics that take card payments) are additionally encrypted at the application level before being written to the database.
  • Encryption keys are held in AWS KMS with automatic key rotation enabled.

Backups and recovery

  • RDS performs automated daily snapshots of the production database, retained for 30 days
  • The database has deletion protection enabled and a final snapshot is taken on any decommissioning event
  • S3 file storage uses object versioning, so deleted or overwritten files can be recovered
  • PostgreSQL audit logs are streamed to CloudWatch Logs

Daobook currently runs in a single Availability Zone, which keeps the platform affordable for a small TCM clinic. In the event of a serious failure, recovery is from the most recent automated snapshot rather than from a hot standby — so a small amount of recent data could be lost in a disaster scenario.

Account access controls

Inside Daobook itself:

  • Two-factor authentication (TOTP via authenticator app, with one-time backup codes) is available for every practitioner account
  • Passkey / WebAuthn sign-in is supported for password-less, phishing-resistant login
  • Role-based access control — every staff member has a role (owner, admin, practitioner, receptionist, bookkeeper) and Daobook checks permissions before showing or letting anyone change clinical records
  • Each clinic is fully isolated from every other clinic at the data layer

What you can do to protect your account

The strongest password and the most modern infrastructure don't help if an account is shared or left open on an unattended computer. We recommend:

  • Turning on two-factor authentication or registering a passkey for every practitioner and admin account
  • Using a unique, strong password — a password manager is the easiest way to do this
  • Giving each staff member their own login with the smallest role they need (don't share the owner login)
  • Logging out on shared or public computers
  • Keeping the operating system and browser you use to access Daobook up to date
  • Avoiding unfamiliar public Wi-Fi for sensitive clinical work

Data ownership, export, and retention

The clinical and business records you keep in Daobook belong to you. While you have an active subscription, you can export your data at any time using the built-in CSV exports for clients, consultations, prescriptions, appointments, invoices, communications, formulas, herbs, contacts, products, and provider numbers.

When a subscription ends, your data is not immediately deleted. It moves into a structured retention lifecycle (active → grace period → optional paid retention → scheduled deletion) so you have time to reactivate, export, or migrate before anything is permanently removed. The retention period is also designed to support the long record-keeping obligations TCM practitioners have under Australian health records legislation.

Reporting a security issue

If you believe you've found a security vulnerability or suspect that an account has been compromised, please email admin@daobook.com.au straight away. We take reports seriously and will investigate promptly.

Limitations

No system is immune to every threat. Daobook is built and operated by a small Australian team, and we focus on the security measures that meaningfully protect a small clinic — strong defaults, encryption, modern authentication, isolated tenancy, and careful access control. We do not currently advertise SOC 2 or ISO 27001 certification, and we don't have a formal third-party penetration-testing program.

For more detail on how we handle personal information and meet our obligations under Australian privacy law, see our Privacy Policy, Australian Privacy Principles, and Healthcare Compliance pages.