Trust

How CareFile handles your information.

A plain-English trust page for early access: what you add, what you control, what CareFile does not do, and what still needs verification before a broader launch.

Join the waitlist Read privacy details

Trust question 1

What information goes into CareFile?

CareFile does not pull data from a government or health service to fill in your record. The information in CareFile is information you type in, upload, paste in, or create inside the app.

You might choose to add your name, contact details, identifiers, conditions, medicines, allergies, providers, appointments, documents, NDIS plan details, and people in your care team. Most fields are optional.

The plain answer:

No government importsCareFile does not currently connect to Medicare, myGov, the NDIS, My Health Record, Centrelink, or Services Australia to populate your record.

Add what is usefulYou add what is useful and leave the rest blank.

Trust question 2

What do you control?

Sharing should be explicit, limited, and reversible. CareFile is designed around sharing the relevant slice of a record with the person who needs it, not broad access to everything.

What this means in the product:

Targeted sharingCareFile is designed around sharing the relevant slice of a record with the person who needs it, not broad access to everything.

Masked identifiersSensitive identifiers such as Medicare, IHI, NDIS, and concession numbers are designed to stay hidden until you deliberately reveal them.

Consent historyThe app includes consent and access records so sharing decisions can be reviewed instead of disappearing into memory.

Export is being kept specificThe app currently supports JSON and CSV downloads for selected records. Full account export scope and format should be confirmed before production launch claims are made.

Trust question 3

What does CareFile do with your information?

The purpose is storage and use by you. CareFile stores information so you can organise it, find it, and share it deliberately.

Current boundaries:

Information is used to help organise your record, support sharing decisions, maintain audit history, and operate the app.

The current public app code does not include third-party advertising pixels or product analytics trackers. Any future analytics, support, or diagnostics tool should go through vendor, privacy, and data-residency review before touching customer or health data.

CareFile should not use personal health data to train AI models. If an AI-assisted feature is added later, it should be opt-in, explained before use, and reviewed before release.

Trust question 4

Which outside services are named?

These are the external services currently named elsewhere in the app or privacy material. Production use still needs a complete vendor register and legal review.

Named services, not vague assurances:

AddresserUsed for Australian address autocomplete, metadata, and email validation.

Australian Bureau of Statistics geography servicesUsed for suburb and local government area lookups.

ResendUsed for transactional email delivery, such as sign-in and password reset emails. No health record content should be sent through email delivery.

Trust question 5

What is CareFile not?

CareFile is not part of, endorsed by, affiliated with, sponsored by, certified by, or operated by any government service.

We state this directly because implied government affiliation would be misleading. If CareFile develops an integration or formal relationship in future, it should be named specifically and explained clearly.

CareFile is not part of:

The National Disability Insurance Scheme or National Disability Insurance Agency

Services Australia, Medicare, Centrelink, or myGov

The Department of Health, Disability and Ageing

The Australian Digital Health Agency or My Health Record

Any state or territory government health or disability service

Boundaries

What we do not do

We do not connect to or import from My Health Record, myGov, Medicare, Centrelink, Services Australia, or the NDIS.
We do not provide medical advice. CareFile stores information; it does not tell you or a clinician what to do with it.
We do not provide case management, plan management, support coordination, insurance claims processing, or appointment booking.
We do not claim ISO 27001, IRAP, SOC 2, HIPAA, or any other formal certification unless a real assessment or certificate exists.

Compliance and security

Specific claims only.

CareFile is designed with the Privacy Act 1988 and the Australian Privacy Principles as reference points. This does not mean a regulator has approved, certified, or endorsed the product.

Before a broader launch, production hosting, backup retention, deletion timeframes, vendor terms, security controls, and health-records law obligations should be verified and legally reviewed.

The app includes breach-response workflow material for prototype governance. A production incident response process still needs to be reviewed against the Notifiable Data Breaches scheme and any health-records obligations that apply.

Before broad launch

Compliance and security

Already in place

AWS ap-southeast-2 production hosting (ECS Fargate + CloudFront).
Private S3 object storage with KMS encryption – Block Public Access always on.
Daily RDS PostgreSQL backups via AWS Backup – restore drill completed 23 May 2026.
Auth with TOTP MFA, password reset, JWT signing via Secrets Manager.
All uploads stored in private S3 – no files served statically or publicly.
GuardDuty, CloudWatch alarms, and CloudTrail logging active.

Still to verify before broad launch

A complete vendor and subprocessor register for every service that may receive personal information, health data, logs, support messages, or diagnostics.
Full account deletion flow, active-system deletion timing, and backup purge timing.
Australian privacy, health-records, and consumer-law review of the privacy policy and terms of service.

Changes to this page

22 May 2026

Page published with the government-logo dropdown removed and explicit non-affiliation wording added.