(Information for Australian Customers Only)
At Zanda, we understand that data security and residency are especially important to many Australian healthcare providers-particularly when working with government agencies, insurers, or service purchasers that may require assurance around where data is stored and who has access to it.
This article provides specific information for Zanda customers based in Australia. It outlines where data is stored, how it is protected, and under what limited circumstances it may be accessed or processed from outside Australia.
Note: Zanda uses region-specific infrastructure. This article refers exclusively to the data storage and processing practices for Australian customers. Customers in other regions (such as the UK or North America) have their data handled via local infrastructure within those regions.
Key Points – Data Residency and Security for Australian Customers
- All data for Australian accounts is stored in Australia
We use Amazon Web Services (AWS) data centres located within Australia to store and back up all customer data for Australian-based Zanda accounts. Data is encrypted both at rest and in transit. - Australian-owned, Australian-based
Zanda is an Australian company, headquartered in Victoria. We prioritise local data handling and Australian-based service delivery wherever feasible. - Local customer support
Our Australian-based support team is the default contact for Australian customers. We also conduct police and background checks on all team members with potential access to customer data. - Consent-driven access
We do not access customer data unless explicitly authorised by the account holder, and always for the purpose of providing support or resolving an issue. - Dedicated Data Protection Officer
We have an internal Data Protection Officer responsible for overseeing data privacy, security, and compliance across all operations. - We are ISO 27001 certified
Both Zanda and our infrastructure providers meet the globally recognised ISO 27001 standard for information security. - Comprehensive, externally audited privacy program
We maintain a robust privacy program that is externally audited and aligned with Australian Privacy Principles (APPs), ensuring ongoing compliance with relevant privacy regulations. - Direct integration with Medicare
We have a native, direct integration with Medicare and comply with their strict data access and processing residency requirements, ensuring sensitive health data is handled in line with Australian government standards. - We actively choose local providers where possible
Whenever practical, we work with Australian-based providers and services to help maintain high standards of privacy and data residency.
Situations Where Data May Be Accessed or Processed Overseas
While our default approach for Australian customers is to keep data stored and managed within Australia, there are limited and specific circumstances where data may be accessed or processed from outside the country:
- After-hours or urgent support
Zanda provides 24/7 customer support. While Australian customers are primarily supported by our local team, there may be situations-especially during urgent or after-hours events-where team members based in the UK or USA assist. These staff are subject to the same training, compliance obligations, and background checks.
We also ensure compliance with Australian Privacy Principle (APP) 8 before granting any access, including requiring that all staff handle data in accordance with Australian privacy standards. - Optional third-party integrations
Some integrations, such as online payments via Stripe, may involve limited data transfer (e.g., name, email, and card details) outside Australia. Stripe is PCI DSS compliant and handles this data securely.
Similarly, our default email provider (SendGrid) may process email data (e.g., recipient email addresses) outside of Australia. Customers are able to configure their own email service if preferred. - Accessing Zanda while travelling
If a customer logs into Zanda from overseas (e.g., while travelling), data is transmitted securely over the internet. This does not involve a change in data storage location, but may constitute international access under some definitions.
Summary
Zanda takes data residency and security seriously. For Australian customers, our systems, partners, and policies are built to ensure that data is stored locally by default, and that any overseas access-when it occurs-is secure, limited, and appropriately governed.
For more information, you can also refer to:
If you’re asked about data residency by a service purchaser, insurer, or oversight body, feel free to link them to this article to provide a complete, contextual answer.