TL
TheatreLink
Sign In

Security & Privacy

TheatreLink is designed with security at its core. Here is how we protect your data.

🔒

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport protocol. No data is ever sent in plaintext.

🛡️

Encryption at Rest

All data stored in our database is encrypted at rest using AES-256 encryption, the industry standard for healthcare data protection.

🇦🇺

Australian Data Residency

All TheatreLink data is stored in AWS Sydney (ap-southeast-2). Your data never leaves Australia, meeting Australian Privacy Act requirements for health-related information.

🔐

Multi-Factor Authentication

All user accounts support MFA via authenticator apps (TOTP) and biometric authentication (WebAuthn/FaceID). MFA can be enforced at the hospital level.

👤

Role-Based Access Control

Every user is assigned a specific role (Theatre Manager, Surgeon, Practice Manager, etc.) with access strictly limited to the data and actions relevant to their role. Hospital data is isolated — no cross-hospital access.

📋

Audit Logging

All significant actions (accreditation changes, booking approvals, session modifications, login events) are recorded in an immutable audit log for compliance and security monitoring.

Patient Information

TheatreLink is a theatre scheduling and management platform. No confidential patient information (PHI) is stored or transmitted through the platform. Booking records contain procedure names, equipment requirements, and scheduling details only — no patient names, dates of birth, medical record numbers, or clinical notes.

Our architecture is designed to support HL7 FHIR-compliant encrypted PHI storage in the future, using application-layer AES-256-GCM encryption with managed key infrastructure.

Infrastructure

  • Hosting: Vercel (Sydney edge region) with automatic SSL/TLS certificate management
  • Database: Neon PostgreSQL (AWS Sydney) with connection pooling and encrypted connections
  • File Storage: Encrypted blob storage for accreditation documents
  • Email: Resend — transactional email only, no marketing communications
  • SMS: Twilio — session notification delivery only
  • Real-Time: Pusher — encrypted WebSocket connections for live calendar updates
  • Error Monitoring: Sentry — error tracking with PII scrubbing enabled

Security Headers

  • HSTS: Strict-Transport-Security enforced with 2-year max-age and preload
  • X-Frame-Options: DENY — prevents clickjacking attacks
  • X-Content-Type-Options: nosniff — prevents MIME type sniffing
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy: Camera, microphone, and geolocation access disabled

Compliance

  • Australian Privacy Act 1988: Data stored exclusively in Australia, access controls enforced, no cross-border data transfers
  • OWASP Top 10: Application security reviewed against OWASP guidelines including SQL injection prevention (Prisma ORM), XSS protection (React auto-escaping), CSRF protection (NextAuth tokens)
  • HL7 FHIR Ready: Architecture prepared for future HL7 FHIR integration with healthcare systems

Responsible Disclosure

If you discover a security vulnerability in TheatreLink, please report it to security@theatrelink.com.au. We take all reports seriously and will respond within 48 hours.

TheatreLink — Designed by an Australian Surgeon for Australian Hospitals
theatrelink.com.au | support@theatrelink.com.au