Skip to main content
Our security measures

Your data is your data - and we'll do everything we can to keep it safe

Updated over a week ago

We take your data security very seriously, and act as custodians of your data. We take various measures to ensure the safety and security of your Personal Information and Patient Information.

Physical security

Our application infrastructure is hosted on Amazon Web Services (AWS) and our primary servers are located in Sydney, Australia. Our backup servers are located in Frankfurt, Germany. Both server locations are compliant with security and privacy standards. You can read more about AWS security standards here.

Log in security

Log in is managed by auth0 - an advanced and secure user authorisation and authentication platform with highly secure minimum password requirements and brute force protection. You can enable multi-factor authentication for an extra layer of security. Passwords storage and verification are based on a one-way encryption method, meaning passwords are stored using a strong salted hash.

Network Security

End-to-end encryption and WAF (Web Application Firewall) is enabled on Peptalkr. We have zone lockdown enabled on all administrative areas so unauthorised users outside of our network cannot access them.


We never give, rent, or sell access to your data to anyone else, nor do we make use of it ourselves for any purpose other than to provide our services. See our full privacy policy for more information.

Data encryption

All data sent between us and the platforms we interact with to provide our service to you is encrypted using HTTPS. Data at rest is also encrypted using AES-256 encryption.

Data breaches

We take your security seriously, and take many measure to ensure your Information cannot be breached. However, if there is a data breach and we find that your Information is directly at risk, we will notify you within 7 days of discovering the risk to your data. We will make it clear what information is/was at risk, what action we have taken to rectify the issue.

Data erasure

Your data belongs to you. When you disable your account, we retain some of your Personal Information but we do not retain any of your Patient Information. To fully erase all of your data, you will need to contact us. Once you confirm that you want to delete your account, we’ll remove and/or anonymize all the information we have about you including activity logs, backups and data stored in third-party systems/subprocessors. Your data will be erased from all live sytems immediately, however it may take up to 30 days to fully erase your data from backup systems.


We use a number of third party systems to host the Peptalkr infrastructure and provide services to you including customer service, reporting, email services, SMS services and more. We thoroughly investigate all third party processors prior to integration with Peptalkr and take due diligence seriously to ensure we use security and privacy compliant services. Here is a comprehensive list of subprocessors we currently use:

Amazon Web Services (AWS)
Cloud based hosting, database and backup services.


Cloud based customer service and engagement services.


Email delivery services.


SMS delivery services.


User authentication services.


Task management services.

Campaign Monitor

Email delivery services.


Form management services.


Website publishing services.


Payment processing services.

Did this answer your question?