Security Policy

/Security Policy
Security Policy 2018-04-03T16:00:37+08:00

KinChip Systems Pty Ltd

This Security Policy is designed to inform you about what will happen to the information you provide through our website, any of our applications, or through any other form of communication with us, KinChip Systems Pty Ltd ACN 605 862 584 (KinChip, us or we), our related bodies corporate (as such term is defined in the Corporations Act 2001 (Cth)), or our employees, officers, agents or contractors (each a Related Party). Please be sure to read this entire Security Policy before using our website, any of our applications, or submitting personal information to us or our Related Parties.

How does Kindom keep my health records secure?

The protection and security of your personal information is something we take seriously. We are committed to keeping your personal information secure. We take precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a secure application.

Your personal information is transmitted from the My Health Record system to the Kindom platform over a secure and encrypted connection. Data that you choose to copy and save in Kindom is stored securely in an encrypted database at the Microsoft Azure Australian data centre that is operated by KinChip Systems.The information is protected while in transit using TLS 1.2, a protocol approved by the Australian Government for protecting sensitive information in transit over public networks.

Kindom, and other web applications hosted by KinChip Systems use an Extended Validation (EV) certificate, which allows you to verify that you are accessing a KinChip web site. If your browser does not show “Kinchip Systems Pty Ltd [AU]” in the address bar, you’re not on our website.

EV certificate displays in green
In the Chrome web browser, an EV certificate displays in green, to the left of the URL in the address bar.

KinChip Systems employees do not have access to the personal information in your My Health Record. Any information that you directly provide to us via the support centre is protected by a system of policies, firewalls and access controls.

We monitor the usage of Kindom to detect anomalous or suspicious behaviour. We maintain an active development team that keeps our platform up to date, testing and addressing critical issues.

How does Kindom protect the information that it stores?

When you access Kindom on your device you will have to log on to your Kindom account using your secret secure passphrase. We store a hash derived from your passphrase (we don’t store your actual passphrase) which we ask you to provide every time you log in, so we can verify your identity.

We cannot recover your passphrase, and we will never send you a passphrase in plaintext.

If you consent to allow Kindom to access the My Health Record system in your name, the My Health Record system will provide a secret access token to Kindom. This access token is included in each request that Kindom makes to access the My Health Record, allowing the system to identify you and present the records that you are authorised to view. Kindom stores the access token in your Kindom account. It does not store your My.Gov login or password.

All user data stored in the Kindom databases, database backups and database logs is encrypted. All data sent to, and requested from Kindom occurs over HTTPS and is encrypted via Transport Layer Security (TLS) 1.2.

Kindom will only store information that you have specifically requested, entered or copied. The information will only be visible to people you specifically share with. The Kindom platform adheres to the Australian Privacy Act.

Please refer to the KinChip Systems Privacy Policy for further details.