Security & privacy
Surgibud holds professional records about real operations on real people. We designed it the way you'd want your own surgeon's logbook designed: minimal data, strong crypto, and a healthy distrust of everyone โ including ourselves.
There is no field for a patient name, official patient number, or date of birth โ anywhere. Cases are keyed by your own non-identifying codes like "WGN-001", and the terms of use require that nothing identifying is entered. The less identifying data a logbook holds, the less there is to leak.
PROM contact details (a first name and an email or phone number) are encrypted with AES-256-GCM at the application layer before they reach the database. The database holds only ciphertext. Surgibud staff cannot read them โ and neither can anyone who steals the database.
Contact details are hard-deleted automatically the moment the last scheduled survey is sent, or instantly if the patient opts out. They exist only as long as they are useful to your patient.
Database-enforced row-level security means each surgeon can only ever read their own data. This is enforced by PostgreSQL itself, not just application code.
Sign-in uses one-time email codes โ no password to reuse or breach. Add a passkey (WebAuthn) for phishing-resistant multi-factor authentication.
Compliance events are written to an append-only audit log. Database triggers reject any update or delete. What happened, happened.
All data is stored securely in Sydney, Australia โ close to home for NZ and Australian clinicians, and governed by the NZ Privacy Act 2020, the Health Information Privacy Code 2020, and the Australian Privacy Principles.
No advertising cookies, no third-party analytics, no selling data โ and content sent to AI features is never used to train models. The business model is the subscription. That is the whole business model.
| Transport | HTTPS everywhere, TLS 1.2+ enforced |
|---|---|
| Application | SvelteKit on Cloudflare with strict Content-Security-Policy headers and WAF rate limiting |
| Database | PostgreSQL on Supabase, stored securely in Sydney, Australia, row-level security on all tables |
| Patient contacts | AES-256-GCM application-layer encryption, ephemeral storage |
| Authentication | One-time email codes + optional WebAuthn passkeys, server-side token validation on every request |
| AI | Anthropic API, server-side only, rate-limited per user, zero retention for training |
| Email/SMS | Resend and Kudosity for transactional dispatch only |
| Retention | 10-year clinical record retention per NZ Health (Retention of Health Information) Regulations 1996, then automated purge |
Found a vulnerability? Please email support@surgibud.com with details. We respond within 2 business days, fix confirmed issues promptly, and will happily credit you (or keep you anonymous โ your call). Please don't test against accounts or data that aren't yours.
For the full legal detail, read the privacy policy and terms of service.
3 months free for everyone, no credit card to sign up. Free beyond that for trainees, fellows, and low-income countries.