Security First

Security and privacy are our number one priority.

Secure Messaging for Healthcare

Security Statement

Foxo has been built with a ‘privacy and security first’ mindset in conjunction with leading privacy lawyers and security experts.

Our goal is, and always will be, to deliver powerful communication solutions to healthcare whilst upholding the most stringent security and privacy standards.  

If you have a question or concern about our security or privacy we want to hear from you. Please contact our data protection officer at


Year on year, Healthcare leads the Notifiable Data Breach scheme with the majority of incidents attributed to stolen credentials (malware and ransomware) or compromised via human errors (eg. breach via incorrect system or process)

Data Protection and Storage

Data is stored on secure, encrypted servers located in Australia. All patient data and user data is encrypted at rest and in transit using enterprise-grade encryption protocols. 

Data in transit: Movement of data between the webserver and browser is secured with the latest HTTPS technology using RSA encrypted TLS (Transport Layer Security).

Data storage: All User and patient data is stored on secure Amazon Web Services servers. These servers conform to the ISO27001 standard ensuring data remains backed up and safe at all times.

Security testing

Foxo engages an independent security team to undertake penetration testing on a 3 monthly basis to ensure vulnerabilities and threats are detected and addressed.



“Pentested by Sistematik” mark means the Foxo business and product have undergone independent penetration testing with successful results and no open critical findings.

Verified network of users

All users of Foxo undergo mandatory verification to establish their identity. This provides you with the confidence you are contacting the right person.


User access controls

Foxo comes free with Multi-Factor Authentication (MFA) to double down on securing your account. Additionally, mobile users can utilise a 4-digit pin to add an extra layer of account security.


Secure photo sharing

Clinical images taken within Foxo app are encrypted an stored on secured servers NOT on your personal mobile device or 3rd party cloud servers such as Apple iCloud, Dropbox or Google drive. This ensures compliance with national privacy regulations is maintained at all times.


Personal (user) Data

The only personal (user) data Foxo actively collects from customers is what we need for profile creation and account administration purposes.

Foxo's Cyber Security FAQs 🔒

Validating Offboarding Users

Any user that registers a Foxo account is required to provide enough information to be identified and validated before accessing the Platform. Users can join an Organisation registered on Foxo by request or our auto-join workflows. Users can be removed and offboarded from a Foxo Organisation via the Organisation’s settings.

Penetration Testing

Foxo undergoes independent penetration testing every 3 months.


Foxo Technology Pty Ltd has the relevant WorkCover, Cyber Security, Professional Indemnity, Public & Product Liability insurance required for operating in state health departments.

Data Retention Policy

All data is stored for a minimum of 10 years. Data is encrypted in all states (transmission and storage).

Foxo's Security Credentials

  • HIPAA Compliant
  • ISO27001 Accredited Data Centre
  • Independently Security Tested every 3 months
  • Foxo runs on IRAP certified infrastructure
  • Foxo is GDPR compliant, personal and sensitive information is carefully stored and managed

Regular Data Backup

Customer data is backed up at regular intervals throughout the day. A complete backup is performed nightly. 

Additionally, replication logs for the databases are retained for 30 days and allow for analysis and recovery of the database to any point in that time window.

Ownership of Data

As per Foxo’s terms of use, you retain ownership of your submitted content.

Audit Trails

Foxo features auditable activity logs via a published ledger within the app with user-permission management. Foxo enables secure and accountable information transfer between healthcare providers under stringent data-sovereignty policies. All activity is captured and logged.

File Types and Sizes (non-executables)

Users can upload and distribute any non-executable file. Foxo does not impose limits on file size upload. However, you may experience restrictions inherited from the browser running the Foxo app (eg. 256mb).

Get compliant and switch to Foxo

Download Foxo. Invite your colleagues and get connected OR
Visit to get started on desktop.
Download Free on iOS
Download Free from Google Play
Use the Foxo web app

Information Request

Patients can request a copy of their Personally Identifiable Information (PII) and Patient Health Information (PHI) at any time. These requests will be actioned in a timely manner.