Buyer-facing Team trust material

CPDKeep Team Trust Pack

A shareable, plain-language pack for Team plan review. It summarises current product behavior without replacing your own security, procurement, legal, or CPD obligation checks.

Download Markdown

Sample-only: every organisation name, staff name, date, reminder state, export row, practitioner name, activity, and evidence reference in this pack is fake demonstration data. It does not include private staff activity titles, providers, notes, reflection text, evidence contents, original filenames, upload paths, email content, payment details, tokens, or private user records.

Plain-language security overview

CPDKeep uses managed cloud providers, account access controls, and private-by-default product flows to operate CPD records, evidence, exports, team oversight, and autofill features.

The product intentionally does not publish low-level storage identifiers, temporary-access mechanics, provider secrets, or exact infrastructure topology in public buyer material.

CPDKeep is a CPD record-keeping tool. This pack supports buyer review, but it does not replace a buyer security review, procurement review, legal advice, AHPRA, a National Board, a regulator, a CPD home, or your own CPD obligation checks.

Privacy boundaries

Individual CPD activity records and evidence files are private to the account holder unless they choose to export, download, or share them outside CPDKeep.

Team administrators can see summary oversight fields such as readiness labels, profession grouping, renewal timing, progress percentages, evidence completeness grades, missing evidence counts, missing reflection counts, and reminder status.

Team views and exports do not automatically expose private evidence files, activity titles, providers, notes, reflection text, document text, raw forwarded email content, payment details, tokens, or private storage paths to team administrators.

Data handling summary

CPDKeep stores account and profile details needed to run the Service, including name, email address, profession, plan, and CPD cycle settings.

It stores CPD activity records that users create, such as dates, categories, hours or credits, notes, reflection fields, topics, and uploaded or imported evidence files. Evidence may include certificates, receipts, attendance records, and documents users choose to upload, forward, or import.

The web application deployment is configured for an Australian hosting region. Database, file storage, payment, email, analytics, and optional autofill features rely on managed cloud service providers, and those services can have separate processing and support arrangements. CPDKeep does not make a blanket data-residency guarantee.

AI and autofill explanation

When document or email autofill is enabled and available on a plan, CPDKeep may use uploaded or forwarded evidence to suggest CPD fields such as title, date, provider, category, hours, and topics.

Autofill output is a draft. The user reviews and confirms suggestions before they become part of the CPD log.

This pack does not make provider-specific claims about model training, retention periods, regional AI processing, or AI provider infrastructure.

Backup and recovery posture

CPDKeep relies on managed cloud providers and operational safeguards to operate the Service and recover from routine platform issues.

This pack does not promise specific recovery timing, data-loss commitments, special backup commitments, disaster recovery attestations, incident response service levels, or monitoring commitments.

Data export and deletion process

Where a plan includes reports, individual users can export CPD audit materials from the product.

Team administrators can export summary-level team readiness material for internal practice operations where that feature is available.

Some account details can be updated in the account area. For help accessing, correcting, exporting, or deleting account data beyond self-serve controls, submit a support request through the signed-in Service.

Incident contact process

Signed-in users and team administrators should submit security, privacy, account-access, or data-handling concerns through the in-app support request flow.

Include the affected account or team, relevant timeframe, a short description of what happened, and safe screenshots or log snippets if useful. Do not include patient information, private evidence contents, raw forwarded emails, credentials, tokens, or secrets in the initial message.

CPDKeep reviews incident reports through the support channel. This pack does not publish a fixed response-time commitment.

Subprocessor list

Informational list based on current product behavior and the public Trust page posture.

ProviderPurposeData context
VercelWeb application hosting, deployment, analytics, and speed insightsPublic site and application request/usage telemetry handled by the hosting platform
SupabaseAuthentication, database, and file storageAccount records, CPD records, team records, evidence metadata, and uploaded/imported evidence files
StripeCheckout, subscription billing, customer portal, invoices, and payment handlingBilling account and transaction data handled on Stripe-hosted surfaces and related webhook events
ResendTransactional email and inbound evidence email handlingEmail delivery metadata, support/status email delivery, and forwarded evidence email handling where enabled
OpenAIOptional document and email autofill suggestions where enabled and availableUploaded or forwarded evidence content used to produce review-before-save draft CPD fields
Google AnalyticsWebsite and application analyticsAnalytics events from public site and signed-in application routes where the Google tag is loaded from the root application layout

Sample Team export

Generated from fake Team summary data using the same summary-only export helper used by CPDKeep Team readiness exports.

StaffProfessionReadinessRenewal windowProgressEvidenceReminder
Demo Staff AveryNurseReadyMore than 90 days100%Excellent; missing evidence 0, missing reflection 0Resolved
Demo Staff BlakePhysiotherapistNeeds attentionDue in 31-90 days40%Fair; missing evidence 0, missing reflection 1Opened
Demo Staff CaseyPsychologistAt riskDue within 30 days0%Excellent; missing evidence 0, missing reflection 0Sent

Sample audit pack

Demo sample only: every practitioner name, cycle date, activity, provider, evidence reference, and report context in this sample is fake demonstration data. Evidence content, original filenames, upload paths, email content, and private user records are not included.

Demo practitioner
Demo Practitioner Alex Example
Demo profession
Pharmacist
Demo generated date
30 June 2026
Demo warnings
1 missing-evidence warning