Frequently asked questions

Minikai is a person-centred AI workforce for care providers. Every person you support gets their own Mini, an AI advocate that holds their record together across providers, shifts, and systems, so the people delivering care can answer questions about that individual without trawling through years of fragmented notes.

Across your organisation, the same intelligence audits funding so you keep the revenue you've already earned, watches for incident patterns so concerns surface early, and drafts the documentation that has to be written every day, so what ends up in the record is consistent and complete. Admin that used to take hours takes minutes, the quality of what gets filed lifts, and the time that opens up goes back into care.

The people you support are someone's mum, dad, or child, and the care they receive should be grounded in their actual record and accountable to the people who matter.

Minikai is live in Australia, the United Kingdom, and New Zealand.

In Australia we support NDIS, residential aged care, Support at Home (the program that replaced Home Care Packages), allied health, and child therapy. In the UK we support Adult Social Care, Children's Services, supported living, allied health, and child therapy. In New Zealand we support residential aged care and allied health.

The funding rules, regulators, and integrations for each region are built into the platform, so a provider in Manchester sees CQC requirements, and a provider in Brisbane sees NDIS pricing and their own care management data.

A Mini is an AI advocate assigned to every person you support. Think of someone like a young person transitioning out of early intervention. Their family has told their story many times over, to support coordinators, therapists, and intake teams, and all of that information has been captured somewhere because someone needed to use it.

The Mini holds that history together. When a new worker picks up the shift, when a plan reviewer asks a question, when a clinician needs to understand what's worked before, the answer is grounded in that individual's actual record rather than reconstructed from memory each time. Every answer a Mini gives is cited back to the source record it drew from, so the reasoning is visible, traceable, and checkable.

The Mini also meets the worker where they are: the chat stream is multilingual, so a support worker more comfortable in Tagalog can switch into their language while the underlying record stays unchanged.

We call them AI advocates because everyone in the care system deserves AI working in their corner. A Mini stands up for someone's entitlements, surfaces what they need, and keeps their record coherent across every shift, worker, and provider. The people who depend most on the care system should be the first to benefit from this technology.

Minikai is an AI workforce that runs across your whole organisation. It audits funding against every claim you submit, watches for incident patterns across every shift logged, monitors compliance against your policies and the regulatory framework you operate under, drafts the documentation that has to be written every day, and gives every person you support their own Mini that holds their record together across years and providers.

The infrastructure underneath matches the sensitivity of the data. Minikai is ISO 27001 certified for information security and ISO 42001 certified for AI management systems, and customer data stays in-region. Fine-grained authorisation runs across every record and every Mini, so a behaviour support plan, a therapy note, or a restrictive practice authorisation is only visible to the people in your organisation who are authorised to see it.

An AI scribe turns one consultation into one note. A general chatbot like ChatGPT needs you to prompt it from a blank context window each time, with no awareness of your records, your access rules, or where its data lives.

Minikai is the operating layer your provider runs on, with humans in charge of every clinical decision and the AI carrying the administrative load. Every answer a Mini gives is cited back to the source record it drew from, so the reasoning stays visible and checkable rather than disappearing into a black box.

The Quality and Compliance agents read progress notes, shift handovers, incident reports, and clinical observations across your caseload, looking for patterns that no single record exposes on its own.

Three unwitnessed falls for one resident over fourteen days, logged across different shifts by different workers in plain text, only become visible when something is reading all three together. When a pattern crosses the threshold, Minikai can classify severity, draft the reportable incident form, and route it to the right person with time to act, so the daughter who would otherwise get the phone call no one wants to make hears from your team early instead.

Your Quality and Safeguarding team can see these patterns build at home, site, and organisation level in their dashboard, with a workspace agent ready to answer questions about any of them.

Compliance is how quality care reaches the people who depend on it, and the Compliance agent treats it that way.

It reviews your records against your own policies and the regulatory framework that applies to your sector, detects missed incidents hiding in free-text notes, monitors mandatory reporting timeframes, flags overdue care plan reviews and expiring registrations, and checks whether the right escalation pathways were followed.

Your Quality and Safeguarding team gets early signal on where attention is needed, with time to address the substance of the issue properly.

Yes. A frontline worker records a short voice memo in the moment, between visits, or at the end of a shift, and Minikai produces a compliant, person-centred note automatically. The Mini knows the procedure and the template, prompting for what's missing as the worker captures rather than after.

The same flow handles incident reports, shift handovers, care assessments, and plan reviews, formatted in SOAP, SBAR, or whichever documentation framework your organisation uses, and shaped to the requirements that apply in your sector across NDIS, aged care, UK adult social care, and the others we support. Reportable incidents are prepared in the format the relevant regulator expects, such as the NDIS Commission, ready for your team to review and submit.

Notes were always meant to be a record of what happened so the next person delivering care could pick up where the last one left off, and the voice flow keeps that purpose intact while taking the keyboard work out of the worker's day.

Minikai is certified to ISO 27001 for information security and ISO 42001 for AI management systems.

Your Customer Data, the care records, conversations, files, and reports created or managed through the platform, is stored and processed in the Data Region you select on your Order Form. Data Regions are currently available in Australia and the United Kingdom, and New Zealand customers are served from the Australian region. Your Customer Data does not leave your selected Data Region except as required by law or as you expressly authorise in writing.

A separate control layer handles authentication, identity, and platform analytics. It operates globally and may process limited account information, such as user names and email addresses, outside your Data Region, but it never holds your Customer Data or any sensitive information. Each provider in this layer is bound by agreements requiring privacy and security standards equivalent to ours.

The platform is built to align with the privacy laws of the regions we operate in: the Australian Privacy Principles under the Privacy Act 1988 (Cth), the UK GDPR and the Data Protection Act 2018, and New Zealand's Privacy Act 2020. Encryption is applied at rest and in transit, and our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Your data is encrypted both at rest and in transit, using strong, industry-standard encryption throughout. Connections are secured with strong TLS, and HTTPS is enforced across our services.

Application secrets and credentials are held in a managed secrets vault with role-based access, access disabled by default, and soft-delete and purge protection enabled. Backups and company devices are encrypted, and storing sensitive data on removable media is not permitted without a documented, approved exception.

Our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Your data is not used to train or fine-tune any AI model. AI features run on enterprise model services hosted inside Minikai’s own cloud environments, within your selected Data Region. We do not send your data to public, consumer AI APIs, so it is never exposed to a separate AI vendor’s service.

The cloud platforms that host these models are contractually prohibited from using your data to train or improve any model, and your data is not retained beyond processing your request. Those platforms are listed as sub-processors at trust.minikai.com/subprocessors.

Your organisation's data is logically isolated from every other customer's. Every request is scoped to your authenticated organisation and validated before any data is accessed, so a request can never read another organisation's data. This is enforced in the authorisation layer on every call and is covered by automated cross-organisation access tests.

Where your data physically resides is determined by your selected Data Region, and it is encrypted at rest and in transit. A technical overview of the isolation model is available to customers on request under NDA.

Internally, access follows the principle of least privilege: people are granted only what their role requires, and anything not expressly granted is denied. Access is provisioned through a documented request process with recorded approval, reviewed at least every six months and on any role change, and removed within 24 business hours when someone leaves or no longer needs it. Staff access to internal systems uses single sign-on with multi-factor authentication.

For your own organisation, the platform supports enterprise single sign-on (SAML and OIDC), SCIM directory provisioning, and multi-factor authentication enforced through your identity provider, so you manage access with your existing controls.

Our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Yes. Access to records and Minis is governed by fine-grained authorisation, configurable by your administrators and applied per label and per user across both individual records and the Minis themselves. A behaviour support plan can sit with the support coordinator, the positive behaviour support team, and the workers rostered to deliver it, while staying out of view for a relief worker covering a single shift.

Access events are logged, and audit logs can be streamed to your own security monitoring (SIEM), so you have a complete record of who accessed what, and when.

You stay in control of your data. Within 30 days of your agreement ending, you can request in writing that we either return all of your data in a standard, machine-readable format, or permanently delete it from our active systems, at your direction. Where you request deletion, we provide a deletion confirmation once it is complete. Connection credentials are deleted on termination, or earlier on your written request.

We may retain a limited subset of data where required by law, to maintain business records, or to support a participant's consented continuity of care; anything retained stays subject to the same confidentiality, privacy, and security obligations. We run routine backups for disaster recovery, so deletion applies to active systems and we do not restore from backups on demand.

Our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Yes. Minikai maintains an approved Incident Response Plan covering severity classification, response targets, escalation, root cause analysis, and external communications. The plan is tested at least annually, including through a tabletop exercise, with findings tracked to completion.

A breach is determined by the CEO together with the Security Delegate, and any external breach notice is reviewed and approved in writing by Legal Counsel and a company officer before it is sent. Where a confirmed or suspected breach affects your data, we notify your organisation within 24 hours of becoming aware, so that you, as the data controller, can meet your own obligations to notify your regulator and the affected individuals.

Our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Continuous vulnerability scanning runs across our managed cloud infrastructure and endpoints, and static and software-composition (dependency) analysis runs on all code as part of the build pipeline. Findings are tracked centrally against defined remediation targets: critical and high within 30 days, medium within 60 days, and low within 90 days.

An independent external penetration test is performed annually, and a summary of the most recent test and its remediation status is available to customers on request under NDA.

Minikai follows a documented secure development lifecycle with separated development, staging, and production environments. Every code change goes through a peer-reviewed pull request on a protected branch, including an automated security review, before it can merge. Our pipelines run automated static and dependency analysis on every change, and deployments to staging and production each require explicit approval.

Significant architectural and security decisions are recorded as Architecture Decision Records. These practices align with our ISO 27001 and ISO 42001 certifications.

Minikai’s AI systems are governed under a certified AI management system aligned to ISO 42001. Governance includes AI risk assessment, AI impact assessment with privacy evaluation aligned to the Australian Privacy Principles, data governance controls, and transparency practices.

Your data is never used to train AI models. The platform operates in an assistive, human-in-the-loop mode: every AI output is a recommendation or draft presented for review and professional judgement before any action, and no automated decision is made that produces legal or similarly significant effects. Every AI response is linked back to the source records it drew on through a citation system, so any claim can be traced to the original record and checked.

Our current sub-processors, including our model providers, and the regions they operate in are published at trust.minikai.com/subprocessors.

All third-party suppliers with access to Minikai systems or data are risk-assessed before engagement, under a written agreement binding them to our security and privacy requirements, and reviewed on an ongoing cycle, at least annually and more often for higher-risk and AI providers. Suppliers are tracked centrally in our compliance platform with their risk level, status, and review schedule. SOC 2 reports and ISO certifications are accepted as supplier assessment evidence where appropriate.

Our current sub-processors, with the regions they operate in, are published at trust.minikai.com/subprocessors, and a fuller breakdown of data categories and processing purposes is available on request.

Yes. Minikai maintains cyber insurance that responds in the event of a cyber incident or data breach. In an incident, our insurer and broker manage the claim as part of our incident response process.

For our certifications and security posture, see our Trust Centre, and our current sub-processors and the regions they operate in are published at trust.minikai.com/subprocessors.

Minikai reads from your existing care management stack rather than replacing it. We connect to widely used clinical and care management systems, data warehouses, and databases, with new integrations added as customers come on board. If you're not sure whether we support yours, talk to our sales team.

Most providers' data can be integrated within two to six weeks, depending on the systems we connect to and the volume of records to import. A stand-alone setup with a single upload can go live within a week.

We connect to your existing system, import your records, and create a Mini for every person you support. The sooner the data flows in, the sooner the Funding and Compliance agents have something to read, and the sooner your team starts seeing patterns and revenue gaps surface in their dashboard.

Pricing is monthly and based on usage, scaled to the number of people you support. Providers who commit annually receive a discount on the monthly rate.

The sales team will work with you to shape a quote that reflects your actual rollout and the scale you're operating at.