Digital Health Festival 2026. Field Guide

Your operating manual for two days at MCEC. Attendee mode. Aus/NZ digital-native healthtech focus. Notes persist in your browser. Export at any time.

20-21 MayDates

MCEC, MelbourneVenue

21 prospectsCurated targets

12 confirmed sessionsSpeaker visibility

01Your 30-second elevator pitch

Three modes. Read the room before you open your mouth. Founders want strategy. CTOs want architecture trade-offs. Buyers want compliance and procurement. Pick the right one.

Founder-to-founder mode

I'm Jacob with Cloudflare's digital-native team. I spend my time with Aussie healthtech founders between Series A and Series C, helping them figure out which parts of the stack to keep building and which to outsource. When AI cost, multi-region data residency, or 'we need to displace four vendors before our raise' shows up on the roadmap, that's usually when we end up in a room together.

CTO / engineering leadership mode

Jacob, Cloudflare. I work with engineering leadership at Australian healthtechs on the boring-but-expensive infrastructure decisions: AI Gateway in front of OpenAI/Anthropic to control cost and prompt-injection risk, R2 for AU-resident object storage without egress fees, Workers for edge-deployed code, Zero Trust to replace the VPN tangle. Mostly I'm a sounding board before you commit to a five-year vendor contract.

Hospital buyer / procurement mode

Jacob from Cloudflare. We work with Australian digital health platforms that sell into public and private hospitals. The conversation usually starts with data residency, ISO 27001 evidence for procurement, or how to prove AHPRA-credentialed access controls, all the stuff that actually decides whether the deal closes.

02Hallway openers

Three opener types. Never lead with "what keeps you up at night" or "who's your buyer". Digital-native founders have heard those lines a thousand times. These three actually open conversations.

The contextual opener (post-session)

Use when: You've just both sat through the same session or watched them speak.

Your point about [X] was the bit I'd have pushed back on, were you holding back, or do you genuinely think the market's there?
The Q from [audience member] caught you mid-sentence, what was the rest of your answer going to be?
You skipped past [Y] pretty quickly in your slides, was that intentional, or were you running out of time?

Why it works: Treats them as a peer who had a real argument, not a presenter who delivered a pitch. Invites them to elaborate on something they care about.

The peer-to-peer question (hallway, no shared context)

Use when: You're meeting them cold at a booth, in a break, at After Dark.

I'm spending the next year on Aussie digital health, what's the question I should be asking every founder I meet here that I'm probably not?
Forget Cloudflare for a second, if you were sitting on my side of the table, what would you actually want to know about a healthtech right now?
Who at this event have you found genuinely worth your time so far, and why?

Why it works: Establishes peer footing immediately. Treats them as the expert. Surfaces what's actually on their mind and gives you a referral path.

The exit question (close any conversation)

Use when: Conversation is wrapping. Never close without this.

Who else at this event is worth me meeting that I might miss?
If we catch up properly in three months, what would have made that conversation worth your time?
What's the one thing I could send you after this event that would be genuinely useful, not corporate spam?

Why it works: Forces a specific follow-up action with their permission. The last question is the one that makes the difference, a generic 'thanks for chatting' email gets ignored; the one they asked for gets opened.

03Conversation pillars (general)

Six pillars usable with any digital-native prospect. Lead with whichever matches what you observe in their session or pitch. One pillar per conversation. If they bite, narrow to specifics.

Platform consolidation

Opening hook: Most digital-native healthtechs spend more time stitching vendors together than building product. Cloudflare collapses CDN, WAF, DDoS, DNS, bot management, Zero Trust, observability and increasingly AI inference and storage into one bill.
Pain it surfaces: 4-8 vendor contracts, burn-rate scrutiny before next raise, ops overhead from integration maintenance.
Qualifying question (general): How many security and networking vendors are on contract today, and which renewal is coming up that you're not looking forward to?

Best fitsHeidi HealthLyrebird HealthEucalyptusUpdocHola HealthFoxo

AI-native workloads (sharpest hook in 2026)

Opening hook: Every healthtech is shipping AI features, but most pay full retail OpenAI/Anthropic costs with no caching, no per-tenant rate limiting, no PII redaction, no audit trail. AI Gateway sits in front of any provider and fixes all of that. Workers AI runs open-source models at the edge for fractions of the cost.
Pain it surfaces: AI inference cost spiralling, prompt-injection risk on PHI, no audit trail for clinical AI, single-provider dependency.
Qualifying question (general): Where's the AI inference cost trajectory heading versus your revenue growth, and do you have a usable audit trail today?

Best fitsHeidi HealthLyrebird HealthNabu AIPractaLumaCareMonitorRosterLabHoneysuckle HealthCore Schedule

Data residency + sovereignty

Opening hook: Australian health data legally needs to stay on AU soil, but most AI providers and global SaaS workloads quietly route to US or EU regions. R2 has AU object storage, Workers can be pinned to AU, AI Gateway can enforce regional inference.
Pain it surfaces: APP compliance, NDIS audits, public-hospital procurement, MyHealthRecord integration constraints, multi-region expansion landing on data-sovereignty walls.
Qualifying question (general): When a public hospital procurement team asks you to prove where patient data physically sits, what do you show them?

Best fitsLyrebird HealthHeidi HealthPersonify CareCareMonitorVisionflexMediRecordsHola Health

Zero Trust for clinical and distributed workforces

Opening hook: Clinical staff, GPs, locum doctors and contractors all need access to internal apps, most healthtechs are running a tangled mix of VPN, IP allowlists and shared logins. Access replaces it with identity-based per-app gates with audit logs.
Pain it surfaces: AHPRA-credentialed staff onboarding, contractor offboarding gaps, VPN performance, compliance audit findings on access controls.
Qualifying question (general): How do clinicians and contractors actually access internal tools today, and what happens the day a contractor leaves?

Best fitsRosterLabCore ScheduleHealthPassDuressPersonify CareCareMonitorHyphen Health

API surface protection

Opening hook: As your platform integrates with EMRs, payment processors, insurers, pharmacies, your API surface grows faster than your security team. API Shield discovers, schemas, validates, rate-limits per partner.
Pain it surfaces: FHIR API abuse, partner credential leaks, no schema-based contract, slow partner onboarding security reviews.
Qualifying question (general): How many partner integrations are calling your APIs today, and where do those onboarding security reviews actually slow you down?

Best fitsMediRecordsFoxoHealthPassPersonify CareCareMonitorVALD HealthHola Health

Consumer-facing DTC protection

Opening hook: DTC telehealth and digital health brands attract bot traffic on sign-up flows, scraping on pricing, ad-driven traffic spikes that crater origins. WAF + Bot Management + Workers + Stream + Images covers all of it as one layer.
Pain it surfaces: Fraudulent sign-ups burning ad budget, scrapers cloning pricing, origin cost spikes, video consultation quality issues.
Qualifying question (general): What does your sign-up funnel look like, and how do you separate real patients from bots without making users hate the experience?

Best fitsEucalyptusUpdocHola HealthFoxoHyphen HealthVisionflexDuress

04Prospects + 3 questions each

21 prospects, three deeply-thought questions per prospect. Each question is designed to be unanswerable in <30 seconds, to demonstrate you understand their actual strategic situation, and to open a real conversation. None of them are vendor diligence questions.

Notes you type below persist in your browser. Export everything as markdown via the orange button (bottom-right) at the end of the event.

Tier 1. Top priority

Lyrebird Health

Tier 1

Melbourne, AU · founded 2023

AI medical scribe with deep EMR integrations (Best Practice, Genie/Gentu).

DHF26: Plenary, Wed 11:15, 'Building responsibly as the capability of AI expands' (Ray Boyapati, Kai Van Lieshout)

Primary Cloudflare hook: AI workloads + responsible AI + onshore AU data

Q1 · Strategic provocation

You've made deep Best Practice and Genie/Gentu integration your moat against Heidi. That moat works until either the EMR vendors ship their own scribes, or Best Practice decides exclusive isn't profitable. Which scenario do you actually plan for, and how does the product change in each?

Your notes for Q1

Q2 · Architectural trade-off

You talk publicly about 'bank-level encryption' and onshore Australian data. What does the per-tenant data architecture look like behind that claim, single multi-tenant DB with row-level isolation, or actual customer-isolated stores, and at what scale did you make that bet?

Your notes for Q2

Q3 · Competitive / future-state

The Plenary topic is 'building responsibly as capability expands', but the elephant in the room with healthcare AI is the TGA medical-device classification question. When does Lyrebird's product cross the line from administrative scribe to clinical decision support, and what does that do to your release cadence?

Your notes for Q3

Status:

General notes

Follow-up actions

Nabu AI

Tier 1

Australia · founded TBC

AI patient-advocacy platform.

DHF26: Quest, Wed 12:30, 'Austrade UAE export panel' (Steve Lewis, Founder/CEO)

Primary Cloudflare hook: AI workloads + multi-region (AU + UAE) + sensitive PHI

Q1 · Strategic provocation

Nabu came out of your daughter's NICU journey, that origin story gives you genuine moral authority in patient advocacy, which is rare in this market. How do you convert that authority into commercial conversations with hospitals and government, without it sounding like the founder pitch every time?

Your notes for Q1

Q2 · Architectural trade-off

Austrade picked you for the UAE export panel. The UAE healthcare market is fragmented between Emirate health authorities, private hospital groups, and the federal MoHAP, and the data sovereignty rules are evolving fast. What's the realistic 12-month commercial outcome from the UAE play, a pilot, a procurement, or just brand-building?

Your notes for Q2

Q3 · Competitive / future-state

Patient-advocacy platforms historically struggle with the business model, patients won't pay, hospitals don't want to fund their patients getting smarter, insurers see liability. Where does Nabu's revenue actually land in 24 months, is it B2B2C through providers, a government-funded model, or something I haven't seen yet?

Your notes for Q3

Status:

General notes

Follow-up actions

Updoc

Tier 1

Australia · founded ~2019

24/7 telehealth, 1M+ users.

DHF26: Eclipse, Wed 14:30, 'How is telehealth making a difference?' (Dr Zoe Case, solo)

Primary Cloudflare hook: Consumer-facing app + bot/abuse + payments

Q1 · Strategic provocation

You've crossed a million Australian users on a 24/7 bulk-billable model. The economics of telehealth at that scale, with Medicare reimbursement plus subscription revenue, depend on the cost-per-consult dropping faster than acquisition cost climbs. Where's the engineering org actually focused right now: reducing per-consult cost, or growing throughput?

Your notes for Q1

Q2 · Architectural trade-off

Your partner doctors are AHPRA-credentialed and rotating constantly. From an access-control standpoint, onboarding and offboarding a thousand clinicians a year is a non-trivial identity problem. Have you built that in-house or are you riding on top of something like Auth0/Okta, and where's it creaking?

Your notes for Q2

Q3 · Competitive / future-state

Bulk-billed telehealth is a politically exposed model, the MBS item numbers can shift overnight (we've seen it twice this decade). When the government changes the rules, how much of your codebase has to change with it, and what's the architectural pattern you've adopted to absorb that?

Your notes for Q3

Status:

General notes

Follow-up actions

Duress

Tier 1

Melbourne, AU (+ NZ + UK) · founded 2016

Enterprise staff-safety hardware (Eagle, Falcon, Phoenix) + cloud platform (Pathfinder).

DHF26: Gravity, Thu 12:30, 'Safer care everywhere' (Trav Heaven, Founder/CEO, SOLO)

Primary Cloudflare hook: Hardware-to-cloud media pipeline + Stream + Workers AI

Q1 · Strategic provocation

You started in 2016 protecting domestic violence victims and pivoted into enterprise staff safety. Your customer book covers Coles, McDonald's, Vic Government, Defence, Red Cross, Royal Flying Doctor; broader than healthcare. Why is healthcare your DHF26 pitch this year specifically, and is that a category bet or a tactical move?

Your notes for Q1

Q2 · Architectural trade-off

Hardware-platform companies almost universally underestimate the network and media layer until something breaks at scale. You're streaming live video, audio and GPS from Eagle and Falcon devices into a 24/7 monitoring centre, 1.9 million monitoring hours a day. What's the part of that stack that you wish you'd architected differently with hindsight, and is it the device side, the network uplink, or the cloud ingest?

Your notes for Q2

Q3 · Competitive / future-state

SafeSense AI is your prevention play, fall detection and predictive risk before someone has to press the button. The interesting move there is whether the ML inference lives on-device, at the edge, or in the cloud, and that decision drives the next five years of margin. Which way is Duress leaning, and what does that imply for the next hardware generation?

Your notes for Q3

Status:

General notes

Follow-up actions

Eucalyptus

Tier 1

Sydney, AU · founded 2019

Multi-brand DTC telehealth (Pilot, Kin, Juniper, Software) across AU/UK/DE/JP.

DHF26: Eclipse, Thu 13:30, 'Patient led telehealth standards' (Lyndon Goddard, panel)

Primary Cloudflare hook: DTC traffic + bot management + regulated PHI

Q1 · Strategic provocation

Juniper went from Australia to UK, Germany and Japan in roughly three years. Of those expansions, which geography broke your tech stack first, and what would you tell another DTC health founder to budget for that they're going to underestimate?

Your notes for Q1

Q2 · Architectural trade-off

Each of Pilot, Kin, Juniper and Software runs as a separate brand but presumably shares infrastructure underneath. How much of the engineering org is platform versus per-brand, and where do you draw the line on 'this is shared' versus 'this is brand-owned'?

Your notes for Q2

Q3 · Competitive / future-state

Compounded GLP-1 was a defining moment for Juniper, same product category, regulatory cliff, you adapted fast. When you scenario-plan now, what's the next regulatory or policy event you're preparing for that could land like compounding did, and how does the tech stack help versus hurt that pivot?

Your notes for Q3

Status:

General notes

Follow-up actions

Heidi Health

Tier 1

Melbourne, AU · founded 2019

AI medical scribe, global (AU/NZ/US/UK/Canada).

DHF26: Galaxy, Wed 09:30, 'Why clinical AI is nothing without clinicians' (Ben Condon, Clinical Director). Also Emerald Sponsor with booth presence.

Primary Cloudflare hook: AI workloads + multi-region data residency

Q1 · Strategic provocation

Heidi's gone from a Melbourne scribe to NHS, US and Canadian deployments inside three years. Of those geographies, which one's regulatory regime cost you the most engineering time to satisfy, and where did you almost decide it wasn't worth the candle?

Your notes for Q1

Q2 · Architectural trade-off

Once Anthropic ships their next-generation model and the underlying scribing quality becomes commoditised across providers, your moat is the workflow, the templates, the EMR integrations, the clinician trust. How much of your inference cost goes to the model versus everything you've layered around it, and have you sketched what 'bring your own model' looks like in two years?

Your notes for Q2

Q3 · Competitive / future-state

Best Practice already integrate with Lyrebird as their exclusive AI scribe partner. When the EMR vendors ship their own first-party scribes (Cerner, Epic, Genie eventually), what does Heidi look like, a vertical app, a horizontal platform, or something else?

Your notes for Q3

Status:

General notes

Follow-up actions

Hola Health

Tier 1

Perth, AU · founded 2022

24/7 bulk-billed telehealth, 2M+ consults.

DHF26: (no confirmed session. Gold Sponsor, walk the floor)

Primary Cloudflare hook: DTC + payments + onshore data + partner integrations

Q1 · Strategic provocation

Hola partnered with Bupa, HealthEngine, HotDoc, TerryWhite, MedAdvisor and now Uber Eats and DoorDash for medication delivery. Each partner is a B2B integration with its own security review. Where in that partner pipeline do you lose the most engineering weeks, and is it the API contract, the procurement security questionnaire, or something else entirely?

Your notes for Q1

Q2 · Architectural trade-off

Updoc and Hola are pursuing similar markets with different sponsors and different positioning. Where do you actually differentiate in the tech stack, is it the consult queueing, the partner integration breadth, the pharmacy fulfilment side, and where do you think the market consolidates?

Your notes for Q2

Q3 · Competitive / future-state

You launched out of Perth and operate nationally across all states and territories with bulk-billing windows. Cricket Australia is a brand partnership but Western Australia is your home base. When you think about geographic expansion beyond Australia, which market is realistic in the next 24 months and what does the data-residency story look like there?

Your notes for Q3

Status:

General notes

Follow-up actions

RosterLab

Tier 1

Auckland, NZ · founded 2022

AI workforce rostering for healthcare, NZ-born global.

DHF26: (no session. NZ Pavilion Stand #806 with NZTE)

Primary Cloudflare hook: NZ digital native + AI optimisation + multi-country

Q1 · Strategic provocation

RosterLab spun out of Isaac's PhD on rostering optimisation at Auckland Uni. You're now running that optimisation engine for hundreds of healthcare orgs across multiple countries. As you've scaled, has the optimisation algorithm itself stayed roughly the same, or have you ended up rewriting the core math to handle real-world messiness (last-minute swaps, fatigue rules, fairness constraints)?

Your notes for Q1

Q2 · Architectural trade-off

Healthcare rostering is a category with serious incumbents in Australia: Allocate (now RLDatix), Kronos, ShiftMatch. You're winning on UX and optimisation quality, but the procurement game in big hospitals is brutal. What's the wedge that gets you past the 'we already have a roster system' objection, is it a specific clinical group, or a specific pain like junior doctor compliance?

Your notes for Q2

Q3 · Competitive / future-state

Sunny Feng leads product/marketing, you've got Movac and Pacific Channel backing you, and you're at the NZ Pavilion with NZTE. NZ healthtechs almost always have to choose: stay AU-NZ focused and own the region, or jump to US/UK and compete with much better-funded incumbents. Which path is RosterLab on, and what's the trigger that makes you commit?

Your notes for Q3

Status:

General notes

Follow-up actions

Personify Care

Tier 1

Adelaide, AU · founded 2014

Digital patient pathways, 90+ hospitals across AU/NZ/Canada.

DHF26: (no session. Gold Sponsor, walk the floor, CEO Ken Saman)

Primary Cloudflare hook: Mature SaaS + regulated public-hospital deployments + FHIR APIs

Q1 · Strategic provocation

You're in 90+ health services with 16 million patient interactions, across AU/NZ/Canada. Public hospital procurement is famously slow. What's the unlock you've found, is it a specific clinical workflow (perioperative seems to be the wedge), or a particular procurement framework that lets you move faster than your competitors?

Your notes for Q1

Q2 · Architectural trade-off

Personify Care competes with the patient-engagement modules built into Cerner/Epic/Orion. Your pitch has to be that you're better than the EMR-native option. As Epic continues to extend MyChart and Orion ships more patient-facing capability, where does Personify defend, and what does the 5-year product roadmap look like?

Your notes for Q2

Q3 · Competitive / future-state

You ship 50+ clinical pathways and SMART care plans. The content side of that is enormous, and arguably your real moat over time, not the platform itself. How much of the engineering org sits on platform versus pathway authoring, and have you considered opening the pathway library to third parties (clinical societies, pharma, NDIS providers)?

Your notes for Q3

Status:

General notes

Follow-up actions

Tier 2. Strong fits

Honeysuckle Health

Tier 2

Newcastle/Sydney, AU · founded 2019

Data-driven health programs + analytics, nib Group JV.

DHF26: Galaxy, Wed 12:00, 'The $7B cost of doing nothing: predictive risk modelling + AI' (Nic Blair, CCSO)

Primary Cloudflare hook: AI workloads + secure data plane + analytics

Q1 · Strategic provocation

Honeysuckle is owned by nib, but the commercial pitch is to insurers nib competes with, plus government, providers and corporates. How do you frame that conversation when a Bupa or Medibank executive asks where their claims data physically sits and what stops nib from seeing it?

Your notes for Q1

Q2 · Architectural trade-off

Predictive risk modelling at scale across 60,000+ insured customers is mostly a feature engineering and model-ops problem, the modelling itself is well-understood. Where's your competitive advantage actually living: in the data assets you can access via nib, in the clinical pathways your team designs, or in the speed at which you can ship a new model into a customer's workflow?

Your notes for Q2

Q3 · Competitive / future-state

Nic, your title is Chief Commercial & Strategy. The strategic question for Honeysuckle is whether you're a health-services business that uses data, or a data business that happens to run health services. Three years from now, where's the centre of gravity, and does that change the kind of tech investment you make today?

Your notes for Q3

Status:

General notes

Follow-up actions

VALD Health

Tier 2

Brisbane, AU · founded 2015

Performance + health measurement platform, 8k+ orgs, 130+ countries.

DHF26: Apollo, Wed 12:00, 'All this data, now what?' (Mark Opar, panel)

Primary Cloudflare hook: Hardware-to-cloud data ingestion + multi-region + R2

Q1 · Strategic provocation

VALD has gone from Brisbane to 8,000+ organisations in 130+ countries. That's the rarest outcome in Australian healthtech, actual global scale. From a stack standpoint, what's the part of your infrastructure that quietly carries the most risk now, and is it something you've architected for or something you've been getting away with?

Your notes for Q1

Q2 · Architectural trade-off

Your DHF26 talk is about turning data into impact. VALD has 20 million+ musculoskeletal data points, that's a serious asset, but realising value from it means either a data product, an AI model that gets sold back to customers, or licensing to pharma/insurers. Which path is actually in motion, and what's the friction?

Your notes for Q2

Q3 · Competitive / future-state

VALD Performance, VALD Health and VALD Tactical are three brands sharing the platform. The interesting strategic question is whether the brand split is necessary forever, or whether the underlying platform consolidates into one product with three sales motions. Where does that go, and what's the technical implication?

Your notes for Q3

Status:

General notes

Follow-up actions

Core Schedule

Tier 2

Wellington, NZ · founded TBC

AI workforce scheduling SaaS, 200+ healthcare orgs.

DHF26: NZ Panel, Wed 13:00, 'Healthcare doesn't fail on strategy' (Dr Stephen Pool, CEO)

Primary Cloudflare hook: NZ digital native + AI scheduling + AWS displacement

Q1 · Strategic provocation

You founded Core Schedule while working in NYC ED, now headquartered Wellington with 200+ orgs across NZ, AU, US. NZTE is backing you. The NZ pavilion at DHF is a strong sign, but the strategic question is whether you double down on NZ/AU and own the region, or jump to US where the procurement game is brutal and the incumbents (Kronos, ShiftMatch, QGenda) are much better funded. Which path is Core Schedule on?

Your notes for Q1

Q2 · Architectural trade-off

You're on AWS, the standard New Zealand healthtech default. The interesting question is whether the AWS bill is becoming visible in board reports yet. Most NZ scale-ups hit that conversation around 200-500 customers when egress and inference start compounding. Where's Core Schedule on that curve?

Your notes for Q2

Q3 · Competitive / future-state

RosterLab is your closest competitor and they're also NZ-born. You both pitch AI optimisation, both target healthcare, both have NZTE behind you. The market isn't big enough for two NZ-born winners in this category. What's the wedge that separates you, and how do you think this plays out, consolidation, geographic split, or a clear winner?

Your notes for Q3

Status:

General notes

Follow-up actions

Odin Health

Tier 2

New Zealand · founded TBC

NZ healthtech, product TBC, qualify at panel.

DHF26: NZ Panel, Wed 13:00, same NZ panel (Phil Xue, Director of Product & Services)

Primary Cloudflare hook: TBC, qualify at panel

Q1 · Strategic provocation

I haven't been able to dig deep into Odin Health's positioning before the event, for the first question, walk me through what Odin actually does in one minute, and who you're competing against in your most-fought-over deal right now.

Your notes for Q1

Q2 · Architectural trade-off

You're on the NZTE NZ panel with Core Schedule, Orion Health and Cubro. Orion is the elder statesman of NZ healthtech, Core is the new optimisation story. Where does Odin Health sit in that mix, adjacent category, complementary capability, or competing with one of them more than the others?

Your notes for Q2

Q3 · Competitive / future-state

NZ healthtech founders almost always face the same fork: stay regional and own NZ/AU, or jump to US/UK with significantly more risk. Where's Odin Health on that decision today, and what's the trigger that forces commitment?

Your notes for Q3

Status:

General notes

Follow-up actions

Hyphen Health

Tier 2

Australia · founded TBC

GP support + telehealth, including sexual health vertical.

DHF26: Galaxy, Wed 16:00, 'Digital sexual health' (Dr Leigh Barlow, CMO, panel)

Primary Cloudflare hook: Sensitive vertical PHI + reputation cost on leak

Q1 · Strategic provocation

Hyphen Health Group runs as a clinical-governance and risk-management backbone for GPs operating in digital health, you're the unglamorous infrastructure underneath the consumer-facing brands. The strategic question is whether you stay invisible and grow with the category, or build your own consumer presence. Where's Leigh's strategic call on that?

Your notes for Q1

Q2 · Architectural trade-off

Sexual health is one of the highest-reputation-cost data classes in the system, a leak ends the company. Your platform supports GPs delivering these consults at scale. From an architecture standpoint, what's the separation model between the clinical record, the platform metadata, and the patient identification, and how do you prove that to a Medical Defence Organisation if asked?

Your notes for Q2

Q3 · Competitive / future-state

Telehealth GP services are politically exposed (MBS item changes, pharmacy-led care debates, scope-of-practice fights). Hyphen sits in the middle of that. How does the business model insulate against the next MBS change, and is there a moat you've built that survives if the government de-funds telehealth bulk-billing tomorrow?

Your notes for Q3

Status:

General notes

Follow-up actions

Foxo

Tier 2

Broadbeach, QLD, AU · founded ~2019

Healthcare comms SaaS (Patient Connect, Provider Connect, MS Teams app).

DHF26: Thu 11:30, 'Women leading change' (Mani Sahihi, CEO/Co-founder, panel)

Primary Cloudflare hook: Real-time messaging + MS Teams + AU+US multi-region

Q1 · Strategic provocation

Foxo's pitched as healthcare communication done right, replacing fax and email and SMS, with partners like Aspen Medical, Gold Coast Health, Personify Care and AGFA, plus your Microsoft Teams integration. The really hard part of communication platforms in healthcare isn't the messaging, it's the directory and identity layer. How have you handled that, and is it actually a strength or a vulnerability if a bigger player decides to compete?

Your notes for Q1

Q2 · Architectural trade-off

You're actively expanding to the US via Aspen Medical (6,000 Origin Energy employees through Aspen US in 2026). The US clinical-communication market is dominated by TigerConnect and Halo Health, both with serious enterprise lock-in. What's the realistic 24-month outcome in the US, a foothold, a stand-alone business, or an acqui-hire signal?

Your notes for Q2

Q3 · Competitive / future-state

Microsoft Teams integration is your differentiator versus pure-play medical messengers. But Microsoft are a strategic partner who could become a competitor with one product decision. How do you think about that dependency, and what's the contingency if Teams ships native healthcare comms tomorrow?

Your notes for Q3

Status:

General notes

Follow-up actions

HealthPass

Tier 2

Sydney, AU · founded ~2018

Modular healthcare workforce compliance + onboarding SaaS.

DHF26: Luna, Thu 14:30, 'Digital credentialing and workforce audits' (Ben Lepke, panel)

Primary Cloudflare hook: API integrations + sensitive PII (AHPRA, criminal history, visa)

Q1 · Strategic provocation

HealthPass is healthcare-adjacent, your real category is workforce compliance for any regulated industry, with healthcare as your wedge. You integrate with JobAdder, Bullhorn, Salesforce, Vincere. As you move horizontally into legal, mining, education, does the healthcare brand help or hurt that expansion, and have you thought about whether HealthPass is the wrong name for where the business is going?

Your notes for Q1

Q2 · Architectural trade-off

AHPRA, criminal history, visa, references, qualifications, you orchestrate API integrations with all of them. Each of those source systems has its own rate limits, downtime patterns and pricing. Where's the operational pain that customers don't see, is it credential check throughput, or something else entirely?

Your notes for Q2

Q3 · Competitive / future-state

Compliance platforms have a quiet weakness: they're sticky to the point of immovable, but customers don't love them, they tolerate them. How does HealthPass move from 'tolerable necessity' to 'commercial advantage' in the customer's mind, and is that a product change or a positioning change?

Your notes for Q3

Status:

General notes

Follow-up actions

PractaLuma

Tier 2

Australia · founded ~2023

AI practice management for psychologists/therapists.

DHF26: Luna, Thu 14:30, 'Digital credentialing' panel (Ridhi A Malhotra)

Primary Cloudflare hook: AI workloads + sensitive mental-health PHI

Q1 · Strategic provocation

Mental-health PHI is the highest-sensitivity data class in Australian healthcare, a leak ends careers and ends practices. AI-generated clinical notes for psychologists is therefore a category where 'good enough' isn't good enough. What's your specific position on TGA medical-device classification, and have you taken legal advice on where the line is between scribe and clinical decision support in mental health?

Your notes for Q1

Q2 · Architectural trade-off

Your competitors include Heidi and Lyrebird playing in mental health as a sub-vertical, plus dedicated mental-health platforms like Halaxy and Power Diary that are adding AI. Where's PractaLuma actually differentiated, is it the mental-health-specific templates (CBT, DBT, EMDR), the Medicare item-number logic, or the workflow around mental-health-care plans?

Your notes for Q2

Q3 · Competitive / future-state

You're shipping AI-generated assessments, automated psychometric scoring and interpretation. Each of those is a regulatory question waiting to happen. What's your roadmap for when AHPRA or the Psychology Board issues guidance specifically on AI in clinical psychology, which they will, and how does that affect your release cadence?

Your notes for Q3

Status:

General notes

Follow-up actions

MediRecords

Tier 2

Sydney, AU · founded 2014

Cloud-native EMR + PMS, FHIR-native, API-first.

DHF26: (no confirmed session. Gold Sponsor)

Primary Cloudflare hook: API-heavy growth + FHIR + regulated workloads

Q1 · Strategic provocation

You're the only genuine cloud-native EMR competing in a market where Best Practice and Medical Director have GP entrenched, and Cerner/Epic own hospitals. The middle, specialist, virtual care, enterprise/government, is where you've made traction. How much of the next 24 months is about deepening that middle versus actually trying to break into either end?

Your notes for Q1

Q2 · Architectural trade-off

FHIR-native is a real architectural choice that pays off in interoperability and procurement but costs you in onboarding velocity (FHIR is more cognitive overhead for integrators than REST). Has the FHIR bet paid off the way you expected, and where in your roadmap are you doubling down versus pulling back?

Your notes for Q2

Q3 · Competitive / future-state

MediRecords Evolve is your AI suite. The interesting question for any EMR is whether the AI lives inside the EMR or outside it. Heidi and Lyrebird are betting outside, you're betting inside. What's the architectural rationale, and what's the customer behaviour that confirms or breaks that bet?

Your notes for Q3

Status:

General notes

Follow-up actions

Visionflex

Tier 2

Sydney, AU · founded 2014

Virtual care platform + integrated medical hardware.

DHF26: (no session. Silver Sponsor, ASX-listed parent)

Primary Cloudflare hook: Streaming video + remote/regional + ISO 27001/13485

Q1 · Strategic provocation

Visionflex sells into the markets most healthtechs ignore, aged care, rural and remote health, indigenous communities, oil and gas, merchant navy, defence, corrections. Each of those has its own procurement reality and its own connectivity constraints. Which of those segments has the cleanest economics today, and which one is the bet for the next three years?

Your notes for Q1

Q2 · Architectural trade-off

You're hardware-plus-software. Vision platform plus integrated cameras, otoscopes, stethoscopes, ultrasound. The hardware side commoditises every year (medical-grade peripherals are cheaper than ever), so the moat has to be the platform and the integrations. Where's the engineering investment actually weighted, and is hardware becoming a margin drag or still a differentiator?

Your notes for Q2

Q3 · Competitive / future-state

Telehealth in rural Australia is a topic the government keeps re-discovering, every five years there's a new funding wave (MBS items, RACF telehealth, ACCHO programs). How much of Visionflex's commercial pipeline is funded by these waves versus enterprise customers paying private dollars, and what's the risk of that funding mix?

Your notes for Q3

Status:

General notes

Follow-up actions

CareMonitor

Tier 2

North Sydney, AU · founded 2016

RPM + Virtual Care + AI workflows, ADHA Innovation Award.

DHF26: (no session. Gold Sponsor, CEO Deepak Biswal)

Primary Cloudflare hook: AI workflows + FHIR APIs + hospital-grade SaaS

Q1 · Strategic provocation

CareMonitor's Get Healthy Service partnership with Diabetes Australia is the kind of large-scale community-program win that's incredibly hard to land. What did you do operationally and technically in that build that you would or wouldn't repeat with the next equivalent customer, and what does the next equivalent customer look like?

Your notes for Q1

Q2 · Architectural trade-off

RPM, Hospital in the Home and chronic disease management are three categories that overlap technically but have very different buyers (acute hospital, community provider, insurer). CareMonitor sells into all of them. Where do you actually win the most, and is the platform genuinely well-suited to all three or are you starting to feel the pull of specialisation?

Your notes for Q2

Q3 · Competitive / future-state

You ship 50+ clinical pathways and an FHIR-native platform. The interesting architectural question is whether pathways are configuration in your platform or whether they're actually code. As pathways become more sophisticated (AI-augmented, conditional logic, multi-disciplinary), the line blurs. What's CareMonitor's bet on how pathways evolve, and what's the implication for who authors them in five years?

Your notes for Q3

Status:

General notes

Follow-up actions

Tier 3. Watch list

Veri Health

Tier 3

Australia · founded 2024

Healthcare media + business intelligence platform.

DHF26: (co-founder Ellie Bakker speaks but not on prospect-fit session)

Primary Cloudflare hook: Modern content platform + small + new

Q1 · Strategic provocation

Veri Health is a healthcare-business-media play, founded 2024 by Belinda and Ellie. Healthcare media in Australia is dominated by Pulse+IT, Talking HealthTech, AusDoc, each with strong incumbency. What's the genuine wedge that lets Veri win an audience inside 12 months in a market where attention is already allocated?

Your notes for Q1

Q2 · Architectural trade-off

Independent healthcare journalism in Australia is structurally hard, the advertisers are the same people you're meant to scrutinise. How does Veri Health handle that tension commercially without becoming sponsored content with a media wrapper?

Your notes for Q2

Q3 · Competitive / future-state

The honest test for Veri at 12 months is whether you're breaking stories nobody else is, or whether you're aggregating a community. Both are valid businesses but they're radically different to operate. Which one is Veri actually, and does that decision change in the next year?

Your notes for Q3

Status:

General notes

Follow-up actions

05Day-by-day playbook

Attendee mode. Your job is to be in the right room at the right time, lead with the right opener, and walk out with 10-15 qualified follow-up conversations. Tick sessions off as you complete them.

Wednesday 20 May

09:30-09:50Galaxy

Why clinical AI is nothing without clinicians

Heidi Health

Ben Condon (Clinical Director, Heidi)

First Heidi session of the day. Ben is Clinical Director, a credible clinical voice on the AI scribe space. Solo Heidi speaker. Get in early and catch him after.

priority: high

Session notes

11:15-11:35Plenary

Building responsibly as the capability of AI expands

Lyrebird Health

Ray Boyapati (CCO), Kai Van Lieshout

Plenary slot = highest visibility. Sit near the front. Catch Ray in the hallway after.

priority: high

Session notes

12:00-12:20Galaxy

The $7B cost of doing nothing: how predictive risk modelling and AI are driving value-based care

Honeysuckle Health

Nic Blair (CCSO)

CCSO = commercial title = best first-contact. Conflicts with VALD session, pick this one.

priority: high

Session notes

12:00-12:30Apollo

All this data, now what? How to turn insights into impact

VALD Health

Mark Opar (panel)

Conflicts with Honeysuckle. Skip live, catch Mark Opar via LinkedIn.

priority: medium

Session notes

12:30-13:00Quest

Austrade: why Australian innovative digital health / medtech should export to the UAE

Nabu AI

Steve Lewis (Founder/CEO)

Government-vetted panel. Network the whole room. Austrade audience is high-value.

priority: high

Session notes

13:00NZ Panel

Healthcare doesn't fail on strategy - it fails in operations: how NZ companies are working to make things better

Core Schedule + Odin Health

Dr Stephen Pool (CEO, Core Schedule), Phil Xue (Odin Health)

Two prospects in one session. NZ Minister Doocey + Orion Health on same panel. Stay for the whole session.

priority: high

Session notes

14:30-14:50Eclipse

How is telehealth making a difference?

Updoc

Dr Zoe Case (Medical Director, solo)

SOLO session = strongest direct access. Get in 10 mins early.

priority: high

Session notes

16:00-16:30Galaxy

Digital sexual health: equity, access and trust in a connected world

Hyphen Health

Dr Leigh Barlow (CMO, panel)

Sensitive vertical = high reputation cost for them = relevant conversation.

priority: medium

Session notes

EveningAfter Dark

DHF After Dark

Buy ticket onsite before 4pm Day 1. Relationship mode, not sales mode. Targets: any speaker you missed during the day, plus Steve Lewis (Nabu AI), Stephen Pool (Core Schedule), Trav Heaven (Duress) for Day 2 warm-ups.

After Dark notes

Thursday 21 May

11:30TBC

Women leading change: co-design, community and health tech

Foxo

Mani Sahihi (CEO/Co-founder, panel)

Panel format. Catch Mani after.

priority: medium

Session notes

12:30-12:50Gravity

Safer care everywhere: protecting staff in hospitals and home care

Duress

Trav Heaven (Founder/CEO, SOLO)

THE highest-priority session of Day 2. Solo founder. Hardware-to-cloud media pipeline = cleanest Cloudflare fit on the list. 10 mins early. Stay after. Warmest lead.

priority: highest

Session notes

13:30-14:15Eclipse

Patient led telehealth standards for Australia: data, perspectives and what comes next

Eucalyptus

Lyndon Goddard (Sr Legal Counsel & Head of Public Policy)

Goddard is policy not technical buyer, but a warm intro path into Euc. Ask for the right engineering contact.

priority: high

Session notes

14:30-15:00Luna

Digital credentialing and workforce audits: from chaos to clarity

HealthPass + PractaLuma

Ben Lepke (HealthPass), Ridhi A Malhotra (PractaLuma)

Two prospects on one panel. Efficient double-up.

priority: high

Session notes

Booths to walk

Prospects without a confirmed speaking session. Walk the floor in any quiet 30-minute window.

Tier 1

Heidi Health

Emerald Sponsor with large booth, AND confirmed Wed 09:30 Galaxy session (Ben Condon). Booth = second touch after the session, or alternative if session is missed.

Booth notes

Tier 1

Hola Health

Gold Sponsor

Booth notes

Tier 1

RosterLab

NZ Pavilion Stand #806, with NZTE delegation

Booth notes

Tier 1

Personify Care

Gold Sponsor

Booth notes

Tier 2

MediRecords

Gold Sponsor

Booth notes

Tier 2

Visionflex

Silver Sponsor

Booth notes

Tier 2

CareMonitor

Gold Sponsor

Booth notes

06Vendor displacement cheat sheet

When a prospect names their current vendor, this is the line to take. Memorise the top 6, they cover 80% of conversations.

They use	You say	When it shows up
AWS CloudFront	R2 for object storage (zero egress fees), Workers at the edge, Stream for video. Run a back-of-envelope egress calc with them.	Streaming, large object delivery, image transformations
AWS WAF	Cloudflare WAF is rule-for-rule competitive, often better on managed rules, dramatically simpler ops. Bot Management is the differentiator AWS doesn't have at parity.	Any DTC consumer app, sign-up funnels, abuse
AWS Lambda	Workers is roughly 1/3 the cold-start time, 1/2 the cost at scale, no region pinning headaches.	Edge compute, API endpoints, serverless
Akamai / Imperva	Akamai's the legacy CDN that priced themselves out. Imperva is being squeezed at both ends. Cloudflare has a 10-year cleaner runway on both.	Enterprise customers who inherited these
OpenAI / Anthropic direct	AI Gateway in front. Adds caching, rate limits, prompt logging, PII redaction, multi-provider fallback. No code change beyond a base URL swap.	Any AI-first product
Auth0 / Okta	Cloudflare Access sits at the network layer rather than the app layer. Different problem, often a complement not a replacement, but for internal-tool access specifically, Access displaces a lot of Okta SKUs.	Distributed workforce, contractor access, internal app gates
Zscaler / Netskope	Cloudflare One (Gateway + Access + Warp + Magic WAN) is a credible SASE displacement, especially for smaller orgs where Zscaler is overkill.	Replacing the VPN tangle, securing distributed clinicians
Sendgrid / Twilio (for transactional)	Not our wheelhouse. But Workers + their existing provider = full programmability without changing the email/SMS vendor.	When patient comms flows are mentioned
Cloudinary	Cloudflare Images is roughly 1/3 the price for the same job at typical healthtech volume.	Patient-facing apps with photo uploads (skin, dental, derm)
Mux / Cloudflare Stream competitors	Cloudflare Stream is priced for storage + delivery flat, no per-minute-watched madness.	Telehealth video, training content, recorded consults
Pure AWS S3	R2 is S3-API-compatible, half the storage cost, ZERO egress fees. If they have meaningful outbound traffic, the math sells itself.	Any large dataset, model weights, evidence storage
Datadog / New Relic for app observability	Cloudflare's not the answer for application observability, but for network/edge/AI Gateway observability, Logpush + Workers Analytics Engine is real.	When they bring up cost on Datadog (they will)

08Post-event 48-hour playbook

The conference is the easy bit. The 48 hours after decide whether any of this matters.

Friday 22 May, morning

LinkedIn connect with every qualified contact. Personalised reference to the session or hallway chat.
For each prospect you spoke to: journal entry into customer-memory/{slug}/journal.md.
Promote any prospect that moved beyond first-touch into a full /account-review.
Use the Export notes button (bottom-right) to dump everything you typed here as markdown, paste into the relevant customer-memory journals.

Friday 22 May, afternoon

Personalised follow-up email to top 5 leads. NOT generic "thanks for chatting". Reference the specific pain they named. Attach one concrete resource (customer story, doc, calendar link).
Queue a Trello card for each next action via /trello-card.

Monday 25 May

Sweep the DHF Targets sheet, move each row from Met → Followed Up or Disqualified.
Tier 1 prospects who haven't replied get a second touch.
Anything that smells like a real opportunity gets /opportunity-review.

07Cloudflare crash course

Reference material. The 12 primitives you need fluent enough to answer "what does that actually do?" without reaching for marketing copy. Read it once now. Skim during quiet sessions. Look up specifics during dinner.

Primitive

Workers

Serverless code that runs at the edge in ~330 cities, milliseconds from the user.

What It Actually Is: V8 isolates (not containers, not VMs), cold start in single-digit milliseconds. JavaScript, TypeScript, Rust, Python (experimental). Pay-per-request, no idle cost.
Vs Alternatives: Lambda has cold-start pain (100ms+ even with provisioned concurrency) and region pinning. CloudFront Functions is anaemic. Vercel/Netlify Edge is a Workers wrapper underneath.
When It Shows Up: Any time someone says 'we need this to be fast globally', 'we want to do auth/rate-limiting/personalisation at the edge', 'our Lambda bill is climbing'. Workers also underpins AI Gateway, Access, Pages, R2's edge layer.
Telltale: If they're on Lambda + CloudFront + API Gateway today, that's three line items Workers collapses into one.

Primitive

AI Gateway

A reverse proxy for AI providers (OpenAI, Anthropic, Bedrock, etc.) that adds caching, rate limits, logging, PII redaction, fallback routing.

What It Actually Is: Drop-in: change the base URL from api.openai.com to your gateway endpoint, no SDK change. Everything else (provider auth, request payload) stays the same.
What It Solves: (1) AI cost, caching identical prompts saves real money. (2) Per-tenant rate limits, stops one customer eating your quota. (3) Prompt logging, first time you have an audit trail for clinical AI. (4) PII redaction, strip PHI before it leaves your perimeter. (5) Multi-provider fallback, if OpenAI's down, route to Anthropic.
When It Shows Up: Any AI-first prospect (Heidi, Lyrebird, Nabu, PractaLuma, CareMonitor, RosterLab). Especially when they're worried about cost trajectory or about TGA/regulatory audit-trail.
Telltale: If they say 'we call OpenAI directly' or 'we're worried about prompt injection on patient data', this is the answer.

Primitive

Workers AI

Run open-source models (Llama, Mistral, Stable Diffusion, Whisper, BGE embeddings) on Cloudflare's GPU fleet.

What It Actually Is: Hosted inference for 30+ open-source models. Pay-per-inference, no GPU management. Models live near the user (edge inference).
Vs Alternatives: Self-hosted on AWS = manage GPUs, autoscaling, model serving. Bedrock/Vertex = locked to one cloud. Replicate/Together = good but not edge-deployed.
When It Shows Up: When prospect wants to (a) stop paying OpenAI retail prices for tasks open-source can do (embeddings, classification, transcription), (b) keep inference on AU soil, (c) get latency below what hosted providers can deliver.
Telltale: They say 'we use OpenAI for embeddings' = they're paying 100x more than they need to. Workers AI BGE embeddings are fractions of a cent per call.

Primitive

R2

Object storage with S3-compatible API and ZERO egress fees.

What It Actually Is: Cloudflare's S3. Same SDK, same multipart upload, same lifecycle policies. But you don't pay to read your data out.
The Economics: S3 is ~$0.023/GB stored, ~$0.09/GB egress. R2 is ~$0.015/GB stored, $0 egress. If you have 100TB stored and 50TB/month egress, R2 saves you ~$4,500/month vs S3. Healthtechs with lots of imaging, video, or model weights = this math sells itself.
Au Residency: R2 has Australian buckets. Data physically stays in AU. Procurement loves this.
When It Shows Up: Anyone storing video (Visionflex, Duress, Foxo, Updoc), medical imaging (CareMonitor, MediRecords), model artifacts (Heidi, Lyrebird), evidence/audit logs.
Telltale: 'Our S3 egress bill is what now?', yes, that's the conversation.

Primitive

Zero Trust (Access + Gateway + WARP)

Replace the VPN + Okta sprawl. Identity-based access to any app, anywhere, with audit logs.

The Three Components: (1) Access, sits in front of any internal app, requires SSO + policies before letting users in. Replaces VPN-tunnelled apps. (2) Gateway, outbound web filtering + DNS filtering for your workforce (replaces Zscaler-style web gateways). (3) WARP, the device client that ties it together.
The Pitch: VPN is dead. Okta is expensive and only covers app-layer SSO. Cloudflare One covers the network layer, your contractor opens their laptop, hits an internal tool, Access checks their identity + posture + device + IP + time-of-day, audit log written. No tunnel.
When It Shows Up: Workforce-centric prospects (RosterLab, Core Schedule, HealthPass, Duress, Personify Care, CareMonitor, Hyphen Health). Especially when AHPRA-credentialed clinician access is the problem.
Telltale: 'Our contractor offboarding is a nightmare' or 'we have a different VPN for each customer', that's Access.

Primitive

API Shield

Discovery + schema validation + abuse protection for your APIs, with a healthcare-shaped FHIR story.

What It Actually Is: Watches your traffic, builds a schema of every endpoint, every method, every payload shape. Then enforces it, anything off-spec gets blocked. Plus mTLS for partner integrations, JWT validation, sequence-mitigation for credential-stuffing.
The Fhir Angle: FHIR-native platforms (MediRecords, CareMonitor, Foxo, Personify Care) live or die on API quality. API Shield is one of the few security products that genuinely understands API shapes rather than just looking at HTTP requests.
When It Shows Up: Any partner-integration-heavy prospect. Hola Health, HealthPass, Foxo, MediRecords, Personify Care, VALD.
Telltale: 'We have N partner integrations and onboarding security review takes weeks', API Shield doesn't fix the review, but it lets them confidently answer the questions in the review.

Primitive

WAF + Bot Management + Turnstile

Consumer-app protection. Block the OWASP top 10, separate bots from humans, replace CAPTCHA.

The Three Parts: (1) WAF, managed rules, custom rules, real-time updates from Cloudflare's network intelligence. (2) Bot Management. ML-driven bot detection, scores every request 1-99 for bot likelihood, integrates with your app logic. (3) Turnstile, invisible CAPTCHA replacement, no Google reCAPTCHA, no user friction.
When It Shows Up: Every DTC consumer prospect: Eucalyptus (across Pilot/Kin/Juniper/Software), Updoc, Hola, Foxo, Hyphen, Visionflex. Sign-up flows are the highest-value target.
Telltale: 'Our ad spend is being eaten by bot sign-ups' or 'we use reCAPTCHA and users hate it' = both Turnstile-shaped.

Primitive

Stream + Images

Two specialist products for media-heavy products. Stream for video, Images for transformation/delivery.

Stream: Video upload, transcode, deliver (HLS/DASH), live streaming, recordings. Pricing is per minute stored + per minute delivered. No per-minute-watched gouging like Mux historically does.
Images: Upload once, deliver in any size/format/quality. Resize/crop/format on-the-fly via URL. Replaces Cloudinary in most healthtech cases.
When It Shows Up: Telehealth video (Updoc, Hola, Hyphen, Visionflex), training/educational content (Medcast-style, they're excluded but the pattern applies), patient-uploaded imaging (CareMonitor, Personify Care).
Telltale: 'We use Cloudinary' or 'our Mux bill went insane' = direct conversion.

Primitive

Durable Objects + D1 + KV + Queues + Hyperdrive

Cloudflare's stateful primitives. Each solves a different stateful problem.

Durable Objects: Single-tenant stateful workers. Best for: chat rooms, multiplayer state, per-user counters, anything where 'exactly one instance globally owns this state' matters. Increasingly used as the backbone for agentic AI workflows.
D1: SQLite at the edge. Replicated SQL DB, sub-millisecond reads in the Cloudflare network. Good for: app metadata, customer config, small-to-medium relational workloads. Not a Postgres replacement at scale.
Kv: Key-value, eventually-consistent, globally replicated. Good for: feature flags, session data, config, anything where 'mostly read, occasionally write, eventually consistent' is fine.
Queues: Pub/sub + queue. Good for: async work between Workers, fan-out patterns, batching writes.
Hyperdrive: Connection pooling + caching for Postgres / MySQL behind your Workers. Lets a Worker (which would normally die trying to maintain a database connection) act like a long-lived app server in front of an RDS / Aurora / Neon database.
When It Shows Up: Less likely to come up cold. But if a prospect's deep in their architecture and saying 'we want serverless but our database makes it impossible', Hyperdrive is the answer.

Primitive

Magic Transit + Magic WAN

Enterprise networking. Layer 3 DDoS protection and SD-WAN replacement.

What They Are: Magic Transit absorbs the entire internet pipe to your data centre (BGP advertise our IPs, traffic comes to us first, scrubbed, then sent on to you). Magic WAN connects offices/datacentres/clouds with Cloudflare in the middle, replacing MPLS or traditional SD-WAN.
When It Shows Up: Mostly when prospect has on-premise infrastructure or a data centre or multi-cloud footprint. Less common for digital natives, but Duress, Visionflex (hardware in clinics), some VALD enterprise deployments might surface this.
Telltale: 'We have a data centre' or 'we got DDoSed last week' = Magic Transit conversation.

Primitive

Radar + Logpush + Analytics Engine

Observability and intelligence. Radar is public, Logpush + Analytics Engine are yours.

Radar: Free public dashboard of internet trends. Use it as an attendance trick, 'have you seen Cloudflare Radar? Look up your domain.' Founders love it.
Logpush: Stream every Cloudflare request log to your destination (S3/R2, Datadog, Splunk, etc.). Critical for SOC2/HIPAA audit-trail requirements.
Analytics Engine: Time-series database for custom telemetry from Workers. Great when you want to ship custom metrics without paying Datadog.
When It Shows Up: Anytime audit-trail or observability comes up. Lyrebird's responsibility theme, Honeysuckle's data plane question, anyone needing SOC2 or ISO 27001 evidence.

Primitive

DNS + DDoS + Turnstile (the free-by-default stuff)

Underestimated, but the doors that open every other conversation.

Dns: Authoritative DNS, fastest in the industry per DNSPerf, free. Most healthtechs are on Route 53 or Google Cloud DNS and didn't think twice. Migration is 30 minutes.
Ddos: Unmetered DDoS protection on every Cloudflare plan, including free. The Stryker / VicHealth / public-hospital procurement teams ask for DDoS evidence. Cloudflare is the answer.
Turnstile: CAPTCHA replacement, free up to 1M sigchecks/month. Replaces Google reCAPTCHA's user-experience pain.
When It Shows Up: Always. These are the 'try Cloudflare for free, then upgrade' wedge into accounts that don't think they need security infrastructure yet.

Generated 2026-05-19 · Cloudflare DHF26 Field Guide · Notes persist in browser localStorage on this device only