Privacy Policy

We collect information that you provide directly to us, including when you create an account, request a demo, use our services, or contact us. This may include: - Personal identification information (name, email address, phone number) - Professional information (clinic name, role, specialty) - Clinical audio recordings and transcriptions (processed with your consent) - Usage data and system interaction logs - Device and browser information We collect this information only as necessary to provide and improve our services.

We use the information we collect to: - Provide, maintain, and improve our clinical documentation services - Process and transcribe clinical audio recordings - Generate AI-drafted clinical notes for clinician review - Respond to your inquiries and provide customer support - Send service-related communications - Monitor and analyse usage patterns to improve the product - Comply with legal obligations We do not use patient health information for marketing purposes, AI model training on identifiable data, or any purpose beyond the provision of our documentation services.

We implement industry-standard security measures to protect your information: - All data is encrypted in transit using TLS 1.3 - All data is encrypted at rest using AES-256 encryption - Production clinical data is stored in Supabase on AWS Australia (Sydney, ap-southeast-2) - Supabase states its hosted platform is SOC 2 Type 2 compliant - Access controls and role-based permissions limit data access to authorised personnel - Regular security audits and vulnerability assessments - Secure data centres with physical and logical access controls - Incident response procedures for security events While we implement robust security measures, no method of transmission or storage is 100% secure. We continuously work to improve our security posture.

Patient health information processed through our system receives the highest level of protection: - Audio recordings can be configured for automatic deletion after transcription - All AI-generated outputs require clinician review and approval before being saved - Complete audit trails are maintained for all data access and modifications - We process health information in accordance with the Australian Privacy Principles - Australian production data residency is maintained through Supabase-hosted infrastructure on AWS Australia - We do not share patient health information with third parties without explicit authorisation Clinics are responsible for obtaining appropriate patient consent before using our recording and transcription services.

We may share information with third parties only in the following circumstances: - Service providers who assist us in operating our platform (subject to confidentiality agreements) - When required by law, regulation, or legal process - To protect the rights, safety, or property of our users or the public - With your explicit consent We do not sell personal information or patient health information to third parties. Any service providers we engage are contractually required to maintain the confidentiality and security of the information they process.

Under Australian privacy law, you have the right to: - Access the personal information we hold about you - Request correction of inaccurate or incomplete information - Request deletion of your personal information (subject to legal retention requirements) - Withdraw consent for data processing - Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) To exercise any of these rights, contact our privacy officer at the details below.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Clinical documentation and audit logs may be retained for periods required by healthcare regulations and clinical governance standards. When data is no longer required, it is securely deleted or de-identified in accordance with our data retention policy.

Our marketing website uses strictly necessary first-party cookies to remember your cookie preferences and keep the website functioning as expected. With your consent, we may also enable privacy-conscious website analytics to understand which pages and waitlist flows are useful. Analytics is optional and is not enabled until you accept it through the cookie banner or cookie preferences control. You can change your choice using the Cookie preferences link in the website footer. You can also clear cookies in your browser settings.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or our data practices, please contact us: Email: [email protected] Location: Sydney, Australia For privacy-specific inquiries, please include "Privacy" in the subject line.