Privacy Policy

Last updated: December 28, 2025

1. Introduction

Caregenie Pty Ltd ("caregenie," "Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare practice management platform and related services (the "Service").

As a healthcare technology provider, we understand the sensitive nature of the information entrusted to us. We maintain strict compliance with applicable privacy laws, including the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and where applicable, the Health Insurance Portability and Accountability Act (HIPAA) for US-based clients.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, phone number, professional credentials, practice details, and billing information
  • Patient Data: Patient records, medical histories, appointment schedules, clinical notes, and other healthcare information you enter into the Service
  • Communications: Messages, support requests, and feedback you send to us
  • Uploaded Content: Documents, images, and other files you upload to the Service

2.2 Automatically Collected Information

When you access the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Usage Data: Pages visited, features used, actions taken, time spent, and navigation patterns
  • Log Data: IP addresses, access times, error logs, and referring URLs
  • Location Data: General geographic location based on IP address (not precise location)

2.3 Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to maintain session state, remember preferences, analyze usage patterns, and improve the Service. You can control cookie settings through your browser, though some features may not function properly if cookies are disabled.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Providing the Service

  • Operate, maintain, and improve the platform
  • Process transactions and send billing notifications
  • Provide customer support and respond to inquiries
  • Enable telehealth consultations and video features
  • Power AI features including Practice Memory™ and intelligent scheduling

3.2 Communications

  • Send important service announcements and updates
  • Deliver appointment reminders and notifications (with your consent)
  • Respond to your requests and support tickets
  • Send marketing communications (you can opt out at any time)

3.3 Analytics and Improvement

  • Analyze usage patterns to improve functionality
  • Develop new features and services
  • Conduct research and generate aggregated, de-identified insights
  • Monitor and prevent security threats

3.4 Legal and Safety

  • Comply with legal obligations and requests from authorities
  • Enforce our Terms and Conditions
  • Protect the rights, safety, and property of users and the public
  • Detect and prevent fraud or unauthorized access

4. Protected Health Information (PHI)

Special Protections for Healthcare Data: Patient health information you store in the Service receives enhanced protections under applicable healthcare privacy laws.

For healthcare practices subject to HIPAA:

  • We act as a Business Associate under HIPAA regulations
  • We execute a Business Associate Agreement (BAA) before PHI is stored
  • We implement required administrative, physical, and technical safeguards
  • We limit access to PHI to authorized personnel only
  • We maintain audit logs of PHI access and modifications

We never sell, rent, or lease patient health information to third parties. PHI is used solely to provide the Service as directed by you.

5. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We engage trusted third-party vendors who assist in operating our Service, including:

  • Cloud infrastructure providers (data hosting and storage)
  • Payment processors (billing and transaction processing)
  • Communication services (email, SMS, video conferencing)
  • Analytics providers (usage analysis and optimization)

All service providers are bound by contractual obligations to protect your data and may only use it for specified purposes.

5.2 Legal Requirements

We may disclose information if required by law or in good faith belief that such action is necessary to:

  • Comply with legal process, court orders, or government requests
  • Protect and defend our legal rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

6. Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Multi-factor authentication support
  • Regular security assessments and penetration testing
  • Automated threat detection and monitoring

Administrative Safeguards

  • Employee security training and background checks
  • Role-based access controls and least privilege principles
  • Incident response procedures
  • Regular security policy reviews

Physical Safeguards

  • SOC 2 Type II certified data centers
  • 24/7 physical security and access controls
  • Geographic redundancy and disaster recovery

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying you if a breach affecting your data occurs.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (including healthcare record retention requirements)
  • Resolve disputes and enforce agreements
  • Support legitimate business purposes

Healthcare Records: Patient health information is retained in accordance with applicable medical record retention laws, which may require retention for 7 years or longer depending on jurisdiction.

When data is no longer needed, we securely delete or anonymize it using industry-standard methods.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

You can request a copy of your personal information in a structured, commonly used format. Account data can be exported directly from your dashboard.

8.2 Correction

You can update or correct inaccurate personal information through your account settings or by contacting us.

8.3 Deletion

You can request deletion of your personal information, subject to legal retention requirements. Note that some data may need to be retained for compliance purposes.

8.4 Opt-Out Rights

  • Marketing: Unsubscribe from promotional emails via the link in any message
  • Cookies: Manage preferences through your browser settings
  • Analytics: Contact us to opt out of certain analytics processing

8.5 Complaints

If you believe we have not handled your information appropriately, you may lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection for international transfers through:

  • Standard contractual clauses approved by relevant authorities
  • Binding corporate rules where applicable
  • Compliance with cross-border data transfer mechanisms
  • Selection of service providers with appropriate certifications

Primary data storage is in Australia, with redundant backups in secure, compliant facilities.

10. Children's Privacy

The Service is designed for healthcare professionals and is not intended for direct use by individuals under 18 years of age. We do not knowingly collect personal information from children.

If patient records include information about minors, such data is managed by healthcare professionals in accordance with applicable laws and professional standards.

11. AI and Automated Processing

Our Service uses artificial intelligence and machine learning to provide features such as:

  • Practice Memory™ intelligent document search
  • AI-powered receptionist and scheduling
  • Automated transcription and documentation
  • Analytics and practice insights

Important: AI-generated content is for informational purposes only. All clinical decisions must be made by qualified healthcare professionals. We do not make automated decisions that significantly affect individuals without human oversight.

We do not use your patient data to train general AI models. Any AI processing is specific to providing the Service to you.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

Notification of Changes: Material changes will be communicated via email or prominent notice on the Service at least 30 days before taking effect. The "Last updated" date at the top of this policy indicates when it was most recently revised.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Caregenie Pty Ltd

Privacy Officer

Email: [email protected]

General Inquiries: [email protected]

Website: caregenie.io/contact

We will respond to your inquiry within 30 days.

Related Documents

  • Terms & Conditions
  • Business Associate Agreement (available upon request for HIPAA-covered entities)
Back to Home