Legal

Privacy Policy

Last updated: 5 March 2025

1. Who we are

ClinicComply (ABN 95 577 920 947) is an Australian-owned and operated healthcare compliance platform. We help GP clinics, dental practices, allied health centres, and managed service providers manage their regulatory obligations. In this policy, “we”, “us”, and “our” refer to ClinicComply.

2. What information we collect

Account information

When you sign up, we collect your name, email address, and the details of your practice (name, address, type). If you subscribe to a paid plan, payment is processed by Stripe — we do not store credit card numbers on our servers.

Compliance data

Information you enter while using the platform, including checklist responses, documents you upload, vendor details, and team member profiles. This data belongs to you.

Usage analytics

We use privacy-focused analytics to understand how the platform is used. This includes page views, feature usage, and general device and browser information. We do not use this data to build advertising profiles.

Cookies

We use essential cookies to keep you signed in and remember your preferences (such as your selected practice). Our analytics tools may set additional cookies. We do not use advertising or third-party tracking cookies.

3. How we use your information

  • To provide, maintain, and improve the ClinicComply platform
  • To authenticate your account and enforce access controls
  • To send transactional emails (invitations, notifications, billing receipts)
  • To monitor platform performance and fix issues
  • To comply with our legal obligations, including the Australian Privacy Act 1988

We do not sell, rent, or trade your personal information. We do not run advertisements. We do not use your compliance data to train machine learning models.

4. Where your data is stored

All compliance data, documents, and database records are stored in Australia (Sydney, ap-southeast-2). Our hosting infrastructure delivers the application globally for performance, but your stored data remains in Australian data centres. Transactional emails are sent via a third-party email delivery service, which may process email metadata (recipient address, delivery status) outside Australia.

5. Who we share data with

We only share your data with third-party service providers who are necessary to operate the platform:

  • Infrastructure providers — hosting, database, and file storage services that hold your data in Australian data centres
  • Payment processor — handles subscription billing securely; we do not see or store your full card details
  • Email delivery service — sends transactional emails such as invitations and notifications on our behalf

We do not share your data with advertisers, data brokers, or any other third parties. We may disclose information if required by Australian law or a valid court order.

6. Data retention

Your compliance data is retained for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow you to reactivate or export it. After that period, all data associated with your account is permanently deleted from our systems, including uploaded documents and backups.

7. Your rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your data at any time via the Data Export feature in your account settings
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy

To exercise any of these rights, contact us at support@cliniccomply.com.au.

8. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security to isolate tenant data, and role-based access controls. We regularly review our security practices. If you discover a vulnerability, please contact us at support@cliniccomply.com.au.

9. Children

ClinicComply is a business platform for healthcare professionals. We do not knowingly collect information from anyone under 18. If we become aware that a child has provided us with personal information, we will delete it.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you via email or an in-app notification. The “last updated” date at the top of this page reflects the most recent revision.

11. Contact

If you have questions about this privacy policy or how we handle your data, contact us at support@cliniccomply.com.au.