Your privacy at HerDoc

1. What we collect

• Identity & contact: Name, date of birth, sex/gender, email, mobile, postal address, account/login identifiers.
• Government & healthcare identifiers: Medicare number and IRN, IHI and related HI-service identifiers; for clinicians: AHPRA number, HPI-I, PRODA identifiers, practice details, HPIO where relevant. We use internal patient IDs for your account and do not adopt Medicare numbers as account identifiers.
• Health & clinical information (sensitive): Presenting issues, history, diagnoses, treatment plans, prescriptions, consult notes, pathology/imaging summaries, uploaded documents/photos (where provided).
• Financial & admin: Payment details handled via our processor (we do not store full card numbers), billing history, Medicare/DVA/private claims data, concession/healthcare card details (if provided).
• Usage, device & log data: IP address, device type, browser/OS, session IDs, auth tokens, security logs, clickstream, booking history, time-on-page, error logs.
• Analytics, cookies & tracking: Pseudonymous analytics IDs, page views, referral source, coarse location, event tracking; cookies/local storage to remember login and preferences.
• AI and automation logs: Text from forms/feedback/non-clinical queries; log data from AI assist features; de-identified or aggregated clinical data for internal QA and product improvement.

2. Why we collect and use information

We collect, use, and disclose personal information where it is reasonably necessary for our functions and activities as a health service provider, with your consent where required, or as authorised or required by law.

• Provide telehealth care: Identity verification, account creation, bookings, consults, documentation, prescriptions/referrals, care coordination.
• Operate and secure the platform: Authentication, fraud/abuse detection, performance monitoring, backups, incident response.
• Compliance and legal: Healthcare identifier checks, statutory validations, Medicare claiming, record retention, accreditation and regulatory obligations, and disclosures for serious threats to life/health where required.
• Analytics, quality improvement & product development: Usage analysis, A/B tests, UX/performance improvements, de-identified aggregated reporting.
• Communications and direct marketing: Appointment reminders, follow-ups, service announcements. We only use health information for direct marketing about our own services with your explicit consent, and every marketing message includes a simple opt-out/unsubscribe. We do not use government identifiers (such as Medicare or IHI numbers) for marketing.
• Where we don’t use it: We do not sell personal information, do not share identifiable health information with advertisers or data brokers, and do not use identifiable clinical data to train public AI models.

3. How we collect information

• Directly from you: Signup, bookings, consults, forms, messages, uploads, and when you use our apps/sites.
• From clinicians or care team: Information entered by treating clinicians or authorised support staff.
• From third parties where permitted: Medicare/HI services, pharmacies, laboratories, specialists, or other providers involved in your care, with consent or as allowed by law.
• Automatic collection: Technical/usage data via logs, cookies, analytics tags, and security tooling.

4. Analytics, cookies, and tracking safeguards

• We use cookies/local storage for authentication and preferences. You can disable cookies, but some features may not work.
• We use Google Analytics (or similar) for pseudonymous usage data. We configure analytics to minimise collection and design systems to avoid capturing health content (including query strings and free-text fields), and we do not deploy third-party advertising or social pixels on authenticated patient areas.
• We do not currently use third-party advertising pixels elsewhere; if that changes, we will update this policy and implement appropriate controls.
• If we use consent or preference tools for analytics, we will honour your choices; you can also use browser controls to limit cookies/analytics.

5. When we disclose information

• Care delivery: Treating clinicians and authorised practice staff; pharmacies, laboratories, specialists, and other health providers as needed for treatment or as you direct.
• External health/government systems: Medicare, PBS, HI Service, prescription exchanges (e.g., eRx), pathology/imaging providers, and, if we later connect, My Health Record, where required to provide services or by law (see Section 9).
• Service providers (under contract): Cloud hosting/storage, email/SMS gateways, payment processors, video consult providers, analytics/security vendors, and optional AI infrastructure (with protections and de-identification). Some are located overseas.
• Professional advisers and regulators: Insurers, auditors, legal advisers, and regulators where reasonably necessary.
• Legal/critical situations: Where required or authorised by law, or to prevent a serious threat to life, health, or safety.
• We do not sell personal information and do not share identifiable health information with advertisers or data brokers.

6. AI, automation, and clinical decision support

• AI features are used to gather information, assist triage, and support clinicians to diagnose and treat. Clinicians make all clinical decisions; AI does not decide eligibility or clinical outcomes on its own, and clinicians can always override suggestions.
• We use de-identified and aggregated data for internal model QA and product improvement. We base our de-identification approach on OAIC guidance and implement technical and organisational measures to minimise re-identification risk, recognising that it cannot be completely eliminated.
• We do not send identifiable clinical notes or images to external general-purpose AI providers without appropriate enterprise agreements and, where required, explicit informed consent. We do not use identifiable clinical data to train public AI models.
• We apply privacy, security, and data-handling due diligence to AI vendors in line with OAIC guidance for commercially available AI products.
• At present, we do not rely solely on automated decision-making to make decisions that could reasonably be expected to significantly affect your rights or interests (for example, eligibility or permanent account blocks). We will provide transparency about any future use of computer programs to make such decisions and will comply with automated decision-making transparency requirements from 10 December 2026.

7. Storage, security, and retention

• We use access controls, encryption, logging, and periodic reviews appropriate to the sensitivity of the data. Access is limited to staff and providers who need it for their role.
• Health records are generally retained for at least 7 years from the last entry for adults, and for minors until age 25 (or longer where required by state/territory rules or clinical/legal need), in line with applicable state and territory health record laws and professional guidelines. Retention periods may be longer in some circumstances (for example, if there is a potential legal claim, complaint, or other legal obligation).
• Some system logs and backups may be retained for a limited additional period for security, audit, and continuity purposes, after which they are deleted or irreversibly de-identified.
• When information is no longer required, we take reasonable steps to de-identify or securely destroy it.

8. Access, correction, and choices

• You can request access to or correction of your personal information; we may need to verify your identity before providing access or making changes. We do not charge a fee to request a correction. If we charge a fee for access, it will be limited to reasonable costs of locating, collating, and sending the information.
• In some cases we may refuse access where the law allows (for example, if giving access would pose a serious threat to life or health, unreasonably impact another person’s privacy, or relate to legal proceedings). If we refuse access, we will tell you why and how you can complain.
• You can opt out of certain non-essential communications and adjust browser settings to limit cookies/analytics (some features may degrade).
• We only use or disclose sensitive information (such as health information) for the primary purpose of providing health services or a directly related purpose you would reasonably expect, unless you consent to another use or the law allows/requires it.

9. My Health Record

We are not currently connected to My Health Record. If this changes, we will publish how we access or upload information and link to the relevant security/access policy.

10. Children and young people

Where we provide services to young people, we balance their privacy with parent/guardian involvement in line with clinical judgment and applicable state and territory laws (for example, considering maturity for consent). We may collect parent/guardian or emergency contact details where needed to support care.

11. Complaints

• To make a privacy complaint, contact the Privacy Officer in writing with details of your concern (what happened, when, and any supporting information). We will acknowledge receipt and aim to respond within a reasonable time (generally within 30 days).
• If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Notifiable Data Breaches

If an eligible data breach occurs (likely to result in serious harm), we will notify affected individuals and the OAIC in line with the Notifiable Data Breaches scheme and keep internal records of data breaches and our responses.

13. Changes to this policy

We may update this policy from time to time. The latest version will be available on our website and will include the date it was last updated.