Praxia

Privacy Policy

Effective 7 July 2026 · Praxia Clinical Solutions Pty Ltd

Praxia is operated by Praxia Clinical Solutions Pty Ltd (ACN pending — company in incorporation) ("we", "us", "our"). We are committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, how we use and protect it, and your rights in relation to it.

1. What information we collect

We collect and hold the following categories of personal information:

From patients (collected by your clinic on our platform):

  • Identity information: full name, date of birth, phone number, email address, postal address
  • Health information: clinical notes, visit records, treatment plans, form responses, assessment outcomes
  • Appointment information: appointment dates and times, visit type, follow-up schedule, attendance status
  • Financial information: invoice amounts, payment status (payment card details are not stored by us)

From clinic staff (collected at account setup):

  • Name, email address, role and professional credentials
  • Roster and shift information

Automatically collected:

  • System access logs: timestamps, IP addresses, and request identifiers (used for security and operational purposes only; not linked to patient records)

We do not collect health information directly from patients. Health information is entered into the platform by your clinic's authorised staff.

2. Why we collect this information

We collect and use personal information for the following purposes:

PurposeAPP basis
Providing the clinical management platform to your clinicPrimary purpose of collection (APP 6.1(a))
Sending appointment reminders and follow-up communications (where your clinic has enabled this)Directly related to primary purpose; patient consent obtained at booking (APP 6.1(a), APP 7)
Maintaining clinical records as required by lawLegal obligation (state and territory medical record retention laws)
Billing and invoicingPrimary purpose of collection
Platform security and fraud preventionLegitimate operational interest
Improving the platform (de-identified and aggregated data only)Legitimate interest; no individual identification

We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected without your consent.

3. How we store and protect your information

All personal and health information is stored in Australia (Sydney, New South Wales) on infrastructure operated by Fly.io. We do not transfer your personal information outside Australia except as described in section 4.

We protect your information using:

  • Encryption in transit (TLS) and at rest
  • Row-level security — each clinic's data is strictly isolated from all other clinics
  • Role-based access controls — staff can only access information their role permits
  • Short-lived authentication tokens (15-minute expiry)
  • Regular automated backups with point-in-time recovery

4. Who we share your information with

We share personal information only where necessary to provide the platform:

RecipientPurposeLocationSafeguard
GoHighLevel (GHL)CRM platform — stores Contact and appointment data on our behalfAU sub-account configuration, but GHL is US-based and data transits/rests on US core infrastructureAPP 8 cross-border disclosure (United States) — GHL's data processing agreement (which commits GHL to handle data per the Australian Privacy Principles, verified 2026-07-04) is in force from account creation; see DPA §5 and sub-processors register
Fly.ioCloud infrastructure and database hostingSydney, AustraliaStandard contractual terms
AWS S3 (Sydney)Encrypted off-host database backupsSydney, Australia (ap-southeast-2)Bucket region-locked; encryption at rest (SSE-AES-256) + S3 Object Lock
AWS Bedrock (Sydney)AI assistance for drafting referral letters — clinical text is sent to Anthropic's Claude model running in the Sydney regionSydney, Australia (ap-southeast-2)In-country processing; AWS contractually does not store inputs/outputs or train on them; clinician reviews and approves every draft before send — see § 4.2
Better StackUptime monitoring + log aggregation (system health only — no patient identifiers in log fields)United StatesAPP 8 — technical safeguard (no PII in log fields per ADR-0004) applied
SentryError tracking (clinical content stripped before transmission)United StatesAPP 8 — technical safeguard (PII redaction) applied
Google Workspace + Google MeetTelehealth video consults (video + audio of consult, meeting metadata; no recording)US / EU routing — see § 4.1APP 8 — disclosed; Google Cloud APP whitepaper is the compliance basis

The full register, including data categories, vendor DPAs, and AU-residency caveats for each entry, is maintained at docs/compliance/sub-processors.md. Any change to the register is made by a tracked PR, not a silent config update.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

4.1 Telehealth video — overseas data routing

We need to be specific about one item in the table above because the trade-off is material.

If your clinic uses our telehealth video consult feature, the video and audio of the consult are carried over Google Meet, which runs on Google Workspace. Google Workspace at our subscription tier (Business Starter) does not pin data to Australia. Video consult content may transit Google's global infrastructure including US and EU regions. Australia is not an available data-region option at this tier.

What this means in practice:

  • The consult is not recorded by Praxia or by Google Meet — recording is disabled at the subscription tier and cannot be turned on. Only transient audio + video and the meeting metadata (patient name, clinician name, time) leave Australia.
  • Patient identity information (name, contact details, clinical notes) continues to be stored in Australia (Sydney). Only the telehealth session itself is overseas-routed.
  • Google's compliance posture against the Australian Privacy Principles is documented in the Google Cloud and the Australian Privacy Principles whitepaper, which we rely on as the APP 8 compliance basis for this disclosure.
  • A patient who is not comfortable with overseas routing for their consult may request an in-person or telephone appointment instead. The choice is recorded on the visit.

We have chosen Google Meet at v1 because the marginal cost is zero and the recording-disabled default is tier-enforced. We re-evaluate against AU-resident alternatives (e.g. Coviu, Zoom Sydney) when an upgrade trigger arrives — see the sub-processor register for current status.

4.2 AI assistance with referral letters — what we send, where it stays, who decides

After a clinical visit is signed off, our platform can generate a first-draft referral letter for the clinician's review. We use Anthropic's Claude model for this, running on AWS Bedrock in the Sydney region.

The trade-off here is the opposite of telehealth — the clinical content stays in Australia.

What we send to the model, what stays in Australia, and what the clinician does:

  • What we send. The clinical content of the visit (SOAP notes), the patient's name and date of birth, the referring clinician's name and AHPRA number, and your clinic's letterhead fields. These are the inputs the model needs to draft a letter that reads as if a clinician wrote it.
  • Where it stays. Inference runs in AWS Bedrock's Sydney region (ap-southeast-2). Clinical content does not leave Australia for this purpose. AWS Bedrock contractually does not store the request or the response, and does not use it to train models. The draft letter that comes back is saved into our Sydney database; nothing about the prompt is retained outside that path.
  • Who decides. Every draft is exactly that — a draft. A clinician opens it, reads it, edits it where needed, and explicitly approves it before any send. The platform does not auto-send referral letters.
  • Compliance basis. Because the inference happens in Australia, this is not an APP 8 cross-border disclosure — it's in-country processing. The decision and the alternatives we considered are recorded in ADR-0016; the register entry is sub-processors §2 row 7; the risk assessment is in the DPIA §4 Risk 8.
  • Audit trail. Every draft generation and every send is recorded in our audit log. If you make an access request under the Australian Privacy Act, AI-drafted artifacts about you are covered by the same response surface as the rest of your records.

If at any point a future version of the platform changes how AI processes clinical content — for example, a different model, a different region, or a feature that removes the clinician-approval step — we will update this section before that change goes live.

5. Health information

Health information is sensitive information under the Privacy Act. We collect and hold health information only:

  • With the patient's consent (obtained by the clinic at the point of care), and
  • For the purpose of providing clinical management services to the clinic

Health information is accessible only to authorised staff at the clinic that collected it. Staff at other clinics on the platform cannot access it.

6. Retention and deletion

We retain personal information for as long as necessary to fulfil the purpose of collection and to meet our legal obligations:

Information typeRetention period
Clinical records (health information)7 years from last entry, or until patient requests deletion (subject to legal obligations)
Appointment and visit records7 years
Financial records7 years (tax and accounting obligation)
System access logs90 days
Staff account informationDuration of employment + 7 years

When your clinic's subscription ends, we will retain your data for 90 days to allow export, then delete it securely. We will provide at least 30 days' notice before deletion.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (APP 12)
  • Correct inaccurate, out-of-date, incomplete, or misleading information (APP 13)
  • Make a complaint about how we have handled your personal information (APP 1.4)

To exercise these rights, contact us using the details in section 9. We will respond within 30 days.

For patients: Your health records are held by and on behalf of your clinic. To access or correct your clinical records, please contact your clinic directly. We will assist your clinic to respond to access and correction requests.

8. Notifiable Data Breaches

We are bound by the Notifiable Data Breaches (NDB) scheme under the Privacy Act. If we become aware of an eligible data breach that is likely to result in serious harm, we will:

  1. Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable (within 30 days of becoming aware)
  2. Notify affected individuals (or their clinic) directly

We maintain an incident response runbook to ensure timely breach assessment and notification.

9. Contact us

For privacy enquiries, access requests, corrections, or complaints:

Privacy Officer — Andrew Romano Praxia Clinical Solutions Pty Ltd (in incorporation) Email: [email protected] Phone: 0425 767 671 Address: 16–18 Castlereagh Street, Penrith, NSW, 2750

If you are not satisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes to this policy

We may update this policy from time to time. Clinics will be notified of material changes by email at least 30 days before they take effect. The current version is always available at https://praxiaclinical.com/privacy.

risk-acceptance decision record). A qualified Australian privacy-lawyer review is a scheduled review trigger before scaling beyond the EMC pilot (§9 there). Pre-incorporation note: until Praxia Clinical Solutions Pty Ltd is registered, the operating legal person is Evolution Medical Care Pty Ltd; confirm the interim-operator framing with your accountant.*

If you are not satisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.