We may collect and process the following types of personal and health information:
‍

a. Personal Information

• Name, email address, phone number, role, and organisation
• Login credentials and preferences
• Billing and payment details

‍

b. Health Information (Patient Data)

• Audio recordings, transcriptions, and consultation notes
• Structured health summaries, referrals, and medical letters
• Metadata linked to clinical records

‍

c. Technical Information

• IP address, browser type, device information, and usage logs
• Cookies and tracking data to enhance the user experience

‍

We only collect data that is relevant, necessary, and lawful for the operation of the Platform.

Information may be collected when:

• You register for or log in to the Platform
• You upload, record, or submit clinical content
• You communicate with our team (e.g. support or onboarding)
• The Platform automatically logs activity or events for security and analytics

We use the information collected to:

• Deliver transcription, clinical documentation, and related services
• Manage user accounts and authentication
• Provide customer support and respond to enquiries
• Improve system performance, reliability, and security
• Ensure compliance with applicable health privacy standards
• Notify users of service updates, product changes, or legal notices

We do not use your data for advertising purposes or sell your data to third parties.

• All data is securely stored on Australian servers in ISO 27001-certified data centres.
• Bank-grade encryption is used for data both in transit and at rest.
• Access is restricted to authorised personnel with appropriate role-based permissions.
• Regular audits, vulnerability scans, and penetration tests are conducted.

‍

If you are a healthcare provider, your data is handled per your obligations under the Health Practitioner Regulation National Law and other clinical data retention policies.

We may share personal data in the following limited circumstances:

• With trusted third-party service providers (e.g. infrastructure providers) who are contractually bound to maintain confidentiality and comply with privacy laws
• When legally required (e.g. under court order, subpoena, or other legal obligation)
• In the event of a company merger, acquisition, or restructuring (with notification to users)

‍

We will never sell or license patient or clinical data for commercial purposes.

We retain data:

• For as long as your account is active or as necessary to provide services
• As required to comply with legal, regulatory, or contractual obligations
• In line with the retention policies of your clinical practice

‍

You may request deletion or access to your data at any time, subject to certain legal exceptions.

Under the Australian Privacy Act, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date information
• Request deletion of data (where legally applicable)
• Withdraw consent to data processing

‍

Requests should be submitted in writing to Info@arvihealth.com .

We use cookies for session management, authentication, and to understand platform usage. You may disable cookies in your browser settings, though this may limit certain functionality.
‍

We may use third-party analytics tools (such as Google Analytics) to improve performance. These tools do not collect personally identifiable patient information.

All primary data is stored in Australia. If any data is processed outside Australia by a third-party provider, we ensure appropriate safeguards and agreements are in place.

We may update this Privacy Policy periodically. You will be notified of any material changes via email or through the Platform. The latest version will always be available on our website.