Privacy Policy

Last updated: 26 October 2025

This privacy policy explains how Revoliq Pty Ltd (ABN 63 692126435, "we", "us", "our") collects, uses, and protects your personal information in accordance with Australian privacy laws.

1. Legislative Compliance

We comply with:

• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• My Health Records Act 2012 (where applicable)
• Healthcare Identifiers Act 2010 (where applicable)
• Notifiable Data Breaches (NDB) scheme
• Australian Consumer Law
• State and territory health privacy legislation

2. What Information We Collect

2.1 Business Contact Information

• Name, email address, phone number
• Business name and address
• Account login credentials (encrypted)
• Payment and billing information

2.2 Service Usage Data

• Call recordings and transcripts
• System logs and technical data
• Service usage statistics and analytics
• Communication metadata (timestamps, duration, etc.)

2.3 Protected Health Information (PHI)

When used in healthcare settings, our service may process:

• Patient appointment details
• Basic medical history information provided during calls
• Healthcare provider names and contact information

Important: PHI is only collected when necessary for service delivery and is handled with strict security measures.

3. How We Use Your Information

We use collected information to:

• Provide and maintain our AI receptionist services
• Process appointment bookings and patient communications
• Improve service quality and user experience
• Ensure system security and detect fraud
• Communicate service updates and support
• Comply with legal obligations

3.1 AI Training and Processing

We DO NOT use customer health data to train AI models.

We use third-party AI services (OpenAI, Anthropic) under strict Data Processing Agreements (DPAs) that:

• Prohibit use of your data for model training
• Require data anonymization where technically feasible
• Ensure data is processed only for your service delivery
• Comply with Australian privacy standards

4. Data Storage and Security

4.1 Data Location

Data is stored on:

• Australian-based cloud infrastructure (primary)
• International providers (AWS, Azure) with Australian data residency options where available
• Backup systems in secure, compliant facilities

4.2 Security Measures

We implement industry-standard security including:

• Encryption at rest: AES-256 encryption for stored data
• Encryption in transit: TLS 1.3+ for all data transmission
• Access controls: Multi-factor authentication (MFA) and role-based access
• Regular security audits and penetration testing
• Secure backup and disaster recovery procedures
• Employee training on privacy and security protocols

4.3 Data Retention

We retain data as follows:

• Patient-related records: Minimum 7 years (as per Australian medical record requirements)
• Call recordings: 2 years or as specified in your service agreement
• Account information: Duration of service plus 2 years
• System logs: 90 days for security purposes

You may request earlier deletion subject to legal retention obligations.

5. Sharing of Information

5.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal or health information.

5.2 Authorized Sharing

We may share information with:

• Service providers: Cloud hosting, AI processing, payment processing (under strict DPAs)
• Healthcare providers: When necessary for appointment coordination (with your authorization)
• Legal authorities: When required by law or court order
• Business transfers: In the event of merger or acquisition (with notification to you)

5.3 Third-Party AI Services

We use the following AI providers:

• OpenAI (GPT models) - under Business Associate Agreement (BAA)
• Anthropic (Claude models) - under Data Processing Agreement (DPA)
• Deepgram (speech-to-text) - under DPA
• Cartesia (text-to-speech) - under DPA

All providers are contractually bound to protect your data and not use it for training purposes.

6. Your Privacy Rights

Under Australian privacy law, you have the right to:

6.1 Access

Request access to personal information we hold about you.

6.2 Correction

Request correction of inaccurate or incomplete information.

6.3 Deletion (Right to Erasure)

Request deletion of your personal information, subject to legal retention requirements.

6.4 Portability

Request export of your data in a structured, machine-readable format.

6.5 Complaint

Lodge a complaint about our privacy practices with us or with the Office of the Australian Information Commissioner (OAIC).

6.6 Withdraw Consent

Withdraw consent for data processing (may limit service functionality).

To exercise these rights, contact: privacy@revoliq.com.au

We will respond to requests within 30 days.

7. Data Breach Notification

In the event of a data breach that is likely to result in serious harm:

• We will notify the OAIC within 72 hours of becoming aware
• We will notify affected individuals without undue delay
• Notifications will include:
  • Description of the breach
  • Type of information involved
  • Steps we are taking to address it
  • Steps you can take to protect yourself

Report security concerns to: security@revoliq.com.au

8. Healthcare-Specific Provisions

8.1 Patient Consent

Healthcare providers using our service must:

• Obtain appropriate consent from patients for data processing
• Inform patients about AI-assisted communication
• Ensure patients understand their privacy rights

8.2 De-identification

Where technically feasible, we anonymize or de-identify health information for:

• System analytics and performance monitoring
• Service quality improvement
• Research and development (aggregated, non-identifiable data only)

8.3 Healthcare Provider Responsibilities

You (the healthcare provider) remain responsible for:

• Compliance with state/territory health privacy legislation
• Obtaining and managing patient consents
• Clinical governance and professional standards
• Professional indemnity insurance

9. Cookies and Analytics

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze website usage (Google Analytics)
• Improve user experience

Cookie types:

• Essential cookies: Required for service functionality
• Analytics cookies: Google Analytics (anonymized IP addresses)
• Functional cookies: Remember your preferences

You can disable non-essential cookies in your browser settings. Note that disabling cookies may affect functionality.

10. International Data Transfers

When data is transferred outside Australia:

• We ensure adequate safeguards are in place
• Recipients are bound by contracts ensuring APP-level protection
• Transfers comply with APP 8 (Cross-border disclosure of personal information)

11. Children's Privacy

Our service is not directed at children under 18. If we become aware that we have collected personal information from a minor without parental consent, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this privacy policy to reflect:

• Changes in legislation or regulatory requirements
• Service enhancements or new features
• User feedback or privacy best practices

Material changes will be notified via:

• Email to registered users
• Prominent notice on our website
• In-app notifications (where applicable)

Continued use after notification constitutes acceptance of changes.

13. Contact Information

Privacy Officer
Dean Zhang
Revoliq Pty Ltd
Email: deanzhang@revoliq.com.au
Phone: 0410 764 959
Address: 33C/164 Campbell Parade, Bondi Beach NSW 2026

13.1 Complaints Process

If you have a privacy concern or complaint:

1. Email us at privacy@revoliq.com.au with details
2. We will acknowledge your complaint within 5 business days
3. We will investigate and respond within 30 days
4. If unsatisfied, you may contact the OAIC:
   • Website: www.oaic.gov.au
   • Phone: 1300 363 992
   • Email: enquiries@oaic.gov.au

14. Definitions

• Personal Information: Information about an identified or reasonably identifiable individual
• Protected Health Information (PHI): Health information that can identify an individual
• De-identification: Removal or alteration of information that identifies an individual
• Data Processing Agreement (DPA): Contract ensuring third parties protect your data
• Business Associate Agreement (BAA): Healthcare-specific data protection contract

---

This privacy policy is designed to meet Australian legal requirements. It does not constitute legal advice. Healthcare providers should seek independent legal counsel regarding their specific obligations.