Privacy Policy

We collect personal information and health information necessary to provide the Platform, including:

• ›Account and identity information (name, professional title, email, role, employing health service)
• ›Authentication credentials (passwords are stored in hashed form)
• ›Voice recordings collected during onboarding and used to generate a voice biometric profile (sensitive information under the Privacy Act and health information under the Health Records Act)
• ›Clinical handover audio, transcripts, AI-generated ISBAR summaries, and any patient information captured during a session
• ›Usage and technical data such as device type, browser, session timing, IP address, and error logs

The Platform is intended exclusively for clinical handover. We do not seek to collect personal notes, private conversations, or other non-clinical content. If non-clinical content is inadvertently captured, please contact us at handovex@gmail.com.

We use your information only for the purposes for which it was collected or directly related purposes you would reasonably expect, including:

• ›Providing, maintaining, and securing the Platform
• ›Authenticating users and identifying speakers during a handover
• ›Generating and storing clinical handover records on behalf of your health service
• ›Communicating with you about your account and the Platform
• ›Meeting our legal, regulatory, and security obligations

We do not sell your personal information or use it for advertising. We only send transactional and service messages necessary for the Platform; we do not send marketing communications without your express consent.

Health information (including patient information in handover transcripts, voice biometric data, and clinical observations) is collected and handled in accordance with the Australian Privacy Principles and the Health Privacy Principles under the Health Records Act 2001 (Vic). We collect sensitive information only with consent or where otherwise permitted by law. Your health service remains the primary custodian of patient records; we act as a data processor on its behalf.

We do not sell or trade personal information. We disclose information only:

• ›To service providers (including cloud hosting, authentication, voice transcription, speaker identification, and AI language model providers) who help us deliver the Platform, under contractual obligations consistent with the APPs
• ›Where required or authorised by law, court order, or regulatory authority
• ›Where necessary to prevent a serious threat to health or safety
• ›With your consent

Some service providers may process data outside Australia. Where this occurs, we take reasonable steps to ensure overseas recipients handle information in a way consistent with the APPs. By using the Platform, you acknowledge that overseas disclosures may occur as described in this Policy.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include encryption in transit and at rest, access controls, multi-factor authentication for clinical users, audit logging, and storage of data primarily within Australia. No system is completely secure; please use strong passwords and notify us if you suspect unauthorised access.

We retain personal information only for as long as necessary to provide the Platform, fulfil the purposes described in this Policy, and meet our legal, clinical-records, and regulatory obligations. Clinical records are retained in accordance with applicable health records legislation. Where information is no longer required and is not subject to a legal retention obligation, we will take reasonable steps to destroy or de-identify it.

Under the Privacy Act and the Health Records Act, you may:

• ›Request access to the personal or health information we hold about you
• ›Request correction of information that is inaccurate, out-of-date, incomplete, or misleading
• ›Request deletion of your account and associated personal data, subject to legal retention obligations
• ›Make a complaint about how we have handled your information

To exercise these rights, contact us at handovex@gmail.com. We will respond within a reasonable time and may need to verify your identity before processing your request.

We use cookies, local storage, and aggregated analytics to operate the Platform and understand how it is used. We do not use advertising trackers or build individual marketing profiles. We do not load third-party analytics on pages that display patient identifiers, transcripts, or ISBAR summaries. You can disable non-essential cookies through your browser settings; disabling them does not affect core Platform functionality.

Handovex is a professional clinical platform intended for use by qualified healthcare workers. We do not knowingly collect personal information directly from individuals under 18.

We may update this Privacy Policy from time to time. Material changes will be notified to users by email or through the Platform before they take effect. Continued use of the Platform after a change takes effect constitutes acceptance of the updated Policy.

We maintain an incident response process for suspected data breaches. In the event of an eligible data breach under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988 (Cth)), we will notify the Office of the Australian Information Commissioner and affected individuals as required by law. If you become aware of a suspected security incident, contact us immediately at handovex@gmail.com.

For privacy questions, access requests, or complaints, contact our Privacy Officer:

If your complaint is not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner (oaic.gov.au) or the Health Complaints Commissioner Victoria (hcc.vic.gov.au).