Privacy Policy

Last Updated: May 2023

Introduction

SwiftHx ("we", "our", "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) ("Privacy Act"). This Privacy Policy explains how we handle your personal information in accordance with these principles.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact information (name, email address, phone number)
  • Account credentials
  • Professional details (qualifications, specialties, practice information)
  • Payment information
  • Communication preferences

Sensitive Information

As a healthcare platform, we may collect sensitive information including health information about patients. This may include:

  • Demographic information
  • Medical history
  • Symptoms and clinical findings
  • Assessment and treatment information

All patient information is collected, stored, and processed in accordance with applicable healthcare privacy laws, including the Privacy Act and related health records legislation in Australian states and territories.

Usage Information

  • Device information (browser type, operating system, IP address)
  • Usage patterns and interactions with our platform
  • Features used and content accessed
  • Log data and error reports

How We Collect Your Information

We collect your personal information in various ways, including:

  • When you register for an account or update your profile
  • When you use our services and features
  • When you upload clinical documents or information
  • Through automated technologies such as cookies and server logs
  • From third parties, where permitted by law and with your consent

How We Use Your Information

We use the collected information for various purposes, including:

  • Providing, operating, and maintaining our platform
  • Improving and personalizing user experience
  • Processing and completing transactions
  • Analyzing and generating insights from clinical data (with appropriate safeguards)
  • Sending administrative information and updates
  • Responding to inquiries and providing customer support
  • Protecting against fraudulent or unauthorized activity
  • Complying with legal obligations

Artificial Intelligence and Your Data

Our platform utilizes artificial intelligence (AI) technologies, including OpenAI's services, to analyze clinical information and provide insights. When we process your data using AI:

  • We obtain explicit consent before processing any clinical data with AI services
  • We anonymize all clinical data before it is processed by AI systems
  • We implement Zero Data Retention with our AI providers when processing sensitive information
  • We never use your data to train AI models without explicit consent
  • All AI-generated outputs are reviewed by healthcare professionals before clinical use
  • We maintain detailed audit logs of all AI processing activities
  • We conduct privacy impact assessments for all AI processing activities

Our Privacy Consent System

Our platform features a comprehensive privacy consent management system that:

  • Provides clear, specific consent options for different data processing activities
  • Allows users to modify or withdraw consent at any time
  • Records timestamps and details of all consent actions
  • Enforces data processing rules based on consent status

Cross-border Data Transfers

Some of our AI processing may involve transferring your anonymized data to overseas locations where our AI service providers' servers are located (primarily the United States). When we do this:

  • We take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles
  • We remain accountable for protecting your information in accordance with the Privacy Act
  • We implement appropriate contractual, technical, and organizational safeguards
  • We only transfer anonymized data to minimize privacy risks
  • We conduct risk assessments prior to any cross-border data transfers

Data Security

We implement appropriate technical and organizational security measures to protect the security of your personal information. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Regular staff training on data protection
  • Incident response procedures
  • Comprehensive privacy audit logging system

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Our Privacy Audit System

To ensure compliance with privacy regulations and protect your data, we maintain a comprehensive privacy audit system that:

  • Records all data access, processing, and sharing activities
  • Tracks user consent status and changes
  • Monitors for unauthorized access attempts
  • Provides detailed reports for regulatory compliance
  • Archives logs securely for the required retention period

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Clinical data is retained in accordance with applicable healthcare record retention requirements.

For patient data processed through our AI services, we maintain the following practices:

  • Original clinical data is stored securely in Australian data centers
  • Anonymized data sent to AI providers is not retained by those providers (Zero Data Retention)
  • AI-generated outputs are stored with the same security as original clinical data
  • We maintain a data minimization approach, only collecting and retaining necessary information

Disclosure of Your Information

We may disclose your personal information to:

  • Healthcare providers authorized to access the platform and patient information
  • Service providers who assist us in operating our platform and providing services
  • Professional advisers (e.g., lawyers, accountants, auditors)
  • Regulatory authorities, government agencies, law enforcement, and other third parties where required by law
  • Business partners, with your consent and for limited purposes

We do not sell your personal information to third parties. Any third parties who receive your information are required to maintain the confidentiality and security of your information and to process it in accordance with our instructions.

Your Privacy Rights

Under the Australian Privacy Principles, you have certain rights regarding your personal information, including:

  • Right to access and receive a copy of your personal information
  • Right to correct inaccurate personal information
  • Right to request deletion of your personal information (subject to legal restrictions)
  • Right to make a complaint about the handling of your personal information
  • Right to opt-out of direct marketing
  • Right to withdraw consent for specific processing activities at any time
  • Right to request information about cross-border disclosures of your information

To exercise these rights, please contact us using the information provided below or use the privacy controls available in your account settings.

Consent

We will obtain your explicit consent before collecting, using, or disclosing your sensitive information, including health information. You can withdraw your consent at any time through your account settings or by contacting us directly.

For ordinary personal information, we may rely on other legal bases for processing, such as the need to perform our contract with you or to comply with legal obligations.

Children's Privacy

Our platform is intended for use by healthcare professionals and adult patients. We do not knowingly collect personally identifiable information from individuals under 18 years of age without appropriate consent from a parent or guardian. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Significant changes will be notified to you directly (e.g., by email or an in-app notification) where feasible.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

Email: privacy@swifthx.com

Postal Address: 123 Health Street, Sydney, NSW 2000, Australia

Phone: +61 2 1234 5678

Making a Complaint

If you believe that we have breached the Australian Privacy Principles, you can make a complaint to us using the contact details above. We will investigate your complaint and respond to you within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au