Privacy Policy

PracticeCentred (practicecentred.com.au) provides a staff compliance, document, task and operational-check platform for Australian healthcare, care and regulated service teams. In this policy, “we”, “us” and “our” refer to the operator of PracticeCentred, and “you” refers to the organisation that registers for the service and its authorised users.

We collect information you provide when setting up and operating your organisation on the platform:

• Organisation name, billing details and administrator contact information
• Staff names, roles, employment status, work email and mobile numbers
• Staff compliance documents (registrations, certificates, evidence uploads)
• Tasks, checklists, incident records and related comments or attachments
• Secure-link and notification delivery metadata (e.g. SMS/email send status)
• Audit logs of actions taken within the platform (who did what, and when)

We do not intentionally collect patient health information. The platform is designed for staff compliance only, not clinical records.

We use information solely to provide and improve the service, including to:

• Track staff compliance requirements, documents, tasks and incidents
• Send service notifications and secure links you configure (email and SMS)
• Process subscription billing and SMS credit purchases
• Maintain security, audit trails and tenant isolation
• Provide support and respond to your requests

We do not use staff information for advertising and we do not sell personal information to third parties.

Where you enable SMS reminders or send secure links to staff mobile numbers, message content is limited to operational notifications (for example, expiry reminders or links to complete compliance items). Staff must have a lawful basis to receive these messages — see section 6 below.

Security one-time passwords (OTPs) may be sent even when your SMS credit balance is zero, because identity verification is required for secure-link access.

We use trusted providers to operate the service. These may process data on our behalf, including:

• Cloud hosting and storage (Amazon Web Services — Australian regions)
• Payment processing (Stripe)
• Email delivery (Amazon SES)
• SMS delivery (e.g. Amazon SNS or other SMS providers configured for your account)

We may also disclose information where required by law, to protect rights and safety, or with your organisation's direction.

Your organisation is the controller of staff personal information entered into PracticeCentred. You are responsible for:

• Informing staff about what information is collected and why
• Obtaining any consent required under the Australian Privacy Act 1988 and applicable workplace laws
• Ensuring only authorised staff information is uploaded
• Not entering patient health information into the platform

Data is stored in Australian cloud infrastructure. Documents are held in private, encrypted storage with access controls and logging. For more detail, see our Security overview.

Compliance records are retained while your subscription is active and for a reasonable period afterwards to meet legal, audit and backup requirements. When you cancel, data is handled in accordance with our retention schedule and your organisation's obligations.

Under the Australian Privacy Act, individuals may request access to, or correction of, personal information we hold about them. Staff requests may be directed through your organisation as the primary controller; we will assist authorised organisation administrators where appropriate.

Privacy questions and requests can be submitted through the support channel available inside your account, or via our contact page.

📍 477 Pitt St, Sydney NSW 2000