1. We're here to help. Get in touch.
You can get in touch with us at any time about the way we handle and safeguard your information. If you want to ask questions, update your information, update or delete your Heidi Platform account, change your user preferences, register a concern, opt out of marketing, or anything else — we're just a call or a few clicks away.
If you have any questions or complaints about how we handle your information you can get in touch with us at support@heidihealth.com
2. About us
As part of our service, we provide the Heidi Platform (Platform) to qualified medical practitioners (including their relevant medical clinic) and other health professionals (Practitioners) and patients of Practitioners.
The Platform facilitates the delivery of healthcare services and clinical support through three core products:
- Heidi Scribe — an AI-powered clinical documentation tool that assists Practitioners with transcription and note generation during and after consultations.
- Heidi Evidence — a clinical research and knowledge tool that surfaces relevant medical literature, guidelines, and evidence-based resources to support clinical decision-making. It is not intended to replace clinical judgement or direct care decisions.
- Heidi Comms — a communication tool that enables phone and real-time voice-to-voice interactions between Practitioners and patients.
Definitions used throughout this policy:
- we, our or us — Heidi Health Trading Pty Limited (ABN 84 649 783 871) and our related bodies corporate identified at section 14.
- our services — the provision of the Platform and all products to you as a Practitioner and related services.
- you — you, the reader of this policy.
- your information — your personal information that you may share with us.
- privacy laws — all privacy and data protection laws that apply to us when we handle your information, including applicable health information laws.
3. What information do we collect?
We collect and hold the following categories of information, including personal information, health information, payment information, device information, and general information to help us improve our services.
When you access and use our website, Platform, or other services, we collect and hold the following main categories of information. If you choose not to provide the requested information, it may impact our ability to deliver these services to you fully.
| Category | Details | Applicable Products |
|---|---|---|
| Your general personal information | Your name, address, age or date of birth, gender, contact number and email address. Where you are a Practitioner, we may also collect information relating to your qualifications, registrations, training and educational background. | Scribe, Evidence, Comms |
| Payment and claim information | We may collect information in order to pay for services. This may include credit card information, bank account details and Medicare card and claim details. | Scribe, Comms |
| Sensitive health information | This includes any health information that Practitioners provide when accessing or using Heidi Scribe or Heidi Comms. We may collect health information about patients from Practitioners, including information arising out of or in connection with the use of these products. All sensitive health information undergoes a pseudonymisation process where personal identifiers are removed. Any sensitive health information is only retained for the duration requested by the Practitioner. No patient data is used to train, develop, or improve any of our AI models. | Scribe, Comms |
| Query and output data | Heidi Evidence stores your search queries and the outputs generated in response to those queries in a chronological chat format. These are not linked to any patient record. Heidi Evidence is not designed to process patient health information (PHI). Practitioners should not enter patient-identifiable information into their queries. Where PHI is inadvertently entered, it will be handled in accordance with applicable health information laws. Queries may be reviewed and used in de-identified form to improve the platform, but PHI will not be used for model training. | Evidence |
| Device information | Your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, IP address and standard web log information. | Scribe, Evidence, Comms |
| Additional information you provide | Information you provide through customer surveys, directly through our website or indirectly through your use of our Platform. | Scribe, Evidence, Comms |
| Information collected for business improvement | We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our Platform and services are being used. When we use this information it is always in de-identified form. | Scribe, Evidence, Comms |
| Information collected by cookies | We may collect de-identified information via cookies on our website. See section 9 for more details. | Scribe, Evidence, Comms |
| Information collected for recruitment purposes | When you apply for a job or position with us, we may collect your name, contact details, working history and relevant records checks. | Scribe, Evidence, Comms |
4. How do we collect your information?
We collect your personal information when you engage with us or from third parties.
| Category | Details |
|---|---|
| Registration | When you register on our website or Platform. |
| Communication | Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform. |
| Interaction | When you interact with our sites, Platform, services, content and advertising or use our Platform or services. |
We may also collect information from our related companies, third-party service providers and other organisations that we partner with. For example:
- When you apply for a job or position with us, we may collect information from recruitment consultants, previous employers, referees, or CV checking agencies.
- Where you are a Practitioner, we may collect information about your qualifications, registrations, training and education background from third-party sources.
- For Heidi Evidence, we may collect information from evidence source partners and content licensors whose medical literature databases and APIs are integrated into the Platform (such as clinical guideline providers and journal databases).
5. How do we use your information?
We use your personal information to enable us to deliver and improve our products and services. We adhere to privacy by design principles and implement rigorous de-identification techniques to protect personal and health data.
| Category | Details | Applicable Products |
|---|---|---|
| Access | To enable you to access and use our website, Platform and other services. | Scribe, Evidence, Comms |
| Improvement | To design, provide, improve and manage our website, Platform and other services, such as to perform analytics and marketing. | Scribe, Evidence, Comms |
| Healthcare services | To facilitate the delivery of healthcare services to patients. For example, information relating to patients' medical history, complaints or symptoms may be collected and used by the Platform so that Practitioners can make treatment decisions. | Scribe, Comms |
| Research and clinical knowledge support | To facilitate Practitioners' access to curated medical literature, clinical guidelines, and evidence-based resources. Evidence supports research and knowledge retrieval and is not designed for direct patient care delivery. | Evidence |
| De-identified information for platform functions and improvement | We may de-identify and/or aggregate your personal information for the purposes of providing certain functionality and improving the Platform. For Scribe and Comms, this does not include the use of any sensitive health information and no patient data is used to train, develop, or improve any of our AI models. For Evidence, query and output data (not PHI) may be used in de-identified form to improve the Evidence product. | Scribe, Evidence, Comms |
| Support | To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you. | Scribe, Evidence, Comms |
| Contact | To contact you when we need to tell you something important about the Platform, our services, or your information. | Scribe, Evidence, Comms |
| Marketing | To send you marketing and promotional messages and other information that may be of interest to you. | Scribe, Evidence, Comms |
| Law | To comply with laws, and assist government or law enforcement agencies where required and authorised. | Scribe, Evidence, Comms |
| Employment | To consider your employment application. | Scribe, Evidence, Comms |
Unless permitted or required by law, we won't use your health information without your consent.
6. How do we use your personal information for marketing, and how do you opt out?
You can opt-out at any time from our marketing communications.
We may send you direct marketing communications and information about our services or products. This may take the form of emails or other forms of communication. We'll always conduct our marketing practices in accordance with privacy laws and other applicable laws. You'll be able to opt out at any time — either by using the unsubscribe facility in the relevant message or by contacting us (see section 1).
Without your consent, we will not:
- Use any of your health information to send you marketing communications; or
- Disclose any of your information to a third party in order for them to market to you.
7. Do we store or share information outside of your country?
Your personal information is stored in your local jurisdiction.
We have implemented data localisation solutions for customers located in Australia, Canada, US, UK and EU. Some functionalities of our Platform depend on third-party services whose servers may be located internationally. Whenever these third-party services are utilised, we ensure that data processing agreements are entered into to safeguard your personal information.
7.1 Heidi Comms data processing and storage
Heidi Comms is a communication tool made available through the Heidi Platform that enables phone and real-time voice-to-voice interactions.
Data collected through Heidi Comms may be processed outside your jurisdiction by trusted third-party processors. Any third-party subprocessors used in connection with Heidi Comms are subject to the same robust data processing agreements described in this section.
Recordings and transcripts generated by Heidi Comms may be stored temporarily, under the clinician's control, solely for quality assurance purposes. This information is not shared with any other party.
7.2 Heidi Evidence data processing and storage
Heidi Evidence is a clinical research and knowledge tool made available through the Heidi Platform that enables Practitioners to search and retrieve medical literature, guidelines, and evidence-based resources.
Data collected through Heidi Evidence may be processed outside your jurisdiction by trusted third-party processors, including evidence source and API partners whose content is integrated into the Platform. Any third-party subprocessors used in connection with Heidi Evidence are subject to the same robust data processing agreements described in Section 7.
8. Who do we share your information with?
We may share your personal information with our other partners and for other reasons we tell you about in this policy.
We may share your personal information with:
- Our employees and related companies;
- Third-party suppliers and service providers (including providers for the operation of our Platform, websites and/or our business);
- Evidence source and content partners
- Professional advisers, dealers and agents;
- Payment systems operators;
- Anyone to whom our assets or businesses (or any part of them) are transferred;
- Specific third parties authorised by you to receive information held by us, and other parties involved in the delivery of healthcare services; and/or
- Other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
9. Using our website and Platform
We use cookies on our website to track your website usage and remember your preferences. Our website includes pages that use cookies which are small files that store information on your computer, mobile phone or other device. We may use them to recognise you across devices and browsing sessions.
You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. If you refuse the use of cookies you may not be able to access the full functionality of our website.
We may also use third-party analytics tools to help us gather and analyse information about your use of our website and Platform. For the avoidance of doubt, no Protected Health Information (PHI) or sensitive health information is shared with or transmitted to third-party analytics tools. Any information collected through these tools is limited to non-sensitive data and does not include any details that could identify patients or relate to their health conditions, treatment, or care.
10. How do we protect your information?
We take a number of measures to keep your information safe.
| Category | Details |
|---|---|
| Staff training | We put our staff through training about how to keep your information safe and secure at all times. |
| Encryption | We employ bank industry encryption on all data both at rest and in transit. |
| De-identification tools | We use a range of tools designed to de-identify your information before it is used or disclosed for certain purposes, as described in this policy. |
| Secure storage and handling | We use a combination of techniques and measures to maintain the security of our website and Platform and to protect your account and your information. |
| Destroying or de-identifying your information | We only keep your information for as long as you want it or are lawfully required to keep it. |
11. What are your rights in relation to your information?
You have rights in relation to your personal information. You can contact us to exercise any of your rights at any time.
| Category | Details |
|---|---|
| Access | You can request a copy of your information. |
| Correct | You can ask us to correct or update your information. |
| Complain | You can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to fix any problem as soon as possible. |
12. Employees
| Category | Details |
|---|---|
| Your general personal information | Your name, address, age or date of birth, contact number, email address and image. |
| Educational and social information | Details of your education, references from your institutions of study, and information relating to your interests and extra-curricular activities. It also includes lifestyle information and social circumstances. |
| Sensitive information | Information concerning your health and medical conditions, certain criminal convictions and offences, racial or ethnic origin, religious or philosophical beliefs, sexual orientation. |
| Financial information | Your bank account number, tax identifier and status, and credit checks where required. |
| Work related information | Details of your work history, professional activities and interests, involvement with industry bodies and professional associations, and any personal information captured in the work product(s) you create while employed by us. |
If you are a current or former employee and have any questions in relation to our handling of your personal information, please contact us at hello@heidihealth.com
13. Changes to this policy
If we need to change this policy in a way that affects the way we handle your information, if you use our Platform, you'll receive an alert from us. We will also publish the changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
14. Related companies
Heidi Health Trading Pty Ltd ABN (84 649 783 871) is located at Level 6, 71 Gipps St Collingwood VIC 3066. You can contact us via email at hello@heidihealth.com. If you have any questions regarding privacy or security, please contact us via email at support@heidihealth.com.
We are related to Oscer Enterprises Pty Limited (Incorporated in Australia), Heidi Health Ltd (Incorporated in the United Kingdom), Heidi Health Canada Inc (Incorporated in the Province of Ontario, Canada) and Heidi Health Corp (Incorporated in the State of Delaware, United States).
We may disclose your personal information to our related companies, including as set out in this policy. If you access the services of our related companies, you should also consider their privacy policy as it may be different to this policy.