Privacy Policy
Last updated: 9 June 2026
1. Who we are
clinicOS ("we", "us", "our") is operated by Practice Pro Solutions. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website or use the clinicOS platform. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Entity: Practice Pro Solutions Product: clinicOS — staff operations platform for medical practices Contact: support@myclinicos.com.au Website: https://myclinicos.com.au and https://app.myclinicos.com.au
2. Scope of this policy
This policy covers visitors to the clinicOS marketing website, users of the clinicOS application (practice staff authorised by their employer), and practice owners or administrators who register an organisation. clinicOS is a staff-only operations platform. It is not designed to store patient medical records, appointment schedules, pathology results, or patient communications as core product data. Patient-facing workflows are intended for MedBridge, a separate product. Document Intake exception: The Document Intake module may temporarily store patient identifiers and correspondence metadata extracted from clinical documents during the filing workflow. This data is used solely for document triage, extraction, and GP review within clinicOS, is subject to the same security controls as all platform data, and is stored in Australia. Human confirmation is required before any document is filed.
3. Information we collect
Website visitors: contact details you provide when requesting a demo; standard web analytics if enabled; cookies essential for site functionality. Platform users (staff): identity and account data; authentication data; HR and scheduling data; compliance documents; operations data; internal communications; finance data where enabled; Document Intake uploads and audit records; technical data including IP address and audit logs. We do not intentionally collect patient names, demographics, appointment data, clinical results, or patient SMS as standard clinicOS product data, except as described in the Document Intake exception above.
4. How we use information
We use personal information to provide and improve clinicOS; authenticate users; send transactional notifications; generate AI-assisted summaries from staff and operational data only; maintain audit logs; respond to enquiries; and comply with legal obligations. We do not sell personal information.
5. Practice responsibility
For platform users, the medical practice is typically the entity that collects staff information. Practice Pro Solutions processes that information as a service provider on the practice's instructions.
6. Data storage and sovereignty
All clinicOS production data is stored in Australia (AWS ap-southeast-2, Sydney region). Files are stored in Australian-region cloud object storage with encryption at rest.
7. Security
We implement MFA for privileged roles, TLS encryption in transit, encryption at rest, PostgreSQL row-level security, immutable audit logging, input validation, rate limiting, and virus scanning on uploaded files.
8. Data retention
Employment and payroll records: minimum 7 years. Drug register records: minimum 7 years. Discarded Document Intake items: 30-day soft retention. Audit logs retained for security and compliance purposes.
9. Notifiable Data Breaches
If a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under the Privacy Act.
10. Disclosure to third parties
We may share information with infrastructure providers (AWS in Australia), email providers, payment processors (Stripe), AI/OCR service providers for Document Intake, and integration partners where the practice enables them (e.g. Xero).
11. Your rights
You may request access to or correction of personal information we hold about you. Contact support@myclinicos.com.au. If unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12. Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects changes.