Back to Home
Last Updated: 1 October 2025
APP Compliant

Privacy Policy

Your privacy is fundamental to how we operate. This policy explains how AudZone collects, uses, and protects your personal and health information.

Australian Hosted
PHI Protection
HIPAA Compliant

Quick Navigation

Information We CollectHow We Use InformationInformation DisclosureData SecurityYour RightsContact Us

1. Introduction

AudZone Pty Ltd ("AudZone", "we", "our", or "us") provides AI-powered clinical documentation services for audiologists and hearing care professionals. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

By using our services, you acknowledge that you have read and understood this Privacy Policy. This policy applies to all users of our platform, including hearing care professionals (clinicians), their patients, and administrative staff.

Effective Date: 1 October 2025
Last Updated: 1 October 2025

2. Information We Collect

2.1 Patient Information

We collect the following patient information as part of clinical documentation:

  • Identification Details: Names, date of birth, external patient identifiers
  • Health Information: Audio recordings of clinical sessions, transcripts, hearing assessments, treatment history, medical conditions
  • Clinical Documentation: AI-generated clinical notes, treatment plans, compliance assessments
  • Consent Records: Documentation of patient consent for recording and data processing

2.2 Clinician Information

For hearing care professionals using our platform:

  • Account Details: Name, email address, professional credentials, role
  • Performance Insights: Clinical effectiveness metrics, patient engagement scores (for self-improvement only)
  • Usage Data: Session logs, feature usage patterns, system interactions

2.3 Company/Clinic Information

  • Business Details: Clinic name, address, phone, specialties, logo
  • Integration Data: ERM system connections, appointment information

Note: We only collect information necessary for providing our clinical documentation services. We do not collect information for marketing purposes.

3. How We Use Information

3.1 Primary Purposes

We use collected information for:

  • Clinical Documentation:Generate accurate, AI-powered clinical notes from patient sessions
  • Quality Improvement:Provide clinicians with performance insights for professional development
  • Patient Care:Maintain comprehensive patient records and treatment histories
  • Compliance Monitoring:Ensure documentation meets clinical standards and regulatory requirements

3.2 AI Processing

We use artificial intelligence to enhance clinical documentation:

Audio Transcription

Convert clinical session recordings into accurate text transcripts with speaker identification

Clinical Note Generation

Create comprehensive clinical notes from session transcripts using AI

Metrics Extraction

Analyze sessions to provide quality metrics and improvement recommendations

History Extraction

Automatically identify medical history, symptoms, and treatments from conversations

PHI Protection: All patient identifiable information is automatically replaced with pseudonyms (e.g., [PATIENT_1]) before AI processing. Original names are restored only in your local system.

4. Information Disclosure

4.1 Service Providers

We engage trusted service providers to deliver our services. These providers do not store your data and only process it temporarily:

Deepgram (Audio Transcription)

United States
  • • Processes audio recordings in real-time
  • • No data retention - processing only
  • • SOC 2 Type II certified

OpenAI (AI Processing)

United States
  • • Receives de-identified transcripts (PHI removed)
  • • No data retention via API settings
  • • Enterprise agreement with data protection

Supabase (Infrastructure)

Sydney, Australia
  • • All data stored in Sydney, Australia
  • • SOC 2 compliant infrastructure
  • • Encryption at rest and in transit

Vercel (Application Hosting)

Australia
  • • Application hosted in Australia
  • • Enterprise-grade security
  • • No patient data storage

4.2 Cross-Border Data Transfers

When we transfer data internationally for processing, we ensure:

  • Personal identifiers are removed or replaced with pseudonyms
  • Service providers are contractually prohibited from data retention
  • Processing occurs under strict security protocols
  • Data is immediately deleted after processing

4.3 Other Disclosures

We may also disclose information:

  • • When required by law or court order
  • • To prevent serious threats to health or safety
  • • With your explicit consent
  • • To defend legal claims or enforce our rights

We never: Sell your data, use it for marketing, or share it with third parties for their commercial purposes.

5. Data Security

We implement comprehensive security measures to protect your information:

Encryption

TLS 1.3 for data in transit, AES-256 for data at rest

Access Controls

Role-based permissions with multi-tenant isolation

PHI Protection

Automatic sanitization of 15+ identifier types

Infrastructure

Australian-hosted with enterprise security

5.1 Security Features

  • Row-level security on all database tables
  • Automatic session timeout for inactive users
  • Comprehensive audit logging (without PHI)
  • Regular security assessments and updates
  • Secure API endpoints with PHI protection

5.2 Data Breach Response

In the unlikely event of a data breach, we will:

  1. Immediately contain and assess the breach
  2. Notify affected individuals within 72 hours if required
  3. Report to the OAIC as per the Notifiable Data Breaches scheme
  4. Take remedial action to prevent future incidents

6. Your Rights

Under the Australian Privacy Principles, you have the following rights:

Access Your Information

You can request access to the personal information we hold about you.

Download recordingsExport transcriptsCopy clinical notes

Correct Your Information

You can request correction of inaccurate or outdated information.

Edit patient detailsUpdate session informationModify clinical notes

Delete Your Information

You can request deletion of your personal information.

Delete sessionsRemove recordingsRequest full deletion

Data Portability

You can export your data in common formats.

WAV audioPDF documentsText transcripts

6.1 How to Exercise Your Rights

To exercise any of these rights:

  1. Use the self-service features in your account dashboard
  2. Contact our Privacy Officer at privacy@audzone.com.au
  3. Submit a written request to our office address

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Clinical Records

Patient sessions, recordings, and notes

7 years

Account Information

User profiles and access logs

While active + 90 days

Deleted Data

Permanently removed from all systems

Within 30 days

Backup Data

For disaster recovery purposes

90 days

Retention periods may be extended if required by law, legal proceedings, or professional standards.

8. Consent

8.1 Patient Consent

We require explicit consent before:

  • • Recording clinical sessions
  • • Processing recordings with AI
  • • Generating clinical documentation
  • • Extracting performance metrics

Consent is tracked per session and patients may withdraw consent at any time.

8.2 Clinician Consent

By using our service, clinicians consent to:

  • • AI processing of de-identified session data
  • • Generation of performance metrics for quality improvement
  • • Cross-border processing with PHI protection
  • • Storage of clinical documentation

You can manage consent preferences in your account settings at any time.

9. Children's Privacy

Our service processes health information of patients of all ages as part of clinical care. For patients under 18 years of age:

  • • Parental or guardian consent is required
  • • Information is handled with additional care
  • • Access is restricted to authorized clinicians
  • • Deletion requests must come from parent/guardian

10. Cookies and Tracking

We use minimal cookies necessary for platform functionality:

Essential Cookies

Authentication, security, and user preferences

What We Don't Use

  • • No marketing or advertising cookies
  • • No third-party analytics (Google Analytics, Facebook Pixel)
  • • No cross-site tracking
  • • No behavioral profiling

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • • We will notify you via email
  • • An in-app notification will be displayed
  • • We may require acknowledgment for significant changes
  • • The "Last Updated" date will be revised

Continued use of our services after changes indicates acceptance of the updated policy.

12. Contact Us

Privacy Officer

Christo Fourie

Privacy Officer

privacy@audzone.com.au

For privacy inquiries and data requests

Suite 9-10 / 60 Cecil Avenue
Lawton House, Castle Hill
NSW 2154, Australia

Complaint Process

  1. Contact our Privacy Officer
  2. We acknowledge within 48 hours
  3. Investigation and response within 30 days
  4. If unsatisfied, contact the OAIC

Office of the Australian Information Commissioner

1300 363 992
enquiries@oaic.gov.au
www.oaic.gov.au

We are committed to protecting your privacy and handling your information responsibly. If you have any questions or concerns, please don't hesitate to contact us.

Australian Privacy Principles Compliant

AudZone is committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We regularly review and update our practices to ensure ongoing compliance.

APP Compliant
HIPAA Standards
Australian Hosted
PHI Protected

© 2025 AudZone Pty Ltd. All rights reserved.

ABN: 97 683 093 969

Terms of ServiceSecurityContact