Back to Home

Privacy Policy

MEDARI Privacy Policy & Data Handling Policy

Last updated: 4 December 2025

MEDARI (“we”, “us”, “our”) provides an AI-driven rostering and clinic optimisation platform for General Practices and healthcare organisations. We are committed to protecting the privacy, security, and confidentiality of all information processed through our systems.

This policy outlines how we collect, use, store, protect, and disclose information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988, as well as industry-standard security and data governance practices.

1. Information We Collect

We only collect the minimum information required to operate MEDARI safely and effectively. This includes:

1.1. Clinic Operational Data

From Best Practice (BP), manually uploaded files, or other practice systems:

  • Appointment schedules (dates, times, provider IDs)
  • Arrival and check-in timestamps
  • Wait times
  • Consultation durations (derived from billing/timestamp data)
  • Provider calendars and availability
  • Staff roles and hours (GPs, nurses, admin)
  • Clinic operational metrics (patient volume, demand patterns)

Important:

We do not collect patient names, Medicare numbers, clinical notes, diagnoses, or any identifiable health information.

1.2. User Information

For administrators and staff:

  • Full name
  • Email
  • Phone number
  • Role (e.g., GP, nurse, admin)
  • Work preferences (hours, days, availability)

1.3. Technical Information

Automatically captured when using MEDARI:

  • IP address
  • Device type
  • Browser type
  • Usage logs
  • Authentication records
  • System events

Used solely for platform performance, security, and troubleshooting.

2. How We Use Your Information

We use collected data to:

  • Generate AI-driven rosters based on clinic demand
  • Predict patient flow and optimise staffing levels
  • Provide analytics and efficiency reports
  • Support administrative functions
  • Enhance service performance
  • Maintain security and auditing
  • Facilitate integration with Best Practice

We do not use clinic data for advertising, marketing, or selling to third parties.

3. Data Minimisation & De-Identification

Where possible, MEDARI:

  • Removes all patient identifiers
  • Uses only aggregated and time-based data
  • Converts operational data into statistical patterns
  • Stores no Medicare or clinical details

All AI and forecasting models use de-identified, non-personal operational data.

4. Secure Data Storage

All data is stored in secure, encrypted infrastructure located in Australia.

Security Measures:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Strict access controls and role-based permissions
  • Multi-factor authentication for admin accounts
  • Isolated tenant architecture
  • Continuous monitoring and logging

Backup & Retention:

  • Daily encrypted backups
  • Incremental version retention
  • Secure deletion in accordance with APPs

5. Access & Permissions

Only authorised personnel may access clinic data, and only for purposes of:

  • Technical support
  • Troubleshooting
  • Integration maintenance

All access is logged, audited, and restricted on a need-to-know basis.

6. Data Sharing

We do not sell, rent, or trade data.

Data may only be shared with:

6.1. Best Practice Software

For syncing rosters back to the clinic system (if enabled).

6.2. Service Providers

Trusted partners who support infrastructure, such as:

  • Cloud hosting (AWS/Azure)
  • Email/SMS delivery tools
  • Security monitoring tools

These providers must meet strict security and confidentiality standards.

6.3. Legal or Regulatory Obligations

Only if required by law and with proper verification.

7. Data Retention & Deletion

Clinics may request:

  • Data export
  • Data correction
  • Data deletion
  • Account closure

We retain operational data only as long as necessary for:

  • Reporting
  • Compliance
  • Service performance

Upon account termination:

  • All identifiable user data is deleted
  • Operational data is anonymised or securely destroyed
  • Backups are purged according to retention cycles

8. User Responsibilities

Clinics must ensure:

  • Staff access follows least-privilege principles
  • Login credentials are kept secure
  • They comply with local privacy obligations when connecting to MEDARI

9. Cookies & Tracking

MEDARI uses minimal cookies for:

  • Authentication
  • Session management
  • Platform performance

We do not use tracking for marketing or advertising.

10. Changes to This Policy

We may update this policy periodically.

Clinics will be notified of any material changes.

11. Contact Us

For privacy inquiries or requests:

Medari Pty Ltd

support@medari.com.au
https://medari.com.au