Last updated: 7 April 2026
Privacy Policy
This Privacy Policy describes how AI Enabled ("we", "us", "our") collects, uses, discloses, and protects your personal information when you use the ClinDraft platform ("Service"). We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as applicable US privacy laws.
1. Information We Collect
Account Information
- Name and email address (at registration)
- Authentication credentials (managed securely via Supabase Auth)
- Billing information (processed and stored by Stripe; we do not store card details)
Service Data
- Voice recordings of therapy sessions (uploaded by you)
- Transcriptions generated from your recordings
- AI-generated summaries and clinical notes
- Documents you create or upload
- Contact and patient records you enter
Technical Data
- Usage logs (pages visited, features used)
- Device and browser information
- IP address
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process your voice recordings and generate transcriptions and AI summaries
- Manage your subscription and billing
- Send transactional emails (account lifecycle notifications)
- Improve the Service (aggregated, de-identified usage analytics only)
- Comply with legal obligations
We do not sell your personal information. We do not use your clinical data (recordings, transcripts, patient records) for marketing, advertising, or training AI models.
3. How We Share Your Information
We share your information only with service providers necessary to operate the platform:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, file storage | United States |
| Stripe | Payment processing | United States |
| AssemblyAI | Audio transcription | United States |
Cross-border disclosure (APP 8): By using the Service, you consent to the transfer of your personal information to the United States for processing by these providers. Each provider maintains security standards consistent with industry best practices.
4. Data Security (APP 11)
We protect your data through:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security (RLS) ensuring users can only access their own data
- Service-role authentication for backend operations
- Regular security reviews
5. Data Retention
We retain your data for as long as your account is active. After subscription cancellation, your account automatically moves to our free plan, where your data remains fully accessible subject to free plan limits (20 active contacts, 200 MB storage).
You may request permanent deletion of your data at any time from Settings > Account. Deletion is completed within 30 days of your request. After deletion, your data cannot be recovered.
6. Your Rights
Australian Privacy Principles
- Access (APP 12): You can access your data at any time through the application, or request a full data export from Settings > Account.
- Correction (APP 13): You can correct your personal information through the application while your account is active.
- Deletion (APP 11): You can request deletion of your account and all data from Settings > Account.
- Complaints: If you have a complaint about our handling of your personal information, please contact us. If unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
US Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Opt out of the "sale" of personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
7. Sensitive Information
The Service processes health information (therapy session recordings and clinical notes), which is classified as "sensitive information" under the Privacy Act 1988 (Cth). We collect this information only with your explicit consent (provided when you upload recordings and create session records) and use it solely to provide the Service.
8. HIPAA Notice (US Healthcare Providers)
If you are a US healthcare provider subject to HIPAA, you are the "covered entity" and are responsible for your own HIPAA compliance. ClinDraft may function as a "business associate" under HIPAA. If you require a Business Associate Agreement (BAA), please contact us to discuss your requirements.
9. Cookies and Analytics
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. We may use anonymised, aggregated analytics to improve the Service.
10. Marketing
We do not send marketing emails unless you opt in. All account lifecycle emails (subscription status, account warnings) are transactional in nature and are exempt from opt-out requirements under the Australian Spam Act 2003 and US CAN-SPAM Act.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
For privacy-related enquiries or to exercise your rights, contact us at: privacy@aienabled.com.au