Policy
Important policy information for our users and clients.
Akuna Tec Pty Ltd
ABN 40 696 330 248
Privacy Policy
1. ABOUT THIS POLICY
1.1 This policy document explains how Akuna Tec Pty Ltd (ABN 40 696 330 248) (Akuna Tec, we, us, our) collects, holds, uses and discloses personal information (including health and other sensitive information) in connection with the provision of our software-as-a-service application, Akuna (Akuna, application), to allied health Business or Practices and their patients (Privacy Policy or this Policy).
1.2 Akuna Tec is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), and, where applicable, relevant State and Territory health records legislation (including, for example, the Health Records and Information Privacy Act 2002 (NSW) and the Health Records Act 2001 (Vic)).
1.3 This Policy applies to all dealings with us in connection with our allied health software platform and related services, including use of our web application, mobile application and any associated websites, forms or communication channels.
1.4 By using our application or otherwise providing personal information to us, you consent to the collection, use and disclosure of your personal information as described in this Privacy Policy, unless you withdraw your consent, where consent is required under law.
1.5 We may update this Privacy Policy from time to time. The most current version will be made available through our website or application.
2. ROLES AND RESPONSIBILITIES
2.1 For the purposes of the Privacy Act and the APPs, Akuna Tec is an “APP entity” and is responsible for handling personal information in connection with the operation of its software platform and related services.
2.2 In most cases:
(a) each allied health Business or Practice using our application (Business or Practice) is responsible for determining the purposes for which, and the means by which, it collects, uses and discloses information about its patients and other individuals via the application; and,
(b) Akuna Tec provides and administers the application and related services for the Business or Practice.
2.3 Akuna Tec is responsible for:
(a) providing, maintaining and securing the platform and underlying infrastructure;
(b) implementing and maintaining appropriate technical and organisational measures to protect personal information processed through the platform; and,
(c) complying with the Privacy Act and applicable health privacy legislation when handling personal information.
2.4 Each Business or Practice is responsible for:
(a) obtaining any consents, authorisations and notices required under applicable privacy and health records laws before entering or uploading patient or other personal information into the application;
(b) ensuring the accuracy, quality and lawfulness of personal information it uploads or otherwise makes available via the application; and,
(c) complying with its own obligations as a health service provider and APP entity (or equivalent under health privacy legislation) in respect of its patients and other individuals.
2.5 Each Patient is responsible for ensuring the accuracy, quality and lawfulness of personal information it uploads or otherwise makes available via the application.
2.6 Nothing in this Policy limits any privacy or data protection obligations set out in any agreement between Akuna Tec and a Business or Practice, including any software-as-a-service agreement governing the provision of the application and related services.
3. TYPES OF INFORMATION WE COLLECT
3.1 Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
3.2 Health information is a type of sensitive information and includes information or an opinion about an individual’s health, health services provided to an individual, or an individual’s expressed wishes about future health services, as well as certain genetic information and information collected in connection with the donation of body parts, organs or substances.
3.3 The types of personal information we may collect, use and deal with through the application and our related services include (as relevant):
(a) Identification and contact information
(i) name, title, date of birth, gender;
(ii) residential or postal address;
(iii) email address, telephone number(s);
(iv) Business or Practice or employer details and professional role (for healthcare providers and staff)
(v) Information relevant to GST and account administration.
(b) Account and profile information
(i) usernames, passwords and security credentials;
(ii) user role (e.g. practitioner, Business or Practice administrator, patient, guardian/carer);
(iii) communication and marketing preferences.
(c) Health and other sensitive information (primarily in relation to patients and, where relevant, allied health practitioners)
(i) health history, presenting conditions, diagnoses, treatment notes and clinical observations;
(ii) imaging, reports, referrals, prescriptions and treatment plans;
(iii) information about disability, functional status and mobility;
(iv) information about injuries, pain, symptoms, rehabilitation and recovery;
(v) appointment history, attendance and compliance information;
(vi) information relating to allied health services (e.g. physiotherapy, chiropractic, osteopathy, exercise physiology, psychology or other services) provided to the individual;
(vii) Medicare, private health or other funding claim details to the extent they reveal health information.
(d) Transactional and payment information
(i) billing and payment records associated with services provided by your Business or Practice, such as payment method (e.g. bank account or card details processed via third party payment gateways), invoices and receipts;
(ii) information relating to health insurance claims and rebates, where relevant.
(e) Technical and usage information
(i) log data such as IP address, device identifiers, browser type, operating system, access times and referring website addresses;
(ii) information about how you use the application and our websites (for example, pages viewed, features used, error logs and performance data);
(iii) cookie and similar technology data (see section 5 below).
(f) Other information
(i) information you choose to provide to us in communications (including via email, support requests or feedback forms);
(ii) information collected in connection with job or contractor applications (e.g. employment history, qualifications, referees) where applicable.
3.4 If you do not provide certain information, we or a may not be able to provide you with some or all of the services you request, or the functionality of the application may be limited (for example, if you do not provide necessary health information, the Business or Practice may not be able to safely deliver allied health services via the application).
4. HOW WE COLLECT PERSONAL INFORMATION
4.1 We collect personal information only by lawful and fair means and, where required, with your consent.
4.2 We may collect personal information:
(a) directly from you when you:
(i) create an account or register as a user;
(ii) complete electronic or paper forms (e.g. intake forms, consent forms, appointment requests);
(iii) use the application or associated websites, including when you upload content, enter health information, schedule appointments or communicate with Business or Practice’;
(iv) contact us via email, phone, in-app messaging, support portal or other communication channels;
(b) from ‘s and allied health providers, where they input or upload information about you (for example, as a patient) into the application in the course of providing health services to you;
(c) from third parties where you have authorised them to share your information with us or a business (for example, another treating practitioner, a referrer, insurer, compensation body or funding agency);
(d) from publicly available sources or databases where permitted by law.
4.3 Health information and other sensitive information is generally collected with the informed consent of the individual concerned, except where an exception under the Privacy Act or applicable health records legislation applies (for example, where collection is necessary to prevent or lessen a serious threat to life, health or safety and it is impracticable to obtain consent).
4.4 Once collected, personal information may be held either in physical form (where applicable) at our or a business’s premises, or in electronic form on secure servers and systems operated by us or on our behalf in Australia or in other jurisdictions, subject to the safeguards described in this Policy.
5. OUR WEBSITES, COOKIES AND ANALYTICS
5.1 When you access the application or our websites, we may collect certain technical and usage information as described in section 3.3 above.
5.2 We may use cookies and similar technologies to:
(a) enable core functionality of the application and websites (e.g. login, session management, language preferences);
(b) help us understand how users interact with our services (e.g. which features are used and how often);
(c) support security measures and fraud prevention.
5.3 Most browsers and devices allow you to disable or manage cookies through settings. However, if you disable cookies, some features of the application or website may not function properly.
5.4 Our websites and application may contain links or integrations to third party sites, services or content. We are not responsible for the privacy practices of those third parties. You should review the privacy policies of those third parties before providing them with your personal information.
6. WHY WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION
6.1 We may collect, hold, use and disclose personal information for the following purposes, to the extent permitted by law:
Provision of allied health and related services
(a) to enable Business or Practices and their authorised users to:
(i) manage patient records and clinical documentation;
(ii) assess, diagnose, treat and manage health conditions;
(iii) schedule, confirm and manage appointments;
(iv) deliver telehealth and other remote care services;
(v) document and coordinate care among multiple allied health providers;
(b) to provide, operate and administer the application and related services, including user account management, configuration, support and maintenance;
Payments, funding and administration
(c) to facilitate billing, payments and claims processing (including through third party payment processors and funding bodies);
(d) to manage our s operations, including planning, quality assurance, training and compliance activities;
Support and communications
(e) to communicate with s, practitioners, patients and other users about the application, appointments, updates and support matters;
(f) to handle enquiries, support requests, feedback and complaints;
Development, analytics and improvement
(g) to monitor, analyse and improve the performance, functionality and user experience of the application and our services, including through the use of de‑identified or aggregated data and analytics;
(h) to conduct research, customer surveys, marketing, quality improvement and benchmarking activities in accordance with applicable law and using third party websites or analytic website and platforms;
Legal, regulatory and risk management
(i) to comply with our legal, regulatory and professional obligations, including under health, privacy and record‑keeping laws;
(j) to establish, exercise or defend legal claims, or in connection with actual or prospective legal proceedings;
(k) to prevent, detect and respond to misuse of the application, security incidents, fraud or other unlawful or harmful activity;
Marketing and optional communications
(l) to send you information about our products and services that may be of interest to you. You can opt out of receiving these communications at any time using the unsubscribe facility or by contacting us.
6.2 We will generally only use or disclose personal information for the primary purpose for which it was collected, for a directly related secondary purpose that the individual would reasonably expect, with the individual’s consent, or as otherwise permitted or required by law.
6.3 Where we rely on consent as the legal basis for collecting, using or disclosing personal information (including health information), you may withdraw your consent at any time by contacting us. However, withdrawal of consent may affect your ability to use certain features of the application or to receive certain services.
7. DISCLOSURE OF PERSONAL INFORMATION
7.1 We may disclose personal information to:
(a) the relevant Business or Practice and its authorised users involved in your care or the operation of the Business or Practice (for example, allied health practitioners, Business or Practice staff and Business or Practice management);
(b) other healthcare providers involved in your care, where requested or authorised by you or otherwise permitted by law (for example, your general practitioner, specialist or referrer);
(c) third party service providers who help us deliver, maintain and support the application and our business operations, such as:
(i) hosting, cloud, data storage and backup providers;
(ii) IT and security service providers;
(iii) payment processors and billing providers;
(iv) analytics and customer support service providers;
(d) professional advisers (such as lawyers, accountants and auditors), insurers and prospective purchasers or investors (subject to confidentiality obligations), where reasonably necessary for our business operations;
(e) government agencies, regulators, courts, tribunals, law enforcement bodies or other third parties where required or authorised by law, or where we reasonably consider it necessary to protect the safety, rights or property of any person.
7.2 We require third party service providers who handle personal information on our behalf to comply with applicable privacy laws and to implement appropriate safeguards to protect that information, including through contractual obligations.
7.3 We do not sell personal information.
8. OVERSEAS DISCLOSURES
8.1 Some of our third party service providers (including cloud hosting, backup, analytics or support services) may be located outside Australia or may store personal information on servers located outside Australia.
8.2 Where we disclose personal information to an overseas recipient, we will take reasonable steps to ensure that the recipient complies with and does not breach the APPs in relation to that information, for example by:
(a) entering into appropriate contractual arrangements with the recipient; and
(b) assessing the recipient’s privacy and security practices and the privacy legislation applicable to the jurisdiction in which the recipient operates.
8.3 By using the application or providing us with personal information, you consent to the disclosure of your personal information to overseas recipients as described in this Policy, where such disclosure is reasonably necessary for the purposes set out in section 6 and is permitted by law.
9. HOW WE PROTECT PERSONAL INFORMATION
9.1 We take reasonable steps to protect personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.
9.2 Measures we use include, as appropriate:
(a) technical measures such as encryption in transit and at rest, secure network links, firewalls, intrusion detection and prevention systems, anti‑virus and anti‑malware protections, access controls and logging;
(b) organisational measures such as role‑based access, staff training and confidentiality obligations;
(c) separation of environments and data segmentation to logically separate data and, where appropriate, to separate identifying and clinical information;
(d) regular testing, monitoring and review of the effectiveness of our security controls and processes;
(e) processes to identify, respond to and remediate suspected security incidents and data breaches.
9.3 While we use reasonable safeguards to protect personal information, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security of personal information transmitted to or stored in our systems.
10. DATA RETENTION AND DESTRUCTION
10.1 We retain personal information for as long as is reasonably necessary for the purposes set out in this Policy, or as required or permitted by law.
10.2 For health information held by us or Business or Practices using our application, minimum retention periods are generally determined by applicable health records legislation or professional standards, which may require:
(a) for adults – retention for at least 7 years from the last occasion on which a health service was provided;
(b) for individuals under 18 years – retention at least until the individual attains 25 years of age.
10.3 Akuna Tec may also retain certain records for longer periods where necessary to comply with legal obligations, to resolve disputes or to enforce agreements.
10.4 When personal information is no longer required and retention is no longer required by law, we will take reasonable steps to destroy or permanently de‑identify the information in a secure manner, subject to any technical or operational limitations.
11. CHILDREN’S PRIVACY
11.1 Our application may be used to manage allied health services for children and young people.
11.2 Where a child lacks capacity to make informed decisions about their health information, we generally rely on the consent or authorisation of a parent, legal guardian or other authorised representative, in accordance with applicable law.
11.3 We do not knowingly collect personal information directly from children without the appropriate involvement of a parent, guardian or authorised representative where such involvement is required by law.
12. ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
12.1 You have the right to request access to personal information we hold about you and to request correction of that information if it is inaccurate, out‑of‑date, incomplete, irrelevant or misleading, subject to any applicable legal exceptions.
12.2 To request access to, or correction of, your personal information, please contact us using the contact details in section 15below. We may need to verify your identity (or, where applicable, your authority to act on behalf of another person) before processing your request.
12.3 In many cases, if you are a patient of a Business or Practice, your primary access to your health record will be through that Business or Practice as the controller of your clinical information. We may refer your request to the relevant Business or Practice where appropriate.
12.4 We will respond to your request within a reasonable period. We may charge a reasonable fee to cover administrative costs in providing you with access where the effort required is substantial, but we will let you know about any fee in advance.
12.5 If we decline your request for access or correction, we will provide you with written reasons (unless it is unreasonable to do so) and information about how you can complain about the decision.
13. MARKETING COMMUNICATIONS
13.1 We may, from time to time, send you information about our products and services that we think may be of interest to you, where permitted by law.
13.2 You can opt out of receiving marketing communications at any time by using the unsubscribe facility in the communication or by contacting us using the details in section 15below.
13.3 Opting out of marketing communications will not affect your receipt of operational or service messages that are reasonably necessary for the use of the application or for the provision of services (such as appointment reminders or important service announcements).
14. PRIVACY QUERIES AND COMPLAINTS
14.1 Your privacy is important to us and we will take reasonable steps to address any concerns you may have.
14.2 If you have a question about this Policy, our handling of personal information, or if you wish to make a complaint, please contact us using the details in section 15 below and provide:
(a) your name and contact details;
(b) a description of your question or complaint; and
(c) any relevant supporting information.
14.3 We will acknowledge receipt of your complaint and will investigate it in a timely manner. We will endeavour to respond in writing within a reasonable period and, in any event, within 30 calendar days after receiving your complaint.
14.4 If you are not satisfied with our response, you may be able to refer your complaint to the Office of the Australian Information Commissioner or, where applicable, to a State or Territory health privacy regulator.
15. CONTACTING US
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or wish to make a complaint, please contact:
Privacy Officer
Akuna Tec Pty Ltd
5/48 Sandford Street, Mitchell, ACT 2911
T: 02 6156 1308
We will endeavour to respond to you within 30 calendar days after receiving your query, request or complaint.
16. CHANGES TO THIS PRIVACY POLICY
16.1 We may amend or update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.
16.2 We will publish the updated Privacy Policy via our website or application. The updated Privacy Policy will apply from the date it is published, and your continued use of the application or our services after that date will constitute acceptance of the updated Policy.
Dated April 2026
Last updated: 4/30/2026