RecovrFlowBack to Home

Privacy Policy

Last updated: February 2026

1. Introduction

RecovrFlow Pty Ltd (“RecovrFlow”, “we”, “us”, or “our”) is committed to protecting the privacy of our users, including Allied Health Professionals, their patients, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), the Health Insurance Portability and Accountability Act (HIPAA) where applicable, and relevant international data protection regulations.

2. Information We Collect

We may collect the following types of information:

Account Information

Name, email address, professional credentials, clinic or organisation name, and contact details provided during registration.

Clinical Data

Patient assessment data, clinical notes, session recordings (via Ambient Consult Mode), treatment plans, and associated documentation entered or generated through the platform.

Usage Data

Log data, device information, browser type, IP address, pages visited, and interactions with the platform for analytics and improvement purposes.

Waitlist Information

Email addresses and any additional information submitted through our waitlist or contact forms.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the RecovrFlow platform and services
  • Generate clinical reports and documentation compliant with NDIS, Medicare, and private health insurance requirements
  • Validate clinical recommendations against insurance compliance criteria via Active Logic Gates
  • Improve and personalise the platform experience
  • Communicate with you, including sending product updates, security alerts, and support messages
  • Comply with legal obligations and enforce our terms of service

4. Data Storage and Sovereign Data Residency

RecovrFlow employs a Sovereign Data Residency architecture. All clinical and patient data is stored in the jurisdiction where the treating clinician operates. Data is regionally sharded across our infrastructure:

  • Australia: Sydney region
  • United States: N. Virginia region
  • Europe: Frankfurt region

Patient data never crosses jurisdictional borders unless explicitly authorised. All data is encrypted at rest and in transit using industry-standard encryption protocols.

5. Disclosure of Information

We do not sell, rent, or trade your personal or clinical information. We may share information only in the following circumstances:

  • Service Providers: Trusted third-party providers who assist in operating the platform (e.g., cloud hosting, analytics), bound by strict confidentiality obligations
  • Legal Requirements: When required by law, regulation, or legal process
  • Safety: To protect the rights, property, or safety of RecovrFlow, our users, or the public
  • Consent: With your explicit consent for any other purpose not listed above

6. Security

We implement robust technical and organisational measures to protect your data, including:

  • AES-256 encryption at rest and TLS 1.3 encryption in transit
  • Role-based access controls and multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Comprehensive audit logging for all data access and modifications

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention obligations
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain types of processing of your personal information

To exercise any of these rights, please contact us at the details provided below.

8. Cookies and Tracking Technologies

We use essential cookies to maintain your session and ensure the platform functions correctly. We may also use analytics cookies (such as Vercel Analytics) to understand how the platform is used and to improve the experience. We do not use cookies for advertising purposes.

9. Third-Party Links

Our platform may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Children’s Privacy

RecovrFlow is designed for use by qualified Allied Health Professionals. We do not knowingly collect personal information directly from children under 16. Where clinicians manage paediatric patient data through the platform, such data is handled in accordance with applicable laws and with appropriate parental or guardian consent.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website with a revised “Last updated” date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

RecovrFlow Pty Ltd

Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.