Privacy Policy — clinic-admin

🔒

By design, no patient data

clinic-admin is the operations layer of your clinic — not the clinical layer. We hold roster, compliance, fridge logs, SOPs, key dates, equipment records, supplier invoices, prep instructions and similar operational data.

We do not store patient health records, consultation notes, prescriptions, pathology results, Medicare claims or any other clinical information. Those live in your clinical software (Best Practice, Medical Director, Genie, Zedmed and the like) where they belong.

Note: free-text fields (e.g. Clinic Rules, Incidents, Prep Cards) accept whatever staff type. Use these as you would any business tool — avoid patient identifiers and follow your clinic's normal privacy practices. The full sections below explain exactly what we collect, store and protect.

Contents

Who We Are
What Data We Collect
How We Use Your Data
Data Storage & Security
Third-Party Services
Patient Data
Data Retention
Your Rights
Cookies
Changes to Policy
Contact Us

Section 1

Who We Are

Digital Treasure Pty Ltd ("we", "us", "our") operates the clinic-admin platform, a clinic operations management platform for Australian medical and allied health practices. We are based in Queensland, Australia.

This Privacy Policy explains how we collect, use, store, and protect information about you and your clinic staff when you use the clinic-admin portal at clinic-admin.com.

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Questions about this policy? Contact us at [email protected]

Section 2

What Data We Collect

We collect only the information necessary to provide the Service. This includes:

Category	Examples	Purpose
Account data	Email address, name, role	Authentication and access control
Clinic data	Clinic name, setup code	Multi-clinic account management
Staff records	Staff name, email, compliance dates (CPR, AHPRA, indemnity), phone	Optional — entered by your clinic admin for compliance tracking; not required by clinic-admin
Operational logs	Fridge temperatures, incident reports, meeting minutes	Clinic operations management
Billing data	Payment method details	Processed by Stripe — we do not store card details
Usage data	Login timestamps, feature usage	Service improvement and security

We do not collect data beyond what is needed for the Service, and we do not purchase or obtain data from third-party sources.

Section 3

How We Use Your Data

We use the information we collect to:

Provide, operate, and improve the clinic-admin platform
Authenticate users and manage access permissions
Send compliance reminder emails and important service notifications
Process subscription payments via Stripe
Respond to support requests and enquiries
Detect and prevent security incidents or misuse

We do not:

Sell your data to third parties
Use your data for advertising purposes
Share your data with other clinics or organisations
Use your data to train AI or machine learning models

Section 4

Data Storage & Security

All data entered into clinic-admin is stored on Google Firebase (Firestore), which uses AES-256 encryption at rest and TLS encryption in transit. Firebase infrastructure complies with ISO 27001, SOC 1, SOC 2, and SOC 3 standards.

Data is stored on Google Cloud Firestore in the australia-southeast1 region (Sydney). Backups are managed by Google Cloud and remain within Australian data centres. By using the Service, you consent to this storage arrangement.

We implement the following security measures:

Role-based access control — staff only see data appropriate to their role
Firebase Authentication for secure login
Firestore security rules limiting data access per clinic
No patient health records are stored in the system

Despite these measures, no system is completely secure. We encourage you to use a strong password and enable multi-factor authentication where possible.

Section 5

Third-Party Services

clinic-admin uses the following third-party services to operate:

Service	Purpose	Privacy Policy
Google Firebase	Database, authentication, file storage	firebase.google.com
Stripe	Payment processing	stripe.com/au/privacy
Resend	Transactional email delivery	resend.com/privacy
Cloudflare	Website hosting and delivery	cloudflare.com

Each of these providers has their own privacy policies and data handling practices. We select providers with strong security practices, but we are not responsible for the privacy practices of third-party services.

Section 6

Patient Data

clinic-admin is designed exclusively for clinic operational data — staff records, compliance tracking, logs, and internal communications.

      🚫 Do not enter patient data into clinic-admin. The platform is not designed, tested, or approved for storing patient health information, Medicare numbers, clinical records, or any data that would constitute "health information" under the Privacy Act 1988 (Cth). Doing so would be a misuse of the platform and your clinic's responsibility under privacy law.
    

Any data entered into the system that inadvertently contains patient information remains the responsibility of the subscribing clinic. We recommend reviewing your data entry practices regularly.

Section 7

Data Retention

We retain your data for as long as your subscription is active. Upon cancellation:

Your clinic data is retained for 30 days following cancellation
After 30 days, data is permanently deleted from our systems
You can export your data at any time using the Export function in the portal
Account logs and billing records may be retained for up to 7 years for legal and financial compliance

If you request immediate deletion of your data, contact us and we will action this within 30 days.

Section 8

Your Rights

Under the Australian Privacy Principles, you have the right to:

Access — request a copy of the personal information we hold about you
Correction — request correction of inaccurate or incomplete information
Deletion — request deletion of your personal information (subject to legal retention requirements)
Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Section 9

Cookies

clinic-admin uses minimal cookies and browser storage necessary to operate the Service, including:

Firebase Authentication session tokens (required for login)
Local preferences such as sidebar state and dismissed notices

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics or similar tracking tools.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or via a notice in the portal.

The current version of this policy is always available at clinic-admin.com/privacy.html. The "last updated" date at the top of this page indicates when the policy was last revised.

Section 11

Contact Us

For any privacy-related questions, requests, or complaints, please contact:

Digital Treasure Pty Ltd — Privacy Contact
trading as clinic-admin
Queensland, Australia
Email: [email protected]
Portal: clinic-admin.com

If you are not satisfied with our response, you may cont