Privacy Policy

PracticeIQ (practiceiq.health) is an AI-powered patient success platform operated by PracticeIQ Pty Ltd, based in Sydney, Australia. We provide automated patient communication services to Allied Health clinics using Cliniko practice management software.

We collect information in two categories:

Practice information (from clinics that sign up)

• Business name, practitioner name, email address
• Practice address and phone number
• Cliniko API key (stored encrypted, never readable by our team)
• Opening hours and practice preferences
• Billing information (processed by Stripe — we never store card details)

Patient communication data (via your clinic's Cliniko)

• First name and phone number (for sending messages)
• Appointment date and type (to personalise messages)
• Message delivery status and patient replies
• HEP check-in responses

We do NOT collect

• Medical records, diagnoses, or clinical notes
• Medicare or health fund numbers
• Payment information from patients
• Any information not needed to send the messages your clinic has authorised

We use practice and patient data solely to:

• Send automated messages authorised by the clinic (appointment reminders, HEP check-ins, reactivation messages)
• Display analytics to the clinic in their dashboard
• Improve message delivery reliability

We do NOT:

• Sell data to any third party
• Use patient data for advertising
• Share data between clinics
• Train AI models on patient conversations

• All data is stored on servers located in Sydney, Australia (Railway.app infrastructure)
• Cliniko API keys are encrypted using AES-256 (Fernet encryption) before storage
• Patient message content is never stored in full — only metadata (delivery status, timestamp, channel)
• All data in transit is encrypted via TLS/HTTPS
• We comply with the Australian Privacy Act 1988 and the Privacy Principles

• Patient communication logs: 90 days
• Campaign records (reactivation, no-show): 180 days
• Practice account data: retained while account active, deleted within 30 days of account closure on request
• Audit logs: 12 months

As a PracticeIQ customer, your clinic is responsible for:

• Having appropriate consent from patients to receive automated messages
• Complying with the Australian Spam Act 2003
• Ensuring patient contact details in Cliniko are accurate and up to date
• Informing patients that automated messages may be sent from your practice

PracticeIQ uses these third-party services:

• Twilio (twilio.com) — for sending SMS and WhatsApp messages. Messages pass through Twilio's infrastructure.
• Anthropic Claude API — for generating personalised message content. No patient identifiers are sent to Anthropic.
• Stripe — for billing. We never see or store your card details.
• SendGrid — for sending email notifications to clinics.
• Railway.app — for hosting and infrastructure (Sydney region).

Patients who receive messages from a PracticeIQ-enabled clinic can:

• Reply STOP to any SMS to opt out of future messages
• Contact the clinic directly to request their communication preferences be updated
• Contact us at privacy@practiceiq.health to request information about data held

As a PracticeIQ clinic you can:

• Export or delete your account data at any time from your dashboard
• Request full data deletion by emailing privacy@practiceiq.health
• We will respond to data requests within 30 days

In the event of a data breach affecting personal information, we will notify affected clinics and the Office of the Australian Information Commissioner (OAIC) within 30 days, as required by the Privacy Act.

Privacy enquiries:

• Email: privacy@practiceiq.health
• Postal: PracticeIQ, Sydney NSW Australia

We may update this policy. Clinics will be notified by email of material changes. Continued use of PracticeIQ constitutes acceptance of the updated policy.