Privacy Policy

Effective Date: January 1, 2024

Compliant with Australian Privacy Act 1988 and Australian Privacy Principles

Our Privacy Commitment

BloodResults.au is committed to protecting your privacy and handling your personal health information in accordance with Australian privacy laws. Your health data remains in Australia and is never shared without your explicit consent.

1. Information We Collect

Personal Information

  • Name, email address, phone number
  • Date of birth and gender (for age/gender-specific benchmarks)
  • Address (Australian addresses only)
  • Payment information (processed securely through Stripe)

Health Information

  • Blood test results from uploaded pathology reports
  • Health profile information (height, weight, activity level)
  • Medical conditions and medications (if voluntarily provided)
  • Health trends and analysis data generated by our system

Technical Information

  • IP address, browser type, device information
  • Usage data and interaction with our platform
  • Cookies and similar tracking technologies
  • Log files and system activity

2. How We Use Your Information

Primary Purposes

  • Analyze and interpret your blood test results
  • Provide personalized health insights and trend analysis
  • Compare your results against Australian population benchmarks
  • Generate health reports and educational content

Secondary Purposes

  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Send service-related notifications and updates
  • Improve our platform and develop new features
  • Conduct research using anonymized, aggregated data

Marketing Communications: We only send marketing emails with your explicit consent. You can unsubscribe at any time using the link in our emails.

3. Data Sharing and Disclosure

We do not sell your personal or health information to third parties. We may share your information only in the following circumstances:

With Your Consent

  • When you explicitly authorize us to share specific information
  • Integration with health apps or services you choose to connect

Service Providers

  • Cloud hosting providers (Australian-based)
  • Payment processors (Stripe - with strong data protection)
  • Email service providers (for service communications only)
  • Analytics and performance monitoring services

Legal Requirements

  • When required by Australian law or court order
  • To protect our rights or investigate fraud
  • In case of medical emergency (with appropriate authorization)

Never Shared: We never share your individual health data for marketing purposes or with insurance companies, employers, or other third parties without your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your personal and health information:

Technical Safeguards

  • End-to-end encryption for data transmission (TLS 1.3)
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication for account access
  • Regular security updates and patch management

Organizational Safeguards

  • Limited access on a need-to-know basis
  • Employee training on privacy and security practices
  • Secure development practices and code reviews
  • Incident response and breach notification procedures

For more details about our security practices, see our Security Overview.

5. Australian Data Residency

🇦🇺 Your Data Stays in Australia

All personal and health information is stored exclusively on servers located in Australia. Your data is never transferred offshore or stored outside Australian jurisdiction.

  • Primary data centers: Sydney and Melbourne (AWS Australia)
  • Backup and disaster recovery: Within Australia only
  • Compliance with Australian Government data sovereignty requirements
  • Subject to Australian privacy and data protection laws

Learn more about our data residency commitments in our Data Residency Policy.

6. Your Privacy Rights

Under Australian privacy law, you have the following rights:

Access and Correction

  • Request access to your personal information we hold
  • Request correction of inaccurate or outdated information
  • Download your data in a portable format

Control and Deletion

  • Request deletion of your personal information
  • Withdraw consent for marketing communications
  • Opt-out of data processing for specific purposes
  • Close your account and delete all associated data

How to Exercise Your Rights

Via Your Account: Most data access and deletion functions are available in your account settings.

Email Us: [email protected]

Response Time: We respond to privacy requests within 30 days.

7. Data Retention

  • Account Information: Retained while your account is active
  • Health Data: Retained for 7 years after account closure (as per Australian health record requirements)
  • Payment Data: Retained for 7 years for tax and accounting purposes
  • Usage Data: Anonymized and retained for platform improvement

You can request earlier deletion of your data, subject to legal retention requirements.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in and maintain your session
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide personalized content and features

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16 without parental consent.

For users aged 16-18, we recommend parental involvement in account creation and data management decisions.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered email address
  • Prominent notice on our platform
  • Updated "effective date" at the top of this policy

11. Contact Us and Privacy Complaints

Privacy Officer

Email: [email protected]

Phone: 1300 XXX XXX

Address: [Company Address]

Privacy Complaints Process

  1. Submit your complaint to our Privacy Officer
  2. We will acknowledge receipt within 5 business days
  3. Investigation and response within 30 days
  4. If unsatisfied, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

OAIC Contact:
Phone: 1300 363 992
Website: www.oaic.gov.au
Email: [email protected]

This Privacy Policy was last updated on January 1, 2024. We review our privacy practices regularly to ensure ongoing compliance with Australian privacy laws.