Privacy & Content Policy

AT A GLANCE

  • Human in the Loop: PhysiPal is an AI-assistive tool. All AI-generated SOAP notes, summaries, and referrals are drafts. Clinicians assume 100% professional and legal responsibility for verifying and utilizing these outputs.
  • No Data Selling: We do not sell your personal or health information to third parties.
  • Data Access Limits: We only access and process your data for the specific purposes of delivering and improving PhysiPal’s functions and services.
  • Audio Privacy: Audio is processed for real-time transcription and is not stored. Once the transcript is generated, the raw audio is deleted.
  • Data Residency: Sensitive clinical data and transcripts are stored securely in Melbourne, Australia (for AU users) and within the United Kingdom (for UK users).
  • Telehealth Privacy: Telehealth sessions are end-to-end encrypted; no unrecorded audio or video data is stored on our servers.

I. CONTENT

This policy applies to all interactions within the PhysiPal ecosystem, including Communities, Patient Messaging, and Custom Branding.

1. Content Restrictions

Users are strictly prohibited from creating, sharing, transmitting, or displaying content that is:

  • a. Offensive or Discriminatory: Promoting hatred, harassment, or harm.
  • b. Medical Misinformation: Sharing health advice in Communities or the IHL Wiki that contradicts established clinical guidelines or professional standards.
  • c. Obscene or Explicit: Sexually explicit material or content that promotes exploitation.
  • d. Violent or Threatening: Content that incites violence or threatens physical harm.
  • e. Branding Misuse: Using the "Customise PhysiPal" feature to impersonate other clinics, professionals, or entities.

2. Behavioral Restrictions

  • Harassment and Bullying: Zero tolerance for intimidation within patient groups or direct messaging.
  • Data Breach: Unauthorized access to, or alteration of, other users' clinical data or personal information.

3. Enforcement

Violation of these provisions may result in immediate account termination. PhysiPal reserves the right to modify these policies at any time.

II. PRIVACY

1. WHAT INFORMATION DO WE COLLECT?

  • Clinical Documentation: We collect and process health information such as SOAP notes, EPCs, referrals, discharge summaries, Body Charts, and other clinical records as provided by the user.
  • Transcription Data: We process audio to generate transcripts. Raw audio files are used only for the duration of the transcription process and are deleted immediately after transcription.
  • Visual Media: Videos of patients for the Recorded Exercises feature.
  • Sensitive Information: Health data (symptoms, injury history, and exercise progress) collected via the Diary and Patient Feed.
  • Device Permissions: Access to Camera/Microphone (for Telehealth and Recording) and Storage (for PDF/Report generation).

2. HOW WE PROCESS YOUR INFORMATION

We process your information only for the following PhysiPal functions:

  • AI Generation: Using AI to draft clinical documentation.
  • Text Analysis (IHL): Utilising a clinically tailored AI LLM to "dejargon" patient messages and identify alternative terminology to improve health literacy.
  • Exercise Delivery: Transmitting prescriptions via the App, Email, SMS, PDF, or print.
  • Operational Use: Syncing data with third partyPractice Management Software (PMS) to simplify EHR obligations.

3. THIRD-PARTY DATA SHARING & INTEGRATIONS

PhysiPal does not sell user information. We share data only as necessary to provide the Services:

  • Inter-Clinic Cooperation: Sharing notes and reports with other clinicians at your direction via referral tools.
  • Practice Management: Syncing data to third-party EHR systems as configured by the user.

4. AI & CLINICAL RESPONSIBILITY (Human in the Loop)

PhysiPal is an AI-powered assistive platform. All AI functions are designed with a "Human in the Loop" model:

  • Draft Status: All AI-generated SOAP notes, referrals, and summaries are considered drafts.
  • Clinician Responsibility: The attending clinician assumes full legal and professional responsibility for reviewing, editing, and utilizing AI outputs. Clinicians must sign off on all documentation before it is finalized or synced to an EHR.
  • Ambient AI Consent: Clinicians are responsible for obtaining explicit patient consent before using the Ambient AI transcription feature.
  • Text Analysis Accuracy: Clinicians must verify that AI-simplified language remains medically accurate and appropriate for the patient's condition.

5. DATA STORAGE & SECURITY

  • Telehealth: Sessions are end-to-end encrypted. No unrecorded audio or video data is saved on our servers.
  • Storage Locations: * Australia: Sensitive files and transcripts are stored securely and encrypted in Melbourne, Australia.
    • United Kingdom: Data for UK users is stored securely within the United Kingdom.
  • Audio Deletion: Raw audio used for Ambient AI transcription is deleted immediately following the processing of the transcript.
  • Security Measures: We use obfuscation and industry-standard encryption to protect clinical records. Transmission of personal information is at your own risk.

6. RIGHT TO BE FORGOTTEN (DATA DELETION)

PhysiPal respects your right to have your data erased.

  • Patient Account Deletion: If a patient deletes their account, all data created or personally uploaded by that patient (e.g. Diary entries, exercise recordings they initiated) will be permanently deleted from our active databases.
  • Clinician Account Deletion: If a clinician chooses to delete their PhysiPal account, all associated clinical data will be purged from PhysiPal's servers. It is the clinician's sole responsibility to export or backup all clinical records required for their professional record-keeping obligations (typically 7–8 years) prior to account deletion. PhysiPal will not maintain or host records for deleted clinician accounts.

7. YOUR RIGHTS (AUSTRALIA & UK)

  • Australia: We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
  • United Kingdom: We comply with the UK GDPR and Data Protection Act 2018. You have the right to access, rectify, or delete your data.
  • Withdrawal of Consent: You may withdraw consent for data processing at any time by contacting us, though this may impact app functionality.

7. CONTACT US

For data access, updates, or deletion requests:Email: support@physipal.com.au

Post: PhysiPal PTY LTD, 174 Bridge Richmond 3121, Australia.