PRIVACY POLICY
Last updated: 23 April 2026. RecallQ Pty Ltd complies with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
On behalf of your practice we process the minimum personal information needed to send recall messages: patient name, mobile, last visit date, treatment type, and recall window. For your practice staff we also store name, email, and role.
Personal information is used solely to (a) identify overdue patients, (b) generate and send recalls at your practice's direction, and (c) route replies back to your practice. We do not use patient data to train AI models.
All personal information is stored in Supabase ap-southeast-2 (Sydney). Nothing is transferred outside Australia for storage.
Patient records are retained while your practice uses RecallQ, plus a 30-day export window after cancellation. Message logs are retained for 24 months for Spam Act compliance.
Under the APPs you or your patients (via your practice) may request access to, correction of, or deletion of personal information. Email privacy@recallq.com.au.
On confirmation of an eligible data breach under the Notifiable Data Breaches scheme, we will notify your practice within 24 hours and assist with OAIC notification.