Medow Health Privacy Policy

In this Privacy Policy, 'us' 'we' or 'our' means Medical Minds AI Pty Ltd (ACN 671 845 828), an Australian company doing business as Medow Health, and its related entities or body corporates. We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store and disclose your Personal Information.

This Privacy Policy applies to two distinct groups of people:

1. Doctors, clinicians and other healthcare professionals or providers (“Healthcare providers”); and
   

2. Patients of the Healthcare providers and those receiving services from the Healthcare providers (“Patients”). 
   

Except where this Privacy Policy specifies otherwise, it applies to both Healthcare providers and Patients. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

1. Definitions

   In this Privacy Policy, the following capitalised terms have the following meanings:
   
   ‍Australian Privacy Act means the Privacy Act 1988 (Australian Commonwealth).
   ‍Data Protection Laws mean the Australian Privacy Act, the New Zealand Privacy Act and the PDPA .
   ‍New Zealand Privacy Act means the Privacy Act 2020 (New Zealand).
   ‍Non-personal Information means information that does not relate to a person and/or cannot be used to identify a person.
   ‍PDPA means the Personal Data Protection Act 2012 (Singapore).
   ‍Personal Information means any information which can be used to identify an individual, and described in detail in clause 2.
   ‍Services mean the provision of the transcription and report writing services and any other goods or services offered by us on a payment or free-of-charge basis.

2. What Personal Information do we collect?

   Patients
   If you do not consent to the recording of your consultation, then please tell your Healthcare provider and they will not record the consultation. 
   Your Healthcare provider uses Medow Health to record and transcribe your consultation. Medow Health records the consultation and then provides accurate reports on the consultation for the Healthcare provider. Our service does not provide medical advice to you or the Healthcare provider, and your Healthcare provider will review and approve the reports before storing the reports in your medical file.

   • Medow Health has adopted a privacy by design approach and the Service has been designed to limit the amount of personal information collected about Patients. 
   • When Healthcare providers use our services then the conversation between you and the Healthcare provider is recorded and our services automatically generate notes from that conversation. All recordings are deleted after 7 days unless the Healthcare provider explicitly requires otherwise.
   • Our services also integrate with the Healthcare providers internal records systems to extract the appointment record so that we can match the recording and notes with the correct individual patient. Each Patient’s Personal Information is extracted and used for this matching purposes. 
   • We do not collect or use any contact information about you. 

   Healthcare Providers
   

   1. We may collect Personal Information about staff at Healthcare providers when they use the Services, register for an account with the Services or interact with us in any way.
   2. Information we automatically collect: We also automatically collect certain technical data that is sent to us from the computer, mobile device and/or browser through which Services are used (Automatic Data). Automatic Data, includes without limitation, a unique identifier associated with an access device and/or browser (including, for example, Internet Protocol (IP) address), characteristics about the access device and/or browser, statistics on activities on the Services, details of the Services we have supplied or that are enquired about, including any additional information necessary to deliver those Services and respond to enquiries, or information about the Services were discovered.
   3. Non-Personal Information: When Healthcare provider’s interact with the Services, we may collect Non-Personal Information. The limitations and requirements of this Privacy Policy on our collection, use, disclosure, transfer and storage/retention of Personal Information do not apply to Non-Personal Information. When a Healthcare provider registers to the Services or otherwise submit Personal Information to us, we may associate other Non-Personal Information (including Non-Personal Information we collect from third parties) with Personal Information. At such instance, we will treat any such combined data as the Personal Information of the staff at the Healthcare provider until such time as it can no longer be associated with them or used to identify them.
   4. We collect all information that Healthcare providers voluntarily provide to us while using the Services,  signing up to our Services, or contacting our support services. This includes any information provided:
      i. during registration;
      ii.during correspondence, enquiries, support services or phone calls; or
      iii.uploaded onto the Services in any way.
      ‍
      The Personal Information we may collect about staff at Healthcare providers includes without limitation:
      
      i. basic information such as first and last name;
      ii. contact information including email address and phone number;
      iii. name of the Healthcare provider;
      iv. demographic information such as postal code;
      v. information related to use of the Services, including without limitation, goods or services bought or looked at;
      vi. other relevant information in relation to the needs of our Services;
      vii. geographic location; and
      viii. other information obtained by Healthcare provider’s use of the Services.

3. Why do we collect, use and disclose Personal Information?

   Patients
   We may collect, hold, use and disclose your Personal Information to provide our Services to Healthcare providers.
   We may collect, hold and use your anonymised and aggregated data to train and test our Services.

   Healthcare providers
   We may collect, hold, use and disclose your Personal Information for the
   following purposes:
   

   • We may collect, hold, use and disclose your Personal Information for the following purposes:
     ‍
     i. to enable you to access and use our Services;ii. to operate, protect, improve and optimise our Services, such as
     to perform analytics and conduct research;
     iii. to send service, support and administrative messages,
     reminders, technical notices, updates, security alerts, and
     information requested by the Healthcare provider;
     iv. market services to the Healthcare provider; and
     v. to comply with our legal obligations, resolve any disputes that
     we may have with any of Healthcare providers, and enforce our
     agreements with third parties.
     ‍
   • The information we collect is not distributed, sold or leased to third parties for commercial purposes, except to provide Services you have requested or for other purposes when we have Healthcare provider’s permission or when we are obliged to do so.

4. To whom do we disclose your Personal Information?

   We may disclose Personal Information about Patients and staff at Healthcare providers for the purposes described in this Privacy Policy to:

   • our employees and our related bodies corporate;
   • where necessary to provide our Services, to third-party suppliers and service providers (including providers for the operation of our Services);
   • (in relation to Healthcare providers only) payment systems operators (e.g.,
     merchants receiving card payments);
   • anyone to whom our assets or businesses (or any part of them) are
     transferred;
   • specific third parties authorised by Healthcare providers to receive information held by us; and/or
   • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law if we are compelled to comply with a lawful request for Personal Information.

5. Security

   We take all reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. However, we cannot guarantee the security of your Personal Information.

6. Processing and transfer of your Personal Information

   Patients and Healthcare providers

   • Your information, including Personal Information, is hosted in the jurisdiction that the Healthcare provider has their premises, and is transferred as follows:
     ‍
     i. Australian and New Zealand located Healthcare provider –
     hosted in Australia;
     ii. Singapore located Healthcare provider – hosted in Singapore;
     iii. UAE located Healthcare provider – hosted in the UAE; and
     iv. in addition the following locations may be used:
     
     1. support services provided by our support team in the Philippines;
     2. Third-party suppliers of automated transcription services may be provided from the USA (these providers delete the audio file immediately once the automated
     transcription has been completed); and
     3. other third party suppliers of support services based in
     Germany.
     ‍
   • Your personal information may be processed at our operating office in Australia and in any other places where our staff members are located or where subprocessing takes place. It means that this information may be transferred to Australia and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
   • We will take steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organisation or a country unless there are adequate controls in place including the security of your data and Personal Information.

7. Your rights

   Where we process your personal information, we must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

   • Your choice: Please read this Privacy Policy carefully. If you provide personal information to us or allow us to transcribe consultations, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information or allow us to transcribe the consultation, however, if you do not, we will not be able to provide the services to the Healthcare provider.
   • Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.
   • Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.
   • Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the privacy regulator in your country.
   • We may ask you to verify your identity before acting on any of your requests.

8. Retention

   Healthcare providers

   • Ordinarily, we will retain your Personal Information as long as you are registered to the Services as a User, and aim to delete it as soon as practicable following the closure of your account. You may close your account by contacting us. On closing of your account we will delete all transcripts, audio files and reports of your patients. However, we may sometimes retain Personal Information for an additional period as is permitted or required under applicable laws; limited to billing details. Even if we delete your Personal Information it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
   • When the feature is released, we will enable you to determine how long we retain audio files and patient reports for. 

   Patients

   • We retain audio files for up to a week from the recording. This is to allow troubleshooting support to the Healthcare providers in case there is an error in the transcription. 
   • Your Healthcare provider will decide how long we should retain the meeting notes on our systems for. Please check with them. 

9. Exclusions

   1. Links: Our Services may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.
      

   2. Personal Information Provided to Others: This Privacy Policy does not apply to any Personal Information that you provide to another User or visitor through the Services or through any other means, or information posted by you to any public areas of the Services.
      

10. Accessing or correcting your Personal Information

    • Patients: see clause 7 above.
    • Healthcare provider: You can access the Personal Information we hold about you or your Patients by emailing us (address below). Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information. If you think that any Personal Information we hold about you is inaccurate, please email us and we will take reasonable steps to ensure that it is corrected. We will consider and respond to all requests in accordance with all applicable laws.

11. Making a complaint

    If you think we have breached the Privacy Act or any other relevant privacy law, or you wish to make a complaint about the way we have handled your Personal Information, you can email us (address below). Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

12. Contact Us

    For further information about our Privacy Policy or practices, or to access or correct your Personal Information, or make a complaint, please contact us on privacy@medowhealth.ai

Effective: 10 February 2026

• We may collect Personal Information about you when you use and access our Services. While we do not use browsing information to identify you personally, we may record certain information about your use of our Services, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
• We also use essential and functional cookies, web beacons and other tracking technologies to collect certain information about your equipment, browsing actions, and patterns. Below we describe what are cookies and web beacons, why we use cookies and web beacons, the types of cookies and web beacons that we use as well as what you can do in order to manage and delete cookies and web beacons.
  
  What are cookies and web beacons?
• Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their websites. A cookie contains a unique number, which is used to recognise your computer or mobile device when you return to our Services. Cookies can remain on your computer or mobile device for different periods of time. The cookies can be either "persistent" cookies or "session" cookies. Persistent cookies are stored by a web browser and remain valid until a set expiration date. Session cookies only exist while your internet browser is open and are automatically deleted once you close your browser.
• Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) are small electronic files contained on pages of websites that permit companies to count users who have visited certain webpages on a website and are used for other related website statistics (e.g., recording the popularity of certain website content and verifying system and server integrity).
  
  What do we use cookies and web beacons for?
• We use a variety of cookies, web beacons and other tracking technologies for different purposes. Specifically, we use cookies and web beacons to enhance the experience of our visitors to our Services (for example, by remembering your preferences and letting you navigate between pages efficiently) and to better understand how our Services are used. Cookies may tell us, for example, whether you have visited our Services before or whether you are a new visitor.
• We may also use cookies to enable us to collect data that may include Personal Information. For example, where a cookie is linked to your account, it will be considered Personal Information under the Privacy Act. We will handle any Personal Information collected by cookies in the same way that we handle all other Personal Information as described in this Privacy Policy.
  
  What types of cookies and web beacons are used by us?
• We use both first-party and third-party cookies and web beacons. First-party cookies and web beacons are cookies and web beacons that are served directly by us to your computer or mobile device. Third-party cookies and web beacons are served by a third-party service provider on our behalf. We will not use third party cookies for advertising purposes.
  ‍
  There are three categories of cookies and web beacons used by us. Specifically, we use essential, performance and functionality cookies and web beacons.
  i. Essential cookies, web beacons and other tracking technologies are necessary for the operation of our Services. These tracking technologies enable you to move around on our Services and use our Service features. You may not opt out of these types of cookies because they are required to operate our Services.
  ii. Performance cookies, web beacons and other tracking technologies collect information about how you have used our Services. We use performance cookies, web beacons and other tracking technologies to improve the user experience with our Services.
  iii. Functionality cookies, web beacons and other tracking technologies allow us to remember how you are logged into our Services, when you logged in or out and the actions you have taken while you have been logged into our Services.
  
  What are your choices about cookies?
• It is your choice as to whether or not to accept cookies. Most browsers allow you to configure the browser settings so that cookies from websites cannot be placed on your computer or mobile device. If you choose not to accept cookies, then you may be able to continue using our Services but we may not be able to provide you with certain features. If you would like further information about cookies and how to manage and delete them, please visit www.allaboutcookies.org or www.youronlinechoices.eu.