Home

Privacy Policy

Last updated: May 20, 2025

Table of Contents

Show/Hide

HYPNOFLOW TECHNOLOGIES PTY LTD

ABN: 84 687 147 977

At Hypnoflow, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, in accordance with the Australian Privacy Principles.

1. Open and Transparent Management of Personal Information (APP 1)

Hypnoflow is committed to managing personal information in an open and transparent way. We have implemented practices, procedures, and systems to ensure compliance with the Australian Privacy Principles and to handle privacy-related inquiries and complaints effectively.

This Privacy Policy is available free of charge on our website and in alternative formats upon request. To request this policy in a different format, please contact us using the details provided at the end of this document.

2. Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us. However, due to the nature of our services, we may need to collect personal information to provide you with access to our platform and its features.

Situations where we cannot provide anonymity or pseudonymity include:

  • When creating an account with our platform
  • When processing payments
  • When providing healthcare-related services
  • When required by law to collect identifying information

3. Collection of Personal Information (APP 3)

3.1 Personal Information

We only collect personal information that is reasonably necessary for our functions and activities. We may collect personal information that you provide directly to us, including but not limited to:

  • Account information (name, email address, password)
  • Profile information (professional credentials for therapists)
  • Professional credentials and qualifications for verification during the therapist approval process
  • Contact information (phone number, address)
  • Payment information (we do not store your payment details directly; all payment processing is handled securely by our third-party payment processors)

3.2 Therapy Session Data

When you use our platform for therapy sessions, we may collect:

  • Audio recordings of sessions
  • Transcripts generated from recorded sessions
  • AI-generated summaries of therapy sessions
  • Clinical notes and client notes added by therapists
  • Client contact information added by therapists

Therapists must obtain consent from clients before recording or transcribing any session. Therapists may invite clients to create secure accounts on the platform where they can access their session materials.

3.3 Automatically Collected Information

When you access our platform, we may automatically collect certain information, including:

  • Device information (type, operating system, browser)
  • Usage information (pages visited, time spent)
  • IP address and location information
  • Cookies and similar tracking technologies

3.4 Sensitive Information

We only collect sensitive information (including health information) with your consent and when it is reasonably necessary for our functions or activities, or when required by law. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise or where certain other limited circumstances apply (e.g., where required by law).

Confidentiality: All data within Hypnoflow, including all client information, therapy sessions, transcriptions, recordings, and notes, is treated as strictly private and confidential. We maintain the highest standards of confidentiality expected in therapeutic relationships.

3.5 Collection Methods

We collect personal information only by lawful and fair means. We primarily collect personal information directly from you unless it is unreasonable or impracticable to do so, or you have consented to collection from third parties.

3.6 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our platform and to store certain information. Cookies are small data files placed on your device when you visit our platform.

We use the following types of cookies:

  • Essential Cookies: Necessary for the platform to function properly, enabling core features like security and account authentication.
  • Performance & Functionality Cookies: Help us enhance platform performance and provide you with additional features. These are non-essential but improve your experience.
  • Analytics & Customisation Cookies: Collect information about how you use our platform, helping us understand user behaviour and improve our services.
  • Marketing & Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

You can control cookies through your browser settings. Most web browsers allow you to manage your cookie preferences. You can set your browser to refuse cookies, or to alert you when cookies are being sent. If you disable cookies, some parts of our platform may not function properly.

4. Dealing with Unsolicited Personal Information (APP 4)

If we receive unsolicited personal information that we could not have collected under APP 3, we will, as soon as practicable, destroy or de-identify the information if it is lawful and reasonable to do so.

5. Notification of Collection (APP 5)

At or before the time (or, if not practicable, as soon as practicable after) we collect personal information, we will take reasonable steps to notify you or ensure you are aware of:

  • Our identity and contact details
  • The facts and circumstances of collection
  • Whether the collection is required or authorised by law
  • The purposes of collection
  • The consequences if personal information is not collected
  • Our usual disclosures of personal information of the kind collected
  • Information about our Privacy Policy
  • Whether we are likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located

6. Use and Disclosure of Personal Information (APP 6)

We will only use or disclose personal information for the primary purpose for which it was collected, for a secondary purpose that you have consented to, or for a purpose directly related to the primary purpose that you would reasonably expect. We use the information we collect for purposes including:

  • Providing and maintaining our platform
  • Processing and completing transactions
  • Facilitating therapy sessions and related services
  • Generating transcripts and summaries of sessions
  • Securely storing session recordings and notes for client access
  • Notifying clients via email when new materials are available in their account
  • Tracking analytics about platform usage to improve our services
  • Communicating with you about our services
  • Improving our platform and user experience
  • Ensuring compliance with legal and regulatory requirements
  • Protecting against unauthorised access or potential threats

We may share your information in the following circumstances:

  • With your consent or at your direction
  • Between therapists and their clients as necessary for providing services
  • With service providers who assist us in delivering our services
  • To comply with legal obligations or protect rights
  • In connection with a business transfer or transaction
  • Where otherwise permitted by the Australian Privacy Principles

We do not sell your personal information to third parties.

7. Direct Marketing (APP 7)

We will only use or disclose personal information for direct marketing purposes where you have consented to such use or disclosure, or where you would reasonably expect us to use your personal information for direct marketing purposes and we provide a simple method for you to opt out.

All direct marketing communications will include an easy way to opt out of receiving future marketing communications. You may also request to opt out of future marketing communications by contacting us directly using the contact details provided at the end of this policy.

8. Cross-border Disclosure of Personal Information (APP 8)

While we store all primary data on servers in Sydney, Australia (see Section 11.3 on Data Sovereignty), certain aspects of our services may involve transfers of personal information to overseas recipients. This could include using international service providers for specific functions such as analytics, email services, or cloud infrastructure support.

Before disclosing personal information to an overseas recipient, we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information, or we will obtain your consent for the disclosure.

Overseas Countries where your data may be processed by service providers include:

  • United States of America

We ensure that any international transfer of data occurs under appropriate safeguards, including contractual commitments from our service providers to handle your personal information in compliance with applicable privacy laws.

9. Adoption, Use or Disclosure of Government Identifiers (APP 9)

We will not adopt, use or disclose a government related identifier (such as a Medicare number or driver's license number) as our own identifier of you unless:

  • It is required or authorised by law
  • It is reasonably necessary to verify your identity for our activities or functions
  • It is reasonably necessary to fulfil our obligations to a government agency or authority
  • It is permitted by regulations or in prescribed circumstances

10. Quality of Personal Information (APP 10)

We will take reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, up-to-date, complete, and relevant for its intended use. We encourage you to help us by informing us if your details change or if you notice errors in the information we hold about you.

11. Security of Personal Information (APP 11)

We treat all data within our system as strictly private and confidential, and implement stringent security measures to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure, including:

  • Secure HTTPS connections for all data transfers
  • Secure data storage with industry-standard encryption
  • Regular security audits and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on privacy and security practices
  • Strict confidentiality protocols for all user data

When personal information is no longer needed for the purpose for which it was collected, or is no longer required to be retained by law, we will take reasonable steps to destroy it or permanently de-identify it.

11.1 Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In accordance with health record retention requirements, the platform retains records as required by the relevant state or territory legislation in Australia, which may vary across jurisdictions.

Important: Audio recordings are automatically deleted no later than 10 minutes after transcription is complete to enhance privacy and security.

Therapists are responsible for maintaining their own client records in accordance with relevant professional and legal obligations. While our platform provides tools to assist with record-keeping, the ultimate responsibility for maintaining appropriate clinical records remains with the healthcare professional.

Clients can access their session recordings, notes, and other materials through their secure accounts and may download these materials for personal use. Analytics regarding platform usage are collected to improve our services and are maintained in accordance with our retention policies.

11.2 Data Sovereignty

We prioritise data sovereignty and store all primary data on servers physically located in Sydney, Australia. This ensures that your data is subject to Australian privacy laws and regulations. Our data centre facilities in Sydney implement comprehensive physical and environmental security controls to protect your information.

While we may use services from international providers for specific functions (as outlined in Section 8), the core personal information and health data entrusted to us remains stored within Australian borders, which provides additional legal protections for your data.

12. Access to Personal Information (APP 12)

You have the right to access the personal information we hold about you. Upon request, we will provide you with access to your personal information unless there is an exception which applies under the Australian Privacy Principles.

If we refuse to provide you with access to your personal information, we will provide you with a written notice that sets out:

  • The reasons for the refusal
  • The mechanisms available to complain about the refusal
  • Any other matter prescribed by the regulations

We may charge a reasonable fee for retrieving personal information, which we will inform you of before proceeding with the request.

13. Correction of Personal Information (APP 13)

We will take reasonable steps to correct personal information to ensure it is accurate, up-to-date, complete, relevant, and not misleading, having regard to the purpose for which it is held.

You may request that we correct your personal information, and we will respond to your request within a reasonable period. If we refuse to correct your personal information, we will provide you with a written notice setting out:

  • The reasons for the refusal
  • The mechanisms available to complain about the refusal
  • Any other matter prescribed by the regulations

If we refuse to correct your personal information, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.

14. Children's Privacy

Our platform is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our platform and updating the "Last updated" date.

16. Privacy Complaints and Inquiries

If you have any questions, concerns, or complaints about this Privacy Policy, or how we handle your personal information, please contact our Privacy Officer using the contact details below. We will respond to your complaint within a reasonable period and do our best to resolve it to your satisfaction.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or contact the OAIC by phone on 1300 363 992.

17. Contact Us

For any privacy-related inquiries, please contact our Privacy Officer at:

HYPNOFLOW TECHNOLOGIES PTY LTD
ABN: 84 687 147 977
Email: admin@hypnoflow.com.au

By using Hypnoflow, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.