Privacy and security
Privacy is part of the product, not a policy afterthought.
CareFile is designed to keep information organised, accessible, and shareable only when needed, with calmer defaults and clearer consent boundaries.
Draft – pending legal review
This privacy policy has not yet been reviewed by a lawyer. It applies to invited early access participants only. It will be reviewed and updated before CareFile opens to general registration.
What this means in practice
Less exposure by default, more deliberate reveal and sharing choices.
Australian hosting
Records are stored in AWS ap-southeast-2 (Sydney), encrypted at rest and in transit, not shared with overseas parties without assessment.
External services
Only used where they add clear practical value, such as address lookup and validation.
Core privacy model
High trust starts with fewer assumptions.
The product avoids broad defaults and keeps sensitive actions more explicit and easier to understand.
Private by design
CareFile is designed around participant control. Your information stays under your control, and nothing is shared without your consent.
Masked by default
Sensitive information is designed to stay less exposed in day-to-day use, so you can reveal details more deliberately when needed.
Australian hosting
Records are stored in AWS ap-southeast-2 (Sydney) with encryption at rest and in transit. No health data is stored overseas without a cross-border disclosure assessment.
Consent-led sharing
CareFile is built to support smaller, more targeted sharing decisions instead of assuming broad access all the time.
Australian privacy framework
Designed with the Privacy Act and APPs in mind.
CareFile uses the Privacy Act 1988, the Australian Privacy Principles, and OAIC guidance as privacy design references. This does not mean OAIC has approved or certified the product.
- APP 1: maintain a clear privacy governance model and privacy policy
- APP 3 and APP 5: collect only what is needed and explain collection clearly
- APP 6 and APP 8: keep sharing consent-led and assess third-party disclosures
- APP 11: protect information through security, retention, and deletion controls
- APP 12 and APP 13: support access and correction workflows as the product matures
Privacy notice
APP privacy policy summary.
This prototype notice describes the intended handling model against APP 1 and APP 5. Production wording should be legally reviewed before relying on it externally.
What CareFile collects
CareFile may hold profile, contact, health identifiers, medicines, allergies, conditions, procedures, documents metadata, consent records, support network, funding, legal, audit, privacy request, and incident information.
Why it is used
Information is used to help the participant organise records, manage support, make sharing decisions, maintain audit history, respond to privacy requests, and prepare production privacy/security controls.
When it is shared
Sharing should be participant-controlled, consent-scoped, emergency-limited, or required for an assessed vendor/legal/privacy response pathway. Role alone should not grant broad health-record access.
Access and correction
Participants can review many records directly in the app. CareFile now includes a prototype privacy request flow for access, correction, export, deletion assessment, and privacy complaints.
Third parties
Addresser and ABS services may support address and geography lookups. Future hosting, authentication, email, support, storage, and analytics providers require vendor and cross-border disclosure review before production use.
Data breach response
CareFile maintains an Admin breach response workflow for suspected breach intake, containment, eligible data breach assessment, notification decisions, and post-incident review.
APP 1 policy details
What the privacy policy needs to make clear.
The public policy now mirrors the core matters expected in an APP privacy policy: what is collected, how, why, access and correction, complaints, and possible overseas disclosure.
Kinds of information collected
CareFile may collect personal information, sensitive health information, disability and support information, identifiers, contact details, provider details, documents, consent records, audit events, privacy requests, and incident records.
How information is collected
Information is usually collected directly from the participant or an authorised helper through app forms. Some information may be derived from documents, provider details, address lookup, medicine search, or geography lookup features.
Purposes of collection, use, and disclosure
Information is used to organise a participant profile, maintain health and support records, manage consent and access, prepare emergency summaries, support documents and care coordination, respond to privacy requests, and operate security and audit controls.
Consequences of not providing information
Most fields are optional unless needed for a particular workflow. If information is not provided, CareFile may be less useful, records may be incomplete, and some access, correction, export, support, or emergency features may not work as intended.
Access, correction, and complaints
Participants can review and update many records in the app. The privacy request flow supports requests for access, correction, export, deletion assessment, and privacy complaints.
Overseas disclosure and vendors
Known third-party data processors include Addresser (address validation, Australia) and Resend (email delivery, USA – SOC 2 Type II). Before production use, hosting, authentication, analytics, and support vendors also need region, subprocessor, and cross-border disclosure review.
APP 5 collection notices
Collection notices appear where sensitive information is entered.
CareFile now uses short in-product notices for the main collection surfaces, with this privacy page as the longer reference.
- Profile and personal details
- Medicines, allergies, conditions, and procedures
- Documents and linked care evidence
- Support network and provider records
- Consent, access, privacy request, and incident workflows
Trusted service connections
External services are only used where they add practical value.
The explanation stays plain on purpose. CareFile should be understandable before it is impressive.
- Addresser for Australian address autocomplete, metadata, and email validation
- ABS geography services for suburb and local government area lookups
- Australian health and disability identifiers shown under your control, not shared automatically
- Resend for magic-link sign-in email delivery – only your email address is transmitted, no health data
Start using CareFile
Keep your information organised without giving up control.
The product experience follows the same privacy posture shown here: calm defaults, clearer boundaries, and more explicit sharing choices.