Privacy Policy - SimpleClinic Patient Portal App

Last Updated: December 2025

This Privacy Policy applies to the SimpleClinic Patient Portal mobile application ("Patient App") operated by Maric Trading Pty Ltd ("we", "our", or "us"). This policy describes how we collect, use, and protect your personal information when you use the Patient App.

1. Information We Collect

1.1 Account Information

When you create an account and use the Patient App, we collect:

• Email address
• Authentication credentials (password, stored securely)
• Profile information you choose to provide

1.2 Health Information

With your explicit permission, the Patient App may collect and process:

• Health metrics from Apple HealthKit, including:
  • Step count
  • Weight measurements
  • Calorie data
  • Heart rate
• Clinical information, including:
  • Prescriptions from your nominated practitioners
  • Supplement records
  • Diet diary entries
• Food diary data, including photos you choose to upload for nutritional analysis

1.3 Device Information

We collect technical information about your device:

• Device type and model
• Operating system version
• Unique device identifiers
• App version information

1.4 Photos and Camera Access

The Patient App requests access to your camera and photo library solely to:

• Allow you to photograph food items for nutritional analysis
• Upload food photos to your diet diary
• Photos are only accessed when you explicitly choose to use these features

1.5 Usage and Diagnostic Information

We collect information about how you use the app:

• App usage patterns and feature interactions
• Error logs and crash reports (via Sentry)
• Performance data to improve app stability

2. How We Use Your Information

We use the information we collect to:

2.1 Provide Core Services

• Authenticate your access to the Patient App
• Display your prescriptions, supplements, and clinical information
• Sync health metrics with your nominated healthcare practitioners
• Analyse food photos for nutritional information
• Maintain your diet diary and health records

2.2 Communicate With You

• Send push notifications about:
  • New prescriptions or clinical updates from your practitioners
  • Important app updates or service announcements
  • Health reminders (with your consent)

2.3 Improve Our Services

• Analyse app usage to improve features and user experience
• Identify and fix technical issues
• Enhance app performance and stability

2.4 Share With Your Healthcare Providers

• Only with your explicit consent, we share your health data with healthcare practitioners you have nominated in your profile
• You maintain full control over which practitioners can access your data

3. Health Data and Apple HealthKit

3.1 Accessing HealthKit Data

• The Patient App requests permission to read specific health data from Apple HealthKit
• You control which data types the app can access through iOS Settings
• The app reads: steps, weight, calories, heart rate, and distance
• The app does not write data to HealthKit

3.2 HealthKit Data Usage

• Health data from HealthKit is used solely to provide health tracking features
• This data may be shared with practitioners you have nominated
• HealthKit data is not used for advertising or marketing purposes
• HealthKit data is not sold or shared with third parties for their purposes

3.3 Your HealthKit Controls

• You can revoke HealthKit access at any time via iOS Settings
• Revoking access will prevent health metrics from syncing but will not delete previously synced data
• Previously synced health data will remain accessible to your nominated practitioners unless you specifically request deletion

4. Data Sharing and Disclosure

4.1 With Healthcare Practitioners

We share your health information with healthcare practitioners whom you have explicitly nominated in your Patient App profile. This sharing enables:

• Practitioners to monitor your health metrics
• Remote patient care and consultation
• Treatment planning and adjustments

4.2 Service Providers

We use trusted third-party service providers who process data on our behalf:

• AWS (Amazon Web Services) - for authentication and cloud infrastructure
• Sentry - for error tracking and app stability monitoring

These providers are contractually bound to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

4.4 No Selling of Data

We do not sell your personal information or health data to third parties.

5. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Encryption: Data is encrypted in transit using industry-standard TLS/SSL protocols
• Authentication: Secure authentication via AWS Cognito with strong password requirements
• Access Controls: Strict access controls limit who can access your data
• Regular Monitoring: We monitor for security threats and vulnerabilities
• Secure Storage: Data is stored securely in compliance with Australian privacy standards

6. Data Retention

• Active Accounts: We retain your data while your account is active and as needed to provide services
• Account Deletion: Upon request, we will delete or anonymise your personal information
• Legal Obligations: We may retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements
• HealthKit Data: Synced health data will be retained according to your practitioners' record-keeping requirements

7. Your Rights and Choices

7.1 Access and Correction

• You can access and update your profile information within the Patient App
• You can request a copy of your personal data by contacting support

7.2 Data Deletion

• You can request deletion of your account and associated data
• Contact our support portal at https://support.simpleclinic.net

7.3 HealthKit Permissions

• You can modify HealthKit permissions at any time via iOS Settings > Privacy & Security > Health
• Changes to permissions will take effect immediately

7.4 Push Notifications

• You can disable push notifications via iOS Settings or within the Patient App
• Critical account security notifications may still be sent

7.5 Practitioner Access Control

• You control which practitioners can access your health data
• You can add or remove practitioner access at any time within the Patient App

8. Children's Privacy

The SimpleClinic Patient Portal App is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children under 18 without appropriate consent.

9. Australian Privacy Principles

As an Australian company, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Your personal information and health data are handled in accordance with these principles.

10. International Data Transfers

Your data may be processed and stored on servers located outside of Australia, including in the United States (via AWS). We ensure appropriate safeguards are in place to protect your data in accordance with Australian privacy laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

• Push notification through the Patient App
• Email to your registered email address
• Notice within the app upon your next login

Your continued use of the Patient App after changes take effect constitutes acceptance of the updated policy.

12. Third-Party Links

The Patient App may contain links to external websites or services (such as your practitioner's website). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:

• Support Portal: https://support.simpleclinic.net
• Main Website: https://simpleclinic.net

For general enquiries about Maric Trading Pty Ltd, visit https://marictrading.com

14. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint:

1. Contact us via our support portal with details of your concern
2. We will investigate and respond within 30 days
3. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au

Summary of Key Points

• We collect health data, account information, and usage data to provide the Patient App services
• Health data from HealthKit is only shared with practitioners you nominate
• Your data is not sold to third parties
• We implement strong security measures to protect your information
• You control your data and can request deletion at any time
• We comply with Australian Privacy Principles

Maric Trading Pty Ltd is committed to protecting your privacy and handling your health information with the utmost care and security.