Privacy Policy
PhysiFlow IP Pty Ltd · ACN 697 546 035 · Last updated: June 2026
This Privacy Policy of PhysiFlow IP Pty Ltd, ACN 697 546 035 (us, we, our) sets out how we treat the Personal Information that we collect, use and disclose and our procedures regarding the handling of Personal Information, including the collection, use, disclosure and storage of information, as well as the right of individuals to access and correct that information. We operate the platform called ‘physiflow’, which includes the application and the website with domain name physiflow.ai (Platform).
From time to time, we may revise or update this Privacy Policy. If we do so, the revised Privacy Policy will be published on the Platform at https://app.physiflow.ai/privacy.
By using the Platform or our services, or by providing any Personal Information to us, you consent to the collection, use and disclosure of your Personal Information as set out in this Privacy Policy.
Responsibility
The Platform is responsible for the secure operation of the software platform and related technology solutions for the allied health sector. Practitioners remain independently responsible for all clinical decision-making, clinical records (including AI-assisted content they approve), compliance with AHPRA and applicable health records laws, prescribing obligations, professional indemnity insurance, mandatory reporting obligations, and the security of devices used to access the Platform. Clinic partners are responsible for ensuring their personnel comply with all applicable privacy and health records laws and for managing and removing user access as required.
The types of information
The Privacy Act 1988 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.
Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not it is true and whether or not it is recorded in a material form. If the information does not disclose or enable your identity to be ascertained, it will in most cases not be Personal Information.
Sensitive Information includes information or opinion about such things as racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a professional body, criminal record or health information. Sensitive Information will be used by us only for the primary purpose for which it was obtained, for a directly related secondary purpose, and with your explicit consent or where its collection, use or disclosure is required or authorised by law.
The information we collect and hold
The types of Personal Information we may collect and hold include (but are not limited to):
- your contact details, such as name, email address, phone number and postal address;
- your enquiry and booking information;
- your health information;
- payment or billing information (such as credit card or bank details);
- your marketing and communications preferences and history;
- other personal information required to provide our services in specific cases;
- technical and usage data, such as IP address, browser type, device information and cookies/analytics data; and
- details of your use of our products or services.
The Sensitive Information we may collect and hold includes information about your health and medical information, including health and wellbeing information, medical diagnoses, medical conditions and any additional information related to health and wellbeing. We will only collect Sensitive Information if you agree to provide it, you authorise us to obtain it from a third party, or where the collection is required or authorised by law.
You are not obliged to provide Personal Information to us. However, if you do not provide the necessary information, we may not be able to supply the relevant functionality of the Platform or our services effectively.
How information is collected
We collect Personal Information and Sensitive Information when you:
- fill in and submit an online form or any other form;
- use our online physiotherapy services;
- submit information through the Platform (such as when you send us a message) or provide it to us in any other way;
- engage in person with our employees, contractors, agents, or customer service representatives; and
- in the course of us providing services to you.
When we collect Sensitive Information, we always comply strictly with the Privacy Act and obtain your explicit consent unless otherwise permitted or required by law.
Artificial Intelligence (AI) tools
We use AI tools to support functions such as practice management. These tools may assist with clinic administration but do not make clinical diagnoses, prescribe treatment, or replace the professional judgment of a practitioner. AI-generated content provided to a practitioner is identified as such and must be reviewed and approved by the practitioner before it is included in a clinical record or shared. We do not rely solely on AI tools to make decisions that could reasonably be expected to significantly affect an individual’s rights or interests.
Cookies
The Platform may include pages that use “cookies” — a unique identification number that allows the server to interact more effectively with your device. A cookie does not identify you as an individual but does identify your internet service provider. You can configure your access to refuse cookies, but you may not be able to use all or part of the Platform.
How we use and disclose your information
We collect, hold, use and disclose Personal Information and Sensitive Information to provide the products or services you have requested, to provide health services or as otherwise permitted by law, to improve and promote our business, to handle your enquiries and complaints, and to provide information to third parties as set out in this Privacy Policy — only where necessary, with appropriate safeguards and your consent where required by law.
We use your information only for the purpose for which it was collected, or a related purpose you would reasonably expect. Otherwise, we will ask for consent or rely on another APP exception. All marketing emails and SMS messages include an unsubscribe facility. We may use your Personal Information (but never Sensitive Information) to contact you about our services, updates and promotions.
We may disclose your Personal Information to third parties who work with us, including specialists, database and marketing service providers, website hosts, partnered businesses, linked service providers, and professional advisers. We use third-party payment service providers to process transactions securely. Where we share information with third parties, we require contracts that only allow use and disclosure to provide the service and that protect your information in accordance with Australian law. We do not sell your information.
How we store and protect your information
We store Personal Information and Sensitive Information in computer storage facilities and paper-based files in Australia, with backups and disaster recovery systems also maintained there. We implement reasonable technical and organisational measures in accordance with APP 11 — including encryption, access controls, multi-factor authentication, network security monitoring, incident response procedures, vendor oversight, staff training and data minimisation practices.
We store, process, and retain your information only for as long as we need it for the purposes described in this Privacy Policy, or for the periods required by applicable law. When we no longer need your information, we take reasonable steps to destroy or de-identify it, unless we are required or authorised by law to retain it for a longer period. The Australian Privacy Principles permit you to access (APP 12) and correct (APP 13) the information we hold about you in certain circumstances.
Data breach response
We maintain a written data breach response plan that complies with the Privacy Act. Where we have reasonable grounds to suspect an eligible data breach may have occurred, we will promptly contain and investigate the incident, mitigate harm, preserve evidence, and assess the incident expeditiously and, where required by law, within 30 days. If we believe an eligible data breach has occurred, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable. If a breach involves health information or healthcare identifiers, we will comply with all applicable federal and state or territory health records legislation.
Cross-border disclosure
We generally store Personal Information in Australia but may disclose it to overseas service providers or practitioners providing related services from outside Australia. Before disclosing Personal Information overseas, we will comply with APP 8 by taking reasonable steps to ensure the recipient does not breach the APPs, unless an exception under APP 8.2 applies, including where you have provided informed consent. Where we rely on your consent, you acknowledge that APP 8.1 will not apply and that we will not be accountable under section 16C of the Privacy Act for the overseas recipient’s handling of the Personal Information.
Accessing, correcting and deleting your information
You may request access to, correction of, or deletion of your Personal Information or Sensitive Information by contacting us using the details below. We will respond as soon as reasonably practicable. We do not charge a fee for making a request, though we may charge a reasonable fee for giving access. We may refuse or limit access where required by law, and will provide written reasons unless it is unreasonable to do so.
You can also remove your access in the app at any time via More → Delete program, which immediately revokes your program code and signs you out. As a health service, your clinic may be required by Australian health-records law to retain your clinical records for a minimum period even after your app access is removed.
How to contact us or make a complaint
For any privacy question, request, or complaint about how we manage information, please contact our Privacy Officer:
Privacy Officer: Constant Furstenberg
Address: 1/28 Flinders Parade, North Lakes QLD 4509
Email: [email protected]
Telephone: 0425 289 638
You may also contact your clinic directly. If you remain dissatisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. Complaints about the conduct of a registered health practitioner may also be made to the relevant state or territory health complaints entity or to AHPRA.