Privacy Policy

Last updated 19 August 2025

1. Introduction

ScriptoAI or Scripto (“Scripto,” “ScriptoAI,” “Scripto AI”, “We”, “Us”, or “Our”) refers to ScriptoAI Trading Pty Ltd, registered at 11 Vanessa Blvd, Springwood, Queensland 4127 Australia. Scripto respects your privacy and is committed to protecting it through compliance with this privacy policy. This policy describes the types of information we may collect when you interact with our website and sign up for our email list, as well as our practices for collecting, using, maintaining, protecting, and disclosing that information.
 
By visiting our website, providing your information when you opt-in to our email list, emailing or telephoning us, contacting us via LinkedIn or otherwise communicating with us or engaging us to provide any services you agree to the terms of this Privacy Policy. Please read the policy carefully to understand our policies and practices regarding your information and how we will treat it.
 
This Privacy Policy is part of and incorporated by reference into the Terms of Service (the “Terms”) governing the use of all “ScriptoAI” or  “Scripto” branded software applications (the “Application/s”), which may operate on a desktop, mobile or tablet computing device, and applies to your use of the Applications and/or scriptoai.com.au and/or a URL that may replace it or which may be added to the list of websites published by us and linking to this Privacy Policy (the “Website/s”).

2. Australian Privacy Laws

In Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) regulate the handling of personal information. Scripto is committed to protecting the privacy of its users in accordance with Australian privacy laws and the Occupational Therapy Australia’s Code of Ethics (2014). We will take all reasonable steps to ensure that any personal information we collect, use, or disclose is handled in accordance with these laws.

3. For Users in the United States & European Union

Scripto is an Australian service provider governed by Australian law. Users based outside of Australia who choose to use our software do so with the understanding that:
a. Australian privacy laws, including the Privacy Act 1988 (Cth) and Australian Privacy Principles, apply to all data processing
b. Any disputes will be resolved under Australian law and jurisdiction
c. Data protection standards may differ from those in your country of residence
d. By using our services, you consent to the application of Australian privacy laws

For users in jurisdictions with specific privacy rights (such as GDPR in the EU or CCPA in California), you may contact us at support@scriptoai.com.au to exercise applicable rights where they align with Australian law.

4. Information We Collect

Personal information is defined by the Information Privacy Act 2009 (Qld). Put simply, it is information that identifies a living person (or could lead to them being identified). The personal information we collect includes:

  • Name
  • Email address
  • Postal address
  • Telephone number
  • Correspondence and feedback
  • Complaint information
  • Details of access and correction requests
  • If you pay for any services by credit card, debit card, electronic transfer or direct debit from your bank account we will collect your card or bank account details
  • Any other personal information you provide to us, unsolicited by us

And in addition for employees/contractors and prospective employees/contractors the personal information we collect includes:

  • Financial or bank details
  • Educational history
  • Correspondence and feedback
  • Complaint information
  • Details of access and correction requests
  • Occupation and employment history
  • Criminal history
  • Recruitment information

Sensitive information is a subset of personal information. Sensitive information includes health information and other information such as race, ethnicity, religious beliefs, sexual preferences or practices and criminal records. We take additional care in our collection and handling of sensitive information.

Confidential information is information about a person who is receiving or has received a public health service. Confidential information includes care and treatment information. Unlike personal information, which is only about a living person, confidential information can be about a living or deceased person.

By providing this information, you consent to our collection, use, and disclosure of it in accordance with this Privacy Policy.

To the extent practicable and reasonable, you may deal with us on an anonymous basis or through the use of a pseudonym. However, if you engage us to provide any services, it will not be practicable to correspond with you in this manner and your personal information will be required.

We will take all reasonable steps to ensure that all information we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment.

We undertake to take due care with all information we collect. However, in providing us with such information you accept that we are not liable for its misuse due to error in transmission or any viruses, trojans, worms, logic bombs or other malware or material which is malicious or technologically harmful.

5. When We Collect Your Personal Information

We do not automatically collect personal information from you, such as your name, address, phone number, email address or other personally identifiable information about you.

We collect personal information about you in the following circumstances:
When you create an account with us, we may collect:

  • Name and contact details (email address, phone number, postal address)
  • AHPRA registration number (to verify you are a registered allied health practitioner) Payment information (credit card details, billing address)
  • Professional information (occupation, workplace details if provided)
  • Patient Data:
    You input patient and client information into our software to generate reports, including: – Names, dates of birth, and contact information of your patients/clients
  • Health and medical information
  • Assessment data and clinical observations
  • Diagnostic and treatment information

Technical Information: We automatically collect certain technical information when you use our services:

  • Login and usage data
  • Device and browser information
  • IP addresses and location data
  • “Cookie” based information to improve your user experience

Verification Information: We may verify your AHPRA registration status through publicly available registers to confirm you are authorised to use our healthcare software.

Important: The Patient Data you input remains your property and responsibility. We process this data solely to provide our software services to you in accordance with your instructions.

6. Why Do We Use Cookies?

General information about visits to our website is collected by our computer servers through “cookies” (small files containing a unique identification (ID) number that our website transfers to your computer’s hard drive through your web browser to be stored in the cache of your computer).

The “cookies” that are shared with your computer can’t be used to discover any personal information such as your name, address or email address. The anonymous non-personal information that we collect and analyse via “cookies” is not personal information as described in the Privacy Act.

We collect information using “cookies” and other tracking technologies for the following reasons:

  • To help us monitor the performance of our website so that we can improve the operation of the website and the services we offer
  • To recognise your computer when you next visit our website to provide personalised services to each user of our website to make their navigation through our website easier and more rewarding to the user
  • To log the internet protocol address (IP address) of visitors to our website so that we can work out the countries in which the computers are located

If you are unhappy about having “cookies” sent to you, you can set your browser to refuse cookies or choose to have your computer warn you each time a cookie is being sent. However, if you turn your cookies off, our website or some of our services may not function properly.

7. How Do We Store Your Information?

Data Storage and Security: We use industry-standard technologies and procedures to protect personal information from unauthorised access, loss, alteration, disclosure or misuse.

  • Hosted on Australian servers in Sydney, using the Fly.io platform. All servers are hosted within ISO27001 compliant datacentres and are SOC2-compliant.
  • Supabase encrypted database for personally identifiable information (PII): (SOC2 and HIPAA compliant suitable for storing Protected Health Information (PHI)).
  • All customer data is encrypted at rest with AES-256 and in transit via TLS” as referenced here: https://supabase.com/security
  • All data inputs processed through OpenAI are redacted of PII
  • Access controls and authentication mechanisms restricting data access to authorised personnel only
  • Physical and technical safeguards to protect against unauthorised access

Data Backup and Recovery:

  • Automated backups of all confidential data to ensure data integrity
  • Periodic test restores to verify backup integrity and usability
  • Secure backup access limited to authorised personnel only

Third-Party Security: We carefully select service providers who can demonstrate secure handling of personal information and require them to maintain appropriate security standards when processing data on our behalf.

8. How Long Do We Keep Your Personal Information?

(a) Customer Account Data: We retain your account information (name, email, AHPRA details, payment information) indefinitely while your account remains active. Following account cancellation, we retain this information indefinitely unless you specifically request deletion.
(b) Patient Data: We retain all Patient Data you input into our software indefinitely to:

  • Maintain compliance with healthcare record-keeping best practices
  • Preserve clinical records and support ongoing patient care
  • Allow you to reactivate your account and access historical reports

(c) Your Control: You can request immediate deletion of all your data at any time by contacting support@scriptoai.com.au. We will permanently delete your account and all associated data upon request.

9. How We Use Your Information

We use the information you provide to us for the following purposes:
● To notify you about the release of our software and any updates
● To communicate with you about other products, services, events and promotions that may be of interest to you
● Provision of services
● Handling customer enquiries
● Opening files
● Preparing documents
● Communicating with you
● Referrals to third party service providers
● Receiving and processing payments
● Debt collection
● After-sale services
● Refunds or re-performance of work
● Customer service functions, including complaints
● Marketing and consumer analytics
● Improving our services (including contacting you about those improvements and asking you to participate in surveys and reviews about our products and services)
● Marketing and promotional activities by us (including by direct marketing by email, SMS and MMS messages)
● Responding to social media messages
● Fulfilling social media platform rules
● General administrative and security use
● Protecting the website from security threats, fraud, or other criminal activities
● Maintenance and development of our products and services, business systems and infrastructure
● Customer service and quality assurance
● Background checks for employment applications with us (assessing candidate suitability for role; verification of candidate identity and age; conducting bankruptcy and directorship searches and company checks; social media activity background checks including publicly available information on Facebook, Twitter, Instagram, and YouTube; criminal history background checks; confirmation of eligibility to work in Australia; confirmation of education and qualifications; confirmation of previous employment; and consideration regarding medical leave)
● Administration and performance monitoring of employees, whether or not the employment or contractor relationship is prospective, current or past (dealings related to the employer/employee relationship or the contractor/principal relationship (as the case may be); facilitating any purchase of any products or services and associated staff discounts)
Please be aware that personal information given to us via or posted on any social media site becomes captured by that social media platform’s privacy policy.

10. Disclosure of Your Information

We value your privacy and will never sell your information to anyone without your knowledge and consent. We may, however, disclose your information:
● To comply with any court order, law, or legal process, including to respond to any government or regulatory request. Some circumstances where we may be lawfully required or authorised to use or disclose your personal information for another purpose, may include: undertaking activities that help us monitor and improve the way we operate; providing professional supervision or mentoring of our staff; helping us with management, funding, monitoring, planning and evaluation and accreditation activities (including through the use of surveys); enabling us to code and de-identify records; addressing liability indemnity arrangements and defending legal proceedings.
● To enforce or apply our terms of use and other agreements, including for billing and collection purposes
● If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Scripto, our customers, or others
● To agents and subcontractors engaged by us to assist in the provision of our products and services to you
● To service providers (including IT service providers)
● To third parties connected with the sales and after sales process including, payment platform providers, financial institutions, credit service providers, credit reporting bodies, and any third party providers who provide us with ecommerce services, or who assist us in providing our products and services to you
● To third parties connected with the marketing process, including messaging service providers, marketing list providers or third parties who assist us in providing our products and services to you
● For employees or prospective employees, to: a relevant superannuation fund; the Australian Taxation Office; relevant Worker’s Compensation organisation(s) (e.g. WorkCover); third party referees provided by you in connection with an application for employment with us; recruitment agents used in connection with an application for employment with us; third parties in connection with obtaining any background checks, pre-employment screening (including without limitation psychometric services) or loss prevention consultation and implementation programs); financial institutions for payroll purposes

11. Direct Marketing

You give your express and informed consent to us using your personal information to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone (Direct Marketing Communications). In addition, we may send you occasional company news and information about other products and services or special promotional offers. If at any time you would like to stop receiving future commercial messages from us, you may do so by using the “unsubscribe” facility included in the Direct Marketing Communication.

12. The Notifiable Data Breaches Scheme

In accordance with the NDB scheme, we will notify you and the Office of the Australian Information Commissioner (OAIC) about any ‘eligible data breaches’ that affect you. An eligible data breach occurs when the following criteria are met:

  • There is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
  • This is likely to result in serious harm to any of the individuals to whom the information relates.
  • The entity has been unable to prevent the likely risk of serious harm with remedial action.
  • If it is not clear if a suspected data breach meets these criteria, we will conduct an investigation to determine whether the breach is an ‘eligible data breach’ that triggers notification obligations.

We take seriously and deal promptly with any unauthorised access to, disclosure of, or loss of personal information.

13. Accessing and Correcting Your Information

You can review and change your personal information by sending us an email at support@scriptoai.com.au to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you believe that your personal information has been misused, you need to email us at support@scriptoai.com.au and we will attempt to resolve your complaint. If you are not satisfied with the outcome of your complaint you may refer the matter to the Office of the Australian Information Commissioner (OAIC). Telephone: 1300 363 992. Email: enquiries@oaic.gov.au. OAIC complaints page: http://www.oaic.gov.au/privacy/privacy-complaints.

14. Changes to Our Privacy Policy

We may update our Privacy Policy from time to time. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on our website or by sending an email to the address you provided when opting in to our email list.

15. Contact Information

If you have any questions, concerns, or comments about our privacy policy, please contact us by sending an email to support@scriptoai.com.au.