Chapter Health — Privacy Policy (Australia)

Effective date: 23 October 2025
Last updated: 23 October 2025

‍

This Privacy Policy explains how Chapter Health (“Chapter Health”, “we”, “our”, “us”) collects, uses, discloses, and protects your personal information in Australia. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and—where applicable in NSW—the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act). We also comply with the Notifiable Data Breaches scheme.

‍

If anything here is unclear, please contact us at hello@mychapter.com.au.

1) Who we are & our role

‍

Chapter Health is a platform, not a clinic. We connect you with independent healthcare providers (e.g. doctors and nurse practitioners), pathology partners (e.g. i-screen), and partner pharmacies (e.g. compounding or community pharmacies).

• Clinical services are provided by independent clinicians.
• Pathology services are provided by independent laboratories.
• Medications are dispensed and paid for directly via partner pharmacies (Chapter Health does not take payment for medicines).

We handle the digital experience (onboarding, communications, scheduling, payments for platform fees, and patient journey management) and securely facilitate the flow of information between you and our partners to deliver your care.

‍

‍

2) Scope

‍

This Policy applies to personal information we handle through our websites, forms, patient communications, and platform services (including integrations we use to operate the platform). Our partners—clinicians, labs, pharmacies—have their own privacy obligations and policies for the information they hold.

‍

‍

3) The information we collect

We only collect information that is reasonably necessary for our functions or activities, or as required by law. This may include:

Identity & contact

• Name, date of birth, sex/gender, contact details, residential address, emergency contact.

Health & lifestyle (sensitive information)

• Medical history, symptoms, goals, allergies, medications, previous and current treatments, pathology results, vital signs, and relevant lifestyle information you provide (e.g. sleep, training, nutrition), including information shared during consults or via forms.
• Doctor notes, care plans, referral information, and outcome notes created by clinicians.
• Information you choose to connect from third-party tools (e.g. wearable or lab integrations) if/when available.

Account, usage & device

• Login identifiers, activity logs, preferences, support interactions, IP address, device and browser metadata, cookies or similar technologies.

Payment & transactions

• Payment method tokens and transaction details for platform fees processed by our payment provider (e.g. Stripe). We do not store raw card numbers.
• Separate payments for medications are handled by partner pharmacies under their own policies.

Communications & consents

• Emails, chat messages, feedback, marketing consents and preferences, and records of your authorisations (e.g. consent to share results with your clinician).

We generally collect sensitive information with your consent and/or as otherwise permitted by law.

‍

‍

4) How we collect information

• Directly from you via web forms (e.g. onboarding/screeners), telehealth intake, emails, chat, or during consults.
• From our partners when you have engaged them (e.g. pathology results from a lab, prescriptions from clinicians, dispensing updates from pharmacies).
• Automatically via cookies and similar technologies to operate, secure, and improve the platform.
• From authorised third parties where you have asked us to receive data on your behalf (e.g. connected services).

You may choose not to provide certain information; however, this may limit our ability to deliver some services.

‍

‍

5) Why we collect, use, and disclose information

‍

We use your information to:

• Provide and coordinate services across the Chapter Health platform and our partners (appointments, pathology requests, prescription workflows, follow-ups).
• Enable clinicians to review your history, labs, and notes to deliver care.
• Operate, protect, and improve our platform, including troubleshooting, analytics, product development, and quality assurance.
• Communicate with you (service messages, reminders, important updates).
• Send marketing communications only with your consent (you can opt out at any time).
• Comply with legal obligations, enforce our terms, manage risk, and respond to regulators or lawful requests.
• Create de-identified or aggregated insights to improve services, conduct research and reporting (we will not attempt to re-identify you).

‍

6) Disclosures we commonly make

‍

We may disclose personal information to:

• Independent clinicians who provide your care.
• Pathology partners/laboratories (e.g. to order tests or receive results).
• Partner pharmacies (e.g. to facilitate dispensing and continuity of care).
• E-script and health tech providers (e.g. e-prescription platforms).
• Hosting, infrastructure, security, analytics, and messaging providers we use to run our platform (e.g. cloud hosting, email/SMS services, customer support tools).
• Payment processors (for platform fees) and financial institutions.
• Professional advisors and auditors (only as needed).
• Regulators and dispute resolution bodies (e.g. OAIC, HCCC) where required or authorised by law, or to prevent a serious threat to life, health, or safety.
• Parties to a business transaction (e.g. corporate restructure) under confidentiality safeguards, where permitted.

We do not sell your personal information.

‍

‍

7) Overseas disclosure

‍

Some service providers or systems we use may store or process information outside Australia (for example, in the United States, the European Union, or other locations). Where we disclose personal information overseas, we take reasonable steps to ensure the recipient will handle it in a manner consistent with the APPs (e.g. contractual safeguards).

‍

‍

8) Our use of automation & AI

‍

To deliver a smooth experience, we may use automation and AI-enabled tools (e.g. to structure lab results, generate plain-English summaries, route messages, or surface reminders).

• These tools are used to support, not replace, clinical judgement.
• We do not use AI to make autonomous clinical decisions about your care.
• We evaluate vendors and implement safeguards appropriate to the sensitivity of health information.

‍

9) Cookies & analytics

‍

We use cookies and similar technologies to:

• keep you signed in and secure your session,
• remember preferences, and
• understand how the platform is used to improve performance and usability.

You can control cookies via your browser settings; some features may not function without them.

‍

‍

10) Marketing

We’ll only send you marketing (e.g. tips, updates, offers) with your consent (e.g. a tick box in our forms) and in accordance with the Spam Act 2003 (Cth). You can unsubscribe at any time via the link in the message or by contacting us.

‍

‍

11) Security

We apply administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, modification, or disclosure, including:

• encryption in transit (TLS) and at rest where supported,
• access controls and role-based permissions,
• vendor due-diligence and contractual safeguards,
• activity logging and monitoring, and
• staff training and least-privilege practices.

No method of transmission or storage is 100% secure; we continually improve our controls in line with industry standards. If an eligible data breach occurs, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

‍

‍

12) Retention

We retain personal information for as long as necessary to:

• provide our services and maintain accurate records,
• support your ongoing care with our partners, and
• meet legal, regulatory, and insurance requirements.

Where we are not the health service provider of record, the independent clinician, lab, or pharmacy will retain health records in accordance with their legal obligations. When information is no longer required by us, we will take reasonable steps to de-identify or securely destroy it.

‍

‍

13) Access and correction

You may request access to or correction of the personal information we hold about you. We will respond within a reasonable time and may need to verify your identity.

• If we refuse access or correction in limited circumstances permitted by law, we will tell you why and how to complain.
• For clinical records held by your independent clinician or pathology/pharmacy partners, we may facilitate your request or direct you to contact them directly.

To make a request, contact hello@mychapter.com.au

‍

14) Your choices

• You can withhold non-essential information, understanding it may limit some services.
• You can withdraw consent for specific uses (e.g. marketing) at any time.
• You can ask us to stop sharing certain information with a specific partner where legally and clinically appropriate.
• You can close your platform account; we may still retain certain records as required by law.

‍

15) Third-party sites and services

Our platform may link to third-party websites or services. Their privacy practices are not governed by this Policy. We encourage you to review their policies before using those services.

‍

‍

16) Children

Our services are intended for people 18 years and over. If we learn we have collected personal information from someone under 18 without appropriate authority, we will take reasonable steps to delete it or obtain valid consent.

‍

‍

17) Changes to this Policy

We may update this Policy from time to time. The effective date at the top will reflect the latest version. Significant changes will be notified via the platform or by email.

‍

‍

18) Contact & complaints

‍

Chapter Health Pty Ltd‍

Email: hello@mychapter.com.au
Postal: Grosvenor Place, Level 15/225 George St, Sydney NSW 2000
‍

If you have a concern, complaint, or request, please contact us first. We’ll acknowledge your query and aim to resolve it promptly.

If you’re not satisfied, you can contact:

• Office of the Australian Information Commissioner (OAIC)
  Phone: 1300 363 992 | Web: oaic.gov.au

If your concern relates to clinical care or a health service delivered by an independent provider, you may also contact (for NSW):

• Health Care Complaints Commission (HCCC)
  Phone: 1800 043 159 | Web: hccc.nsw.gov.au

‍

19) Key partners & categories of recipients

‍

We use reputable providers to operate our platform. Depending on your engagement, this can include categories such as:

• Clinical systems & practice management (e.g. patient management, telehealth, notes).
• Laboratory partners (ordering tests, receiving results).
• E-script platforms (facilitating electronic prescriptions).
• Pharmacies (dispensing and medication guidance).
• Cloud hosting & infrastructure (application hosting, databases, backups).
• Security & monitoring (identity, access, logging).
• Messaging & communications (email/SMS/WhatsApp, notifications).
• Payments (for platform fees, e.g. Stripe).
• Analytics & product improvement (de-identified metrics).

A detailed list of current sub-processors or service providers is available on request.

‍

‍