Sample text — replace with your final policy before launch. The content below is a working draft to give the page real shape; it has not been reviewed by Australian counsel.
Who we are
Ruevii is operated by Ruevii Pty Ltd (ACN 000 000 000), an Australian proprietary company with its principal place of business in Sydney, New South Wales. Ruevii provides a software-as-a-service practice management platform purpose-built for Australian cosmetic, injectable and aesthetics clinics.
This Privacy Policy explains how we handle personal information and sensitive information (including health information) under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs) and the Notifiable Data Breaches scheme. It applies to information we collect from clinic operators, their staff, their patients, prospects, applicants and visitors to ruevii.com.
Where a Ruevii customer (a clinic) loads patient records into the platform, the clinic is the APP entity responsible for that information and Ruevii acts as their processor under a written Data Processing Agreement. This policy describes Ruevii's own practices; clinics should also publish their own patient-facing privacy notice.
What we collect
We collect the minimum information needed to provide and improve the service. The categories we collect fall into three buckets:
- Account & operator information — names, work email, mobile, AHPRA registration number where relevant, role, clinic name, ABN, billing address and payment details for the clinic's subscription.
- Clinic content (patient data) — patient demographics, consent forms, treatment notes, before/after photos, prescription and S4 dispensing records, billing history and any other information your staff enter into the platform. This is sensitive information within the meaning of APP 3.
- Usage & device data — IP address, browser type, pages viewed, feature interactions, crash reports and security event logs. We do not build cross-site advertising profiles and we do not sell personal information.
We collect information directly from you when you create an account, configure the platform or contact support. We may also receive information from third parties you authorise (for example, a referring clinic, an SSO provider, or a payment processor confirming a transaction).
How we use it
We use personal information only for the purposes set out below, all of which are consistent with the primary purpose of providing a clinical practice management platform:
- To provision, authenticate and operate your Ruevii workspace.
- To enable bookings, communications, payments, dispensing logs and reporting.
- To deliver service updates, security alerts and onboarding guidance.
- To respond to support requests and investigate incidents.
- To detect, prevent and respond to fraud, abuse and security threats.
- To meet legal, accounting, tax and regulatory obligations.
- To improve product quality through aggregated, de-identified analytics.
We do not use clinic content (patient records, photos, consent forms or treatment notes) to train general-purpose machine learning models. Where AI features are enabled inside a clinic's workspace, the model only processes that workspace's data for the duration of the request and does not retain it for training.
If we ever propose to use personal information for a secondary purpose that you would not reasonably expect, we will seek your consent first.
How we share it
We share personal information only with the limited categories of vetted service providers needed to run the platform. Each is bound by a written contract that limits use to the services we have engaged them for and requires confidentiality, encryption in transit, and breach notification.
- Hosting & infrastructure — Amazon Web Services (Sydney, ap-southeast-2). Primary storage of all patient records, photos and audit logs.
- Payments — Stripe Payments Australia Pty Ltd. Processes card and direct-debit transactions; we do not store full card numbers on our servers.
- SMS & voice — Twilio Inc. and Twilio Australia. Used for appointment reminders, two-factor codes, AI receptionist call routing and clinic-to-patient messaging.
- Transactional email — Postmark / AWS SES. Used for system emails, receipts and password resets.
- Product analytics & error monitoring — PostHog (EU/AU hosted) and Sentry. Configured with PII scrubbing and short retention windows.
- Identity & SSO — WorkOS / Google / Microsoft, only if your clinic enables single sign-on.
We will also disclose personal information where we are required or authorised to do so by Australian law — for example, in response to a valid subpoena, AHPRA notification or ATO request. We will narrow the scope of any disclosure to what the law actually requires.
Your rights under the APPs
Under the Australian Privacy Principles you have specific rights in relation to the personal information we hold about you. We will respond to verified requests within 30 days at no charge:
- Access (APP 12) — ask for a copy of the personal information we hold.
- Correction (APP 13) — ask us to correct information that is inaccurate, out of date, incomplete or misleading.
- Anonymity & pseudonymity (APP 2) — interact with us without identifying yourself where lawful and practical.
- Withdraw consent — withdraw any consent you previously gave us, on a forward-looking basis.
- Complain — lodge a privacy complaint with us, and escalate it to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied.
For clinic content, the clinic is the APP entity. We will direct patient requests back to the clinic and assist the clinic with fulfilment as their processor.
Data residency
All clinic content, patient records, photos and audit logs are stored in AWS's Sydney region (ap-southeast-2). Production data is not replicated to overseas regions, and there is no nightly offsite copy outside Australia.
A small number of operational sub-processors may receive limited metadata outside Australia (for example, Stripe in the US for payment authorisation, or Twilio for routing an outbound SMS). In each case we contract on Australia-aligned standard terms and the data shared is the minimum necessary for the service.
Backups are encrypted at rest with AES-256 and held in Sydney, with copies stored in a separate availability zone within the same region for disaster recovery.
Retention
We keep personal information only as long as we have a lawful basis to do so. Our default retention windows are:
- Account & billing records — 7 years after account closure, to meet Australian Taxation Office and corporate record-keeping requirements.
- Clinic content — retained for the life of the subscription and for 30 days after termination, during which the clinic can export a full archive. After 30 days the data is permanently destroyed unless the clinic asks us to honour the longer AHPRA-recommended medical record retention window (typically 7 years for adults; up to age 25 for minors).
- Security logs — 12 months in hot storage, 24 months in cold storage.
- Support correspondence — 24 months from last contact.
When a retention window ends, data is deleted using cryptographic erasure and the underlying storage is overwritten on its next lifecycle cycle.
Contact / DPO
We have appointed an internal Data Protection Officer (DPO) to oversee privacy compliance and respond to requests. You can reach the DPO at:
privacy@ruevii.com
Ruevii Pty Ltd — Privacy Office
Level 5, 100 Harris Street, Pyrmont NSW 2009, Australia
We aim to acknowledge every privacy request within two business days and resolve it within 30 days. If you are not satisfied with our response, you can refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au or by phoning 1300 363 992.
Material changes to this policy will be notified by email to account administrators at least 14 days before they take effect, and an archive of previous versions will be available on request.