Privacy Policy

MarkosteMMR Privacy Policy

Effective Date: July 25, 2025

Last Updated: July 25, 2025

1. Introduction

MarkosteMMR Pty Ltd ("we," "us," or "our") operates the MarkosteMMR platform, an AI-powered clinical workflow hub designed specifically for community pharmacists in Australia. We are committed to protecting your privacy and the privacy of your patients in accordance with Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and maintaining HIPAA-class security standards.

This Privacy Policy explains how we collect, use, disclose, and protect personal information and health information when you use our services.

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, pharmacy details, professional registration numbers
  • Usage Data: Platform interactions, feature usage patterns, session logs
  • Technical Data: IP addresses, browser information, device identifiers (for security purposes only)

2.2 Health Information

  • Audio Recordings: Temporarily captured during consultation transcription (automatically deleted immediately after processing)
  • Transcripts: Voice-to-text conversion of consultations (auto-deleted within 4 hours)
  • Clinical Summaries: AI-generated summaries in SOAP notes, referral letters, or patient notes format
  • Patient Data: De-identified patient information for clinical decision support
  • Medication Information: Drug names, dosages, and interaction data

2.3 Automatically Collected Information

  • System performance metrics
  • Error logs and debugging information
  • Security audit trails

3. How We Use Your Information

3.1 Primary Purposes

  • Transcription Services: Converting audio consultations to text using Whisper AI
  • Clinical Summarization: Generating structured clinical notes using AI
  • Medication Intelligence: Providing drug interaction warnings and clinical insights
  • Task Management: PharmCal scheduling and reminder services
  • Compliance Support: Maintaining records for regulatory requirements

3.2 Secondary Purposes

  • Platform improvement and feature development
  • Security monitoring and fraud prevention
  • Customer support and technical assistance
  • Legal compliance and regulatory reporting

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We never sell, rent, or trade personal or health information to third parties.

4.2 Permitted Disclosures

We may share information only in the following circumstances:

  • With Your Consent: When you explicitly authorize disclosure
  • Service Providers: Third-party processors bound by strict confidentiality agreements:
    • RunPod (GPU processing for AI inference)
    • OpenAI (clinical summarization services)
    • Google Cloud Platform (secure hosting and storage)
  • Legal Requirements: When required by Australian law or court order
  • Emergency Situations: To prevent serious threat to health or safety

4.3 International Transfers

Some data processing occurs through international service providers. We ensure:

  • Data residency controls where possible (australia-southeast1 region)
  • Adequate protection through contractual safeguards
  • Compliance with APP 8 (cross-border disclosure requirements)

5. Data Security and Protection

5.1 Technical Safeguards

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access with unique user IDs
  • Network Security: VPC peering and private IP database access
  • Key Management: Google Cloud KMS for encryption key management

5.2 Organizational Safeguards

  • Regular security audits and penetration testing
  • Staff training on privacy and security protocols
  • Incident response procedures
  • Third-party security assessments

5.3 Data Minimization

  • Audio recordings never permanently stored
  • Automatic data purging (transcripts and summaries deleted within 4 hours)
  • De-identification pipelines for patient data
  • Minimal data collection principle

6. Data Retention and Deletion

6.1 Retention Periods

  • Audio Recordings: Immediately deleted after transcription
  • Transcripts: Auto-deleted within 4 hours via Cloud Scheduler
  • Clinical Summaries: Retained until user deletion or account closure
  • Account Information: Retained for duration of service relationship
  • Audit Logs: Retained for 7 years for compliance purposes

6.2 User-Initiated Deletion

Users can request deletion of their data through:

  • In-platform deletion tools
  • Contact form on our website
  • Email to privacy@markoste.com.au

7. Your Rights Under Australian Privacy Law

7.1 Access Rights (APP 12)

You have the right to:

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Understand how your information is being used

7.2 Correction Rights (APP 13)

You can:

  • Request correction of inaccurate or incomplete information
  • Add a statement if we cannot agree on corrections
  • Have corrections shared with third parties where appropriate

7.3 Other Rights

  • Anonymity and Pseudonymity: Where practicable under APP 2
  • Complaint Rights: Lodge complaints with us or the Office of the Australian Information Commissioner (OAIC)
  • Opt-out Rights: Withdraw consent for certain data processing activities

8. Cookies and Tracking

We use essential cookies only for:

  • Session management and authentication
  • Security monitoring
  • Platform functionality

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

9. Children's Privacy

MarkosteMMR is designed for use by licensed healthcare professionals. We do not knowingly collect personal information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Notify users of material changes via email and platform notifications
  • Post the updated policy with a new effective date
  • Maintain previous versions for reference

11. Contact Information

11.1 Privacy Officer

  • Email: privacy@markoste.com.au
  • Phone: +61 (0) [Phone Number]
  • Address: [Business Address]

11.2 Complaints

If you have privacy concerns:

  • Contact us first: privacy@markoste.com.au
  • OAIC Complaint: If unresolved, contact the Office of the Australian Information Commissioner
    • Website: www.oaic.gov.au
    • Phone: 1300 363 992
    • Email: enquiries@oaic.gov.au

12. Definitions

  • De-identification: Process of removing or obscuring personal identifiers
  • Health Information: Information about an individual's health, disability, or healthcare services
  • Personal Information: Information about an identifiable individual
  • Processing: Any operation performed on personal information

Markoste Pty Ltd

ABN: 36733104359

www.markoste.com.au