Kookaburra Health

Legal

Privacy Policy

Effective 25 May 2026 · Version 1.0

This is the Privacy Policy for Kookaburra Health. We're an Australian business that turns your practice management system (PMS) data into a quarterly business intelligence report. We take privacy seriously — particularly for allied health data — and this policy explains, in plain English, exactly what we do with the information you share with us.

Kookaburra Health is a trading name of Principal Podiatry Pty Ltd (ABN 19 615 606 347), an Australian company registered in Queensland. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who we are

The entity responsible for handling your personal information is:

  • Kookaburra Health (a trading name of Principal Podiatry Pty Ltd)
  • ABN: 19 615 606 347 · ACN: 615 606 347
  • Registered office: 14 Sandown Street, Brighton QLD 4017, Australia
  • Contact: contact@kookaburra.health

Kookaburra Health is owned and operated by Tradd Horne, an AHPRA-registered podiatrist (POD0001880268).

2. What we collect

We collect only what we need to provide the service. Specifically:

Account information

  • Email address (used as your login and for service communications)
  • Hashed password (we never see or store your actual password)
  • Practice name (optional, used to personalise your dashboard and report)
  • Account creation timestamp and last-login timestamp

Practice management system credentials

  • Your Cliniko (or other supported PMS) API key
  • This key is encrypted at rest using Fernet symmetric encryption before being written to our database. The plaintext key is never logged.

De-identified clinic data

  • We periodically pull aggregate and de-identified data from your PMS via the API — appointment counts, invoice amounts, dates, practitioner IDs, funding source codes, recall pipelines
  • We do not retrieve or store patient names, dates of birth, Medicare numbers, addresses, phone numbers, email addresses, clinical notes, or any other patient identifiers in our systems
  • See Patient data for the full list of what stays inside your PMS and is never copied to our servers

Payment information

  • Handled entirely by Stripe, our payment processor
  • We see only: subscription status, last 4 digits of the card, billing country, and the Stripe customer ID
  • We never see your full card number, CVC, or bank account details

Technical and usage data

  • Server access logs (IP address, request URL, response status, user agent) retained for 30 days for security and debugging
  • Audit log of access to your data within our system (which user performed which action, when) retained for 7 years to meet potential clinical compliance obligations

3. Why we collect it

We use the information described above only to:

  • Authenticate you and let you access your dashboard
  • Connect to your PMS using your API key
  • Generate the quarterly business intelligence report you're paying for
  • Process payments and manage subscriptions via Stripe
  • Send transactional emails (welcome, password reset, report delivery, billing receipts)
  • Detect and respond to security incidents
  • Comply with our legal obligations under Australian law

We do not use your information for marketing to third parties, behavioural advertising, or training AI models. We do not sell your data to anyone.

4. Who we share it with

We share data only with the third-party service providers strictly necessary to deliver the service:

  • Stripe — payment processing. They see your email, billing details, and payment events.
  • Amazon Web Services (Sydney region, ap-southeast-2) — server hosting and database storage. They host our infrastructure but cannot read your encrypted data without our keys.
  • DigitalOcean (Sydney region, SYD1) — application server hosting (interim before AWS migration).
  • Google (Gmail / Workspace) — outbound transactional email delivery via SMTP relay.
  • ImprovMX — inbound email forwarding for contact@kookaburra.health.

We do not share your personal information with advertisers, data brokers, or marketing partners. We do not have a "share to partners" tier of any kind.

We may disclose your information if required by a court order, warrant, or other legal process under Australian law. We will tell you about any such request unless we are legally prohibited from doing so.

5. Cross-border disclosure (APP 8)

Some of our service providers process data outside Australia. Specifically:

  • Stripe processes payment data in the United States. Stripe is PCI DSS Level 1 certified and bound by their published Data Processing Addendum.
  • Google (Gmail SMTP relay) may route outbound email through US-based servers.

Where we use overseas providers, we ensure they have privacy protections substantially similar to the Australian Privacy Principles. By using our service, you consent to this cross-border disclosure for the limited purposes described above.

Your PMS data and our application database remain in Australia at all times (Sydney region).

6. How we store and protect it

  • All data is hosted in Australia (Sydney region) on infrastructure providers with industry-standard physical and network security
  • All connections to our service are encrypted with TLS 1.2 or higher (HTTPS only — we do not accept unencrypted connections)
  • Your PMS API key is encrypted at rest using Fernet symmetric encryption before storage; the encryption key is held separately
  • Passwords are hashed using Django's PBKDF2 with SHA-256 and a per-user salt — we cannot recover your password if you lose it
  • Database backups are encrypted at rest and retained for 30 days
  • Access to production systems is restricted to the founder via SSH key, with no shared accounts or default passwords
  • We maintain an internal audit log of every system action that touches your data

7. Patient data — what stays in Cliniko

This section is the most important part of this policy for clinic owners. We have deliberately designed our system to never copy patient identifiers out of your PMS.

The following information remains inside your Cliniko (or other PMS) account at all times. It is never written to our database, never sent to a language model, and never appears in any report we generate:

  • Patient names (first, last, preferred)
  • Date of birth
  • Medicare numbers, DVA numbers, NDIS plan numbers, Healthcare Identifiers
  • Phone numbers, email addresses, postal and residential addresses
  • Emergency contact details
  • Medical alerts, allergies, clinical notes, treatment notes, files, and attachments
  • Free-text appointment notes

What we do retrieve and analyse is aggregate and de-identified data: appointment counts by date and practitioner, invoice amounts by funding source, recall pipeline volumes, retention curves expressed as numbers, scheduling capacity utilisation. None of these data points can be linked back to a specific individual on our systems.

If a future product feature requires touching patient identifiers (for example, a tool that lets you re-engage lapsed patients by name), it will require your explicit, action-by-action consent and will be clearly described before you use it.

8. Your rights (APP 12, 13)

Under Australian privacy law, you have the right to:

  • Access the personal information we hold about you. Email contact@kookaburra.health and we will respond within 30 days.
  • Correct any inaccurate or out-of-date information. You can update most details from your dashboard, or email us.
  • Delete your account and all associated personal information. We will delete your data within 14 days of receiving a written deletion request, subject to any legal retention obligations.
  • Withdraw consent to specific data processing at any time, by closing your account or by writing to us.
  • Make a complaint — see Contact and complaints below.

9. Cookies and tracking

We use a single first-party session cookie to keep you logged in. We do not use:

  • Third-party analytics cookies (no Google Analytics, no Meta pixels)
  • Advertising or retargeting cookies
  • Cross-site tracking of any kind

If we add privacy-respecting analytics in the future (for example, Plausible or Fathom — both cookieless and Australian-resident-data compatible), we will update this policy.

10. Data retention

  • Account data — retained while your account is active, then deleted within 14 days of account closure
  • Encrypted PMS API key — retained while your account is active, deleted on closure or on request
  • Generated quarterly reports — retained for 7 years (financial-record retention norm), then deleted
  • Stripe payment records — retained for 7 years to comply with Australian tax law
  • Access logs — 30 days
  • Audit logs — 7 years
  • Database backups — 30 days

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective" date at the top of this page will always reflect the most recent version. If we make a material change (one that meaningfully affects how we handle your data), we will notify you by email at least 14 days before it takes effect.

12. Contact and complaints

For any question, request, or concern about this Privacy Policy or your personal information, contact:

We will acknowledge your enquiry within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

See also: Terms of Service