Back to Senvaro

Privacy Policy

Last updated: 01 February 2026

1. Introduction

Senvaro ("we", "our", or "us") is committed to protecting the privacy of your personal information, including sensitive health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical documentation service.

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and applicable state health records legislation, including the Health Records and Information Privacy Act 2002 (NSW).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Password (encrypted)
  • Professional role
  • Practice or organisation details (if applicable)

2.2 Health Information

When you use Senvaro to document consultations, you may input or we may process:

  • Audio recordings of clinical consultations
  • Transcriptions of those recordings
  • Clinical notes generated from transcriptions
  • Patient names and identifiers you provide

Important: You are responsible for obtaining appropriate patient consent before recording any consultation. We process this information solely on your instructions as a healthcare provider.

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage statistics (consultation counts, recording duration)

3. How We Use Your Information

We use your information to:

  • Provide and maintain our clinical documentation service
  • Process audio recordings and generate transcriptions
  • Generate clinical notes using artificial intelligence
  • Authenticate your identity and maintain account security
  • Process payments and manage subscriptions
  • Send service-related communications
  • Improve and develop our services
  • Comply with legal obligations

4. Data Storage and Security

4.1 Location

Patient and clinical data is stored and processed in Australia using Microsoft Azure infrastructure located in the Australia East (Sydney) region. We do not transfer patient or clinical data outside Australia.

Billing and account data required for payments is processed by Stripe. Stripe may store or process this data outside Australia (including the United States). We do not send patient or clinical data to Stripe.

4.2 Security Measures

We implement robust security measures including:

  • Encryption of data at rest and in transit (TLS 1.2+)
  • Encryption of sensitive fields including patient information
  • Secure authentication with optional two-factor authentication
  • Regular security assessments and monitoring
  • Access controls and audit logging
  • Automatic session timeout after 30 minutes of inactivity

5. Data Retention

We retain your information as follows:

  • Audio recordings: Retained for 90 days by default, then securely deleted
  • Transcriptions: Retained for 365 days by default, then securely deleted
  • Clinical notes: Retained until you delete them or close your account
  • Account information: Retained while your account is active

You may request earlier deletion of your data at any time. Note that healthcare providers may have independent legal obligations to retain clinical records.

6. Disclosure of Information

We may disclose your information to:

  • Service providers: Third parties who assist us in operating our service, including:
    • Microsoft Azure (cloud infrastructure and AI services)
    • Stripe (payment processing; billing data may be processed outside Australia, including the United States)
  • Legal requirements: When required by law, court order, or government authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

7. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Complaint: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at the details below.

8. Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences (e.g., theme settings)
  • Protect against security threats

We do not use cookies for advertising or cross-site tracking.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of Senvaro after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Senvaro
Email: hello@senvaro.com
Location: Sydney, NSW, Australia

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.