CarePlans AI Privacy Policy

    Effective Date: 22 October 2025

    Version: 1.1

    CarePlans AI Pty Ltd (ABN 92 691 158 237) ("CarePlans AI", "we", "us" or "our") provides an artificial intelligence powered voice companion service designed to enhance quality of life for elderly adults and other users through engaging and personalised conversations. This Privacy Policy describes how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

    1. Personal Information We Collect

    Information You Provide to Us

    When you or your authorised representative signs up for CarePlans AI and uses the Service, we collect:

    • Contact Information: Name, email address, postal address, telephone number(s)
    • Demographic Information: Date of birth, age, gender, city, state, postcode
    • Account Information: Scheduled call times and preferences, preferred conversation topics, language preferences, authentication methods, emergency contact details, consent documentation
    • Conversation Data: All communications with CarePlans AI, topics discussed, questions asked, stories shared, preferences, interests, hobbies, memories and reminiscences
    • Sensitive Information: Health information, medications or treatments mentioned, disability status, religious beliefs, philosophical beliefs, sexual orientation (if disclosed), cultural or ethnic background, biometric information contained in voice recordings
    • Voice Recordings: Audio recordings of all conversations with CarePlans AI and transcripts. These recordings may contain voice biometric identifiers which are protected as sensitive information.

    Information from Third Parties

    We may receive information about you from:

    • Authorised representatives (family members, guardians, persons with power of attorney)
    • Care Entities (aged care facilities, home care agencies, healthcare providers)
    • Service providers (companies that help us deliver our services)
    • Government sources (publicly available government records where permitted)

    2. How We Use Your Personal Information

    Primary Purposes

    • Service Delivery: Making scheduled AI voice calls, personalising conversations, remembering previous conversations, providing companionship and social interaction
    • Communication: Sending service-related notifications, responding to enquiries, providing important updates, security and incident notifications
    • Safety and Wellbeing: Monitoring for signs of distress (note: this is not reliable), fulfilling mandatory reporting obligations, preventing elder abuse or exploitation, fraud and scam prevention

    Secondary Purposes

    • Service Improvement: Training and improving our AI systems, analysing usage patterns, developing new services, conducting research (with de-identified data where possible)
    • Account Management: Managing your account and preferences, processing payments and billing, verifying identity and preventing fraud
    • Legal Compliance: Complying with Australian laws and regulations, responding to legal requests and court orders, protecting rights, safety, and property

    3. How We Share Your Personal Information

    We may share your personal information with:

    • Care Entities: Conversation summaries and insights, wellbeing indicators (not medical assessments), feedback about care services, engagement levels with the Service
    • Service Providers and Subprocessors: Cloud hosting providers, AI technology partners, transcription services, payment processors (Stripe), email platforms, analytics providers, security services
    • Authorised Individuals: Family members or friends you designate, legal guardians or attorneys (with verification), healthcare providers involved in your care, emergency contacts in urgent situations
    • Legal and Safety Disclosures: To comply with Australian law, protect against fraud or security threats, fulfil mandatory reporting obligations regarding suspected child abuse, elder abuse or neglect, risk of harm to vulnerable persons

    A current list of our subprocessors is available at www.careplans.io/subprocessors.

    4. Data Retention

    We retain your personal information for as long as necessary to:

    • Provide the Service to you
    • Comply with legal obligations
    • Resolve disputes and enforce agreements
    • Support legitimate business purposes

    Specifically:

    • Active accounts: Information retained while account is active
    • Voice recordings: Retained for 3 years unless deletion requested earlier
    • Biometric data: Subject to enhanced retention controls and deletion rights
    • After account closure: Personal data deleted within 30 days, except where legal retention required
    • Financial records: 7 years as required by tax law
    • Incident records: 7 years for liability purposes

    5. Data Storage and Security

    Data Location

    Your personal information is primarily stored in Australia. Some service providers may process data overseas in the United States, European Union, Singapore, and other countries where our service providers operate.

    Security Measures

    We implement appropriate technical and organisational measures to protect personal information:

    Technical Controls:

    • Encryption in transit (TLS 1.2+) and at rest (AES-256)
    • Multi-factor authentication for system access
    • Network segmentation and firewalls
    • Intrusion detection and prevention systems
    • Regular security patches and updates
    • Secure deletion procedures

    Organisational Controls:

    • Access controls based on least privilege principle
    • Staff training on privacy and security
    • Background checks for staff with data access
    • Confidentiality agreements with all staff and contractors
    • Regular security assessments and penetration testing
    • Business continuity and disaster recovery plans

    6. International Data Transfers

    Some of our service providers operate outside Australia. When we transfer personal information overseas, we ensure recipients are subject to laws or binding agreements that provide similar protection to the APPs. Countries where data may be processed include the United States, European Union, Singapore, and other countries where our service providers operate.

    7. Your Privacy Rights

    Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

    • Access Your Information: Request a copy of personal information we hold about you (we will respond within 30 days)
    • Correct Your Information: Request correction of inaccurate or incomplete personal information
    • Withdraw Consent: Withdraw consent for certain uses of your information
    • Data Portability: Request your personal information in a structured, commonly used format (JSON or CSV)
    • Object to Processing: Object to certain uses of your information, including direct marketing and automated decision-making
    • Request Deletion: Request deletion of your personal information, subject to legal retention requirements
    • Human Review of Automated Decisions: Request human review of decisions made solely by automated processing that significantly affect you

    Complaints Process

    Step 1: Contact Us

    • Email: privacy@careplans.io
    • Phone: +61 483 955 552
    • Response within 5 business days
    • Resolution target: 30 days

    Step 2: External Complaint

    If unresolved, contact the Office of the Australian Information Commissioner (OAIC):

    • Website: www.oaic.gov.au
    • Phone: 1300 363 992
    • Email: enquiries@oaic.gov.au

    8. Automated Decision-Making

    CarePlans AI uses automated decision-making and profiling to:

    • Conversation Generation: AI algorithms generate responses based on your input, natural language processing analyses conversation context, machine learning personalises interactions over time
    • Risk Assessment: Automated monitoring for keywords suggesting distress, pattern recognition for changes in wellbeing, alert generation for potential concerns
    • Service Optimization: Call scheduling algorithms, topic selection based on interests, engagement scoring for quality improvement

    You have the right to request human review of automated decisions, understand the logic involved in automated processing, and challenge decisions that significantly affect you.

    9. Cookies and Tracking Technologies

    Our website uses cookies and similar technologies:

    • Essential Cookies: Session management, security tokens, load balancing (always active)
    • Analytics Cookies: Google Analytics (anonymised IP), usage patterns, performance monitoring (with consent)
    • Functional Cookies: Language preferences, accessibility settings, user interface customisation
    • Marketing Cookies: Interest-based advertising, campaign effectiveness (with consent)

    You can control cookies through browser settings or our cookie preference centre on the website.

    10. Data Breach Response

    In the event of an eligible data breach, we will:

    • Notify affected individuals within 72 hours of confirming an eligible breach
    • Notify the OAIC as required under the Notifiable Data Breaches scheme
    • Provide details of the breach, potential harm, and remediation steps
    • Offer identity protection services where appropriate

    We maintain 24/7 security monitoring with response commitments for critical incidents (4-hour initial response), high priority incidents (24-hour initial response), and medium/low priority (72-hour initial response).

    11. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email to registered users (30 days before changes take effect), prominent website notice, and in-app notifications where applicable.

    12. How to Contact Us

    CarePlans AI Pty Ltd
    ABN: 92 691 158 237

    Email Contacts:

    • Privacy Officer: privacy@careplans.io
    • Security Incidents: security@careplans.io (24/7 monitored)
    • General Enquiries: info@careplans.io
    • Complaints: complaints@careplans.io

    Phone: +61 483 955 552
    Address: 7 York Street, Gladesville, NSW, 2111, Australia
    Website: www.careplans.io

    Document Control

    Version: 1.1

    Effective Date: 22 October 2025

    Last Review: 22 October 2025

    Next Review Due: 22 April 2026

    This Privacy Policy complies with:

    ✅ Privacy Act 1988 (Cth) • ✅ Australian Privacy Principles (APPs)

    ✅ Notifiable Data Breach Scheme • ✅ State and territory privacy laws

    We use a small set of cookies to keep you signed in and to understand usage. See our Privacy Policy.