CarePlans AI Pty Ltd (ABN 92 691 158 237) ("CarePlans AI", "we", "us" or "our") provides an artificial intelligence powered voice companion service designed to enhance quality of life for elderly adults and other users through engaging and personalised conversations. This Privacy Policy describes how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Important Warnings
CRITICAL: CarePlans AI cannot reliably detect medical emergencies. The AI may fail to recognize heart attacks, strokes, falls, injuries, medication errors, cognitive decline, suicidal ideation, or any other medical emergency. Never rely on CarePlans AI for emergency detection or response.
SCAM WARNING: CarePlans AI will NEVER ask for passwords, banking details, Medicare numbers, or payment via gift cards or wire transfers during calls. Report suspicious calls to us immediately.
1. Personal Information We Collect
Information You Provide to Us
When you or your authorised representative signs up for CarePlans AI and uses the Service, we collect:
Contact Information: Name, email address, postal address, telephone number(s)
Demographic Information: Date of birth, age, gender, city, state, postcode
Account Information: Scheduled call times and preferences, preferred conversation topics, language preferences, authentication methods, emergency contact details, consent documentation
Conversation Data: All communications with CarePlans AI, topics discussed, questions asked, stories shared, preferences, interests, hobbies, memories and reminiscences
Sensitive Information: Health information, medications or treatments mentioned, disability status, religious beliefs, philosophical beliefs, sexual orientation (if disclosed), cultural or ethnic background, biometric information contained in voice recordings
Voice Recordings: Audio recordings of all conversations with CarePlans AI and transcripts. These recordings may contain voice biometric identifiers which are protected as sensitive information.
Information from Third Parties
We may receive information about you from:
Authorised representatives (family members, guardians, persons with power of attorney)
Care Entities (aged care facilities, home care agencies, healthcare providers)
Service providers (companies that help us deliver our services)
Government sources (publicly available government records where permitted)
2. How We Use Your Personal Information
Primary Purposes
Service Delivery: Making scheduled AI voice calls, personalising conversations, remembering previous conversations, providing companionship and social interaction
Communication: Sending service-related notifications, responding to enquiries, providing important updates, security and incident notifications
Safety and Wellbeing: Monitoring for signs of distress (note: this is not reliable), fulfilling mandatory reporting obligations, preventing elder abuse or exploitation, fraud and scam prevention
Secondary Purposes
Service Improvement: Training and improving our AI systems, analysing usage patterns, developing new services, conducting research (with de-identified data where possible)
Account Management: Managing your account and preferences, processing payments and billing, verifying identity and preventing fraud
Legal Compliance: Complying with Australian laws and regulations, responding to legal requests and court orders, protecting rights, safety, and property
3. How We Share Your Personal Information
We may share your personal information with:
Care Entities: Conversation summaries and insights, wellbeing indicators (not medical assessments), feedback about care services, engagement levels with the Service
Service Providers and Subprocessors: Cloud hosting providers, AI technology partners, transcription services, payment processors (Stripe), email platforms, analytics providers, security services
Authorised Individuals: Family members or friends you designate, legal guardians or attorneys (with verification), healthcare providers involved in your care, emergency contacts in urgent situations
Legal and Safety Disclosures: To comply with Australian law, protect against fraud or security threats, fulfil mandatory reporting obligations regarding suspected child abuse, elder abuse or neglect, risk of harm to vulnerable persons
A current list of our subprocessors is available at www.careplans.io/subprocessors.
4. Data Retention
We retain your personal information for as long as necessary to:
Provide the Service to you
Comply with legal obligations
Resolve disputes and enforce agreements
Support legitimate business purposes
Specifically:
Active accounts: Information retained while account is active
Voice recordings: Retained for 3 years unless deletion requested earlier
Biometric data: Subject to enhanced retention controls and deletion rights
After account closure: Personal data deleted within 30 days, except where legal retention required
Financial records: 7 years as required by tax law
Incident records: 7 years for liability purposes
5. Data Storage and Security
Data Location
Your personal information is primarily stored in Australia. Some service providers may process data overseas in the United States, European Union, Singapore, and other countries where our service providers operate.
Security Measures
We implement appropriate technical and organisational measures to protect personal information:
Technical Controls:
Encryption in transit (TLS 1.2+) and at rest (AES-256)
Multi-factor authentication for system access
Network segmentation and firewalls
Intrusion detection and prevention systems
Regular security patches and updates
Secure deletion procedures
Organisational Controls:
Access controls based on least privilege principle
Staff training on privacy and security
Background checks for staff with data access
Confidentiality agreements with all staff and contractors
Regular security assessments and penetration testing
Business continuity and disaster recovery plans
6. International Data Transfers
Some of our service providers operate outside Australia. When we transfer personal information overseas, we ensure recipients are subject to laws or binding agreements that provide similar protection to the APPs. Countries where data may be processed include the United States, European Union, Singapore, and other countries where our service providers operate.
7. Your Privacy Rights
Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
Access Your Information: Request a copy of personal information we hold about you (we will respond within 30 days)
Correct Your Information: Request correction of inaccurate or incomplete personal information
Withdraw Consent: Withdraw consent for certain uses of your information
Data Portability: Request your personal information in a structured, commonly used format (JSON or CSV)
Object to Processing: Object to certain uses of your information, including direct marketing and automated decision-making
Request Deletion: Request deletion of your personal information, subject to legal retention requirements
Human Review of Automated Decisions: Request human review of decisions made solely by automated processing that significantly affect you
Complaints Process
Step 1: Contact Us
Email: privacy@careplans.io
Phone: +61 483 955 552
Response within 5 business days
Resolution target: 30 days
Step 2: External Complaint
If unresolved, contact the Office of the Australian Information Commissioner (OAIC):
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
8. Automated Decision-Making
CarePlans AI uses automated decision-making and profiling to:
Conversation Generation: AI algorithms generate responses based on your input, natural language processing analyses conversation context, machine learning personalises interactions over time
Risk Assessment: Automated monitoring for keywords suggesting distress, pattern recognition for changes in wellbeing, alert generation for potential concerns
Service Optimization: Call scheduling algorithms, topic selection based on interests, engagement scoring for quality improvement
You have the right to request human review of automated decisions, understand the logic involved in automated processing, and challenge decisions that significantly affect you.
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies:
You can control cookies through browser settings or our cookie preference centre on the website.
10. Data Breach Response
In the event of an eligible data breach, we will:
Notify affected individuals within 72 hours of confirming an eligible breach
Notify the OAIC as required under the Notifiable Data Breaches scheme
Provide details of the breach, potential harm, and remediation steps
Offer identity protection services where appropriate
We maintain 24/7 security monitoring with response commitments for critical incidents (4-hour initial response), high priority incidents (24-hour initial response), and medium/low priority (72-hour initial response).
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email to registered users (30 days before changes take effect), prominent website notice, and in-app notifications where applicable.