Privacy Policy

Last updated: August 29, 2025

1. Introduction

AutoclaveLog ("we", "our", or "us") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our autoclave sterilisation logging service, including our mobile application and web-based administration platform.

This policy complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

Personal Information

We collect personal information that you voluntarily provide when using our services, including:

  • Name, email address, and contact details
  • Business/salon information and location
  • User account credentials
  • Staff training and competency records

Health and Sterilisation Data

As part of our sterilisation logging service, we collect and process:

  • Sterilisation cycle records and parameters
  • Equipment serial numbers and specifications
  • Monitoring indicator results (mechanical, chemical, biological)
  • Load contents and descriptions
  • Operator identification and sign-offs
  • Equipment maintenance and calibration records

Technical Information

We automatically collect certain technical information, including:

  • Device information (type, operating system, unique identifiers)
  • App usage data and performance metrics
  • IP addresses and location data (when location services are enabled)
  • Log files and crash reports

3. How We Use Your Information

We use your information for the following purposes:

Service Provision

  • Providing autoclave sterilisation logging and compliance services
  • Managing user accounts and authentication
  • Generating compliance reports and data exports
  • Equipment tracking and maintenance scheduling
  • Staff management and training record keeping

Compliance and Legal Requirements

  • Meeting Australian health regulatory requirements (RACGP, NSW Health, AS/NZS 4815:2006)
  • Maintaining required record retention periods (7 years for healthcare, 12+ months for skin-penetration)
  • Supporting regulatory inspections and audits
  • Complying with legal obligations and court orders

Service Improvement

  • Improving app functionality and user experience
  • Analysing usage patterns to enhance features
  • Providing customer support and technical assistance
  • Developing new features and services

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

With Your Consent

We may share information when you provide explicit consent or direction to do so.

Service Providers

We may share information with trusted third-party service providers who assist us in operating our service, including:

  • Cloud hosting providers (AWS)
  • Analytics and monitoring services
  • Customer support platforms
  • Payment processing services

Legal Requirements

We may disclose information when required by law, including:

  • Response to court orders or legal processes
  • Compliance with regulatory investigations
  • Health authority inspections and audits
  • Protection of our rights and safety

Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

5. Data Security

We implement robust security measures to protect your information:

Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA) support
  • Regular security assessments and penetration testing
  • Secure cloud infrastructure (AWS with ISO 27001 certification)

Access Controls

  • Role-based access control with principle of least privilege
  • Regular access reviews and user deprovisioning
  • Audit logging of all data access and modifications
  • Staff training on data protection and security practices

6. Data Retention

We retain your information in accordance with Australian health regulations and business requirements:

Sterilisation Records

  • Healthcare/Dental: Minimum 7 years as required by RACGP standards
  • Skin-penetration (tattoo/piercing): Minimum 12 months as required by state health regulations
  • Equipment validation/calibration: Lifetime of equipment

Other Information

  • Account information: Retained while your account is active plus 7 years
  • Technical logs: Retained for 12 months unless required for longer for security purposes
  • Marketing data: Retained until you opt out or request deletion

7. Your Rights

Under Australian privacy law, you have the following rights:

Access and Correction

  • Request access to your personal information
  • Request correction of inaccurate or outdated information
  • Receive a copy of your data in a portable format

Deletion and Restriction

  • Request deletion of your personal information (subject to legal retention requirements)
  • Restrict processing of your information in certain circumstances
  • Object to processing for direct marketing purposes

Complaints

If you have concerns about our privacy practices, you can:

  • Contact our Privacy Officer using the details below
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

8. International Transfers

Your information may be processed and stored outside Australia, including in the United States through our cloud service providers. We ensure appropriate safeguards are in place, including:

  • Contractual protections equivalent to Australian privacy standards
  • Service providers certified under internationally recognised standards
  • Technical and organisational measures to protect data integrity

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Notify you via email or in-app notification
  • Update the "Last updated" date at the top of this policy
  • Provide a summary of changes in our service announcements

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

10. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Officer
AutoclaveLog
Email: evgueni@10xdigital.com.au
Response time: We aim to respond to all privacy enquiries within 30 days.

11. Definitions

In this Privacy Policy:

  • "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable
  • "Health information" includes information about sterilisation procedures, equipment records, and compliance data related to health and safety practices
  • "Service" refers to the AutoclaveLog mobile application, web administration platform, and related services
  • "Australian Privacy Principles" refers to the privacy principles set out in Schedule 1 of the Privacy Act 1988 (Cth)