Privacy Policy

Patient information (collected on behalf of the practitioner):

• Name, date of birth, address, phone number, and email address
• Government identifiers (Medicare number, DVA number, WorkCover claim number) — encrypted at rest
• Medical records, imaging, and clinical documents uploaded as part of a case referral
• Patient-reported outcome questionnaire responses (e.g., ODI, DASS-21, NDI)
• Consultation recordings and transcripts (where applicable)
• Medico-legal reports and clinical assessments

Practitioner information:

• Name, email address, phone number, and professional qualifications
• Authentication credentials (managed by our authentication provider)

Solicitor and referrer information:

• Name, firm name, email address, and phone number

We collect personal and health information through:

• Direct entry by the practitioner or practice staff into ML-Pro
• Document upload (medical records, referral letters, imaging) by the practitioner or instructing solicitor
• Patient questionnaires completed via secure, tokenised links
• Patient consent forms completed via secure, tokenised links
• Audio recordings of consultations captured through the platform

We do not collect personal information from third parties without the knowledge of the practitioner, and we do not collect information covertly or by automated scraping.

We collect and use personal and health information for the following purposes:

• Managing medico-legal case workflows from referral to report
• Processing and summarising medical documents using AI-assisted tools
• Generating structured medico-legal reports
• Collecting patient-reported outcome measures via questionnaires
• Recording and transcribing clinical consultations
• Maintaining audit trails for compliance and evidentiary purposes
• Sending transactional notifications (questionnaire links, consent requests)

We do not use personal or health information for marketing, advertising, research, or any purpose unrelated to the medico-legal assessment for which it was collected.

ML-Pro uses artificial intelligence (AI) to assist practitioners with document summarisation, report drafting, and clinical research. We take the following steps to protect your information during AI processing:

• De-identification: All patient-identifying information (names, dates of birth, addresses, Medicare numbers, etc.) is removed from text before it is sent to AI services. The AI never sees the patient’s actual identity.
• No data retention by AI providers: Our AI services (hosted by Amazon Web Services in Sydney, Australia) do not retain or learn from the data we send them. Processing is ephemeral.
• Australian processing: AI processing occurs within the AWS Sydney region (ap-southeast-2). Your data does not leave Australia for AI processing.
• Human oversight: AI is used as an assistive tool only. All clinical opinions, diagnoses, and medico-legal conclusions are made by the assessing medical specialist, not by AI.

We protect your information with the following measures:

• Encryption at rest: Sensitive identifiers (Medicare, DVA, WorkCover numbers) are encrypted with AES-256-GCM. Database and file storage are encrypted using AWS-managed encryption.
• Encryption in transit: All data transmitted between your browser and our servers is encrypted with TLS. We enforce HTTPS on all connections.
• Access controls: Role-based access control restricts who can view and edit case information. Organisation-level data isolation ensures practices cannot access each other’s data.
• Multi-factor authentication: All platform users are required to enable two-factor authentication before accessing the platform.
• Audit logging: Every access, modification, and export of case data is logged with an immutable, tamper-evident audit trail.
• Document integrity: Uploaded documents are hashed (SHA-256) on upload to verify they have not been altered.

All patient and health information is stored and processed exclusively in Australia.

• Database (PostgreSQL) — AWS Sydney region (ap-southeast-2)
• Document and audio storage (S3) — AWS Sydney region (ap-southeast-2)
• AI processing (OCR, summarisation, transcription) — AWS Sydney region (ap-southeast-2)

The only data that may be processed outside Australia is practitioner authentication data (email address and login credentials), which is managed by our authentication provider (Clerk). This data contains no patient or health information.

We may disclose personal information in the following circumstances:

• To the practitioner and their practice: Health information is accessible to authorised users within the practitioner’s organisation according to their assigned role.
• To the patient: Via secure questionnaire and consent links. Patients do not have direct login access to the platform.
• To the instructing solicitor: The practitioner may export reports and case materials for the instructing party. This is controlled by the practitioner, not automated.
• Transactional service providers: We use SendGrid (email) and MessageMedia (SMS, Australian company) to send notification messages. These messages contain only tokenised links — no patient names or health details are included in the notification content.
• As required by law: We may disclose information where required by Australian law, court order, or regulatory obligation.

We do not sell, rent, or trade personal or health information to any third party for any purpose.

We retain personal and health information for the period required by law and professional obligations:

• Adult patient records: Minimum 7 years from the date of the last entry, or longer where required for medico-legal purposes (up to 15 years for cases involving ongoing litigation or personal injury claims).
• Minor patient records: Until the patient turns 25, or 7 years from the last entry — whichever is later.
• Audit logs: Retained indefinitely as part of the evidentiary record.

When information is no longer required, it is securely destroyed in accordance with our Data Retention and Destruction Policy. Destruction is documented with a formal destruction certificate.

Under the Privacy Act 1988 and applicable state health records legislation, you have the right to:

• Access your information: You may request access to the personal and health information we hold about you. We will respond within 30 days.
• Correct your information: If you believe information we hold about you is inaccurate, incomplete, out-of-date, or misleading, you may request a correction. There is no fee for making a correction request.
• Complain: If you believe we have breached your privacy, you may lodge a complaint with us. We will investigate and respond within 30 days.

To exercise any of these rights, contact us using the details in Section 11 below. Access requests related to medico-legal cases should be directed to your treating practitioner in the first instance, as the report may be subject to legal professional privilege.

In the event of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals in accordance with Part IIIC of the Privacy Act 1988 (the Notifiable Data Breaches scheme).

We maintain a documented breach response procedure that includes containment, assessment, notification, and remediation phases.

If you have questions about this policy, wish to make an access or correction request, or wish to lodge a privacy complaint, please contact us:

If you are not satisfied with our response, you may lodge a complaint with: