PRIVACY POLICY
Last updated: 23 April 2026. RecallQ Pty Ltd complies with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
On behalf of your practice we process the minimum personal information needed to send recall messages: patient name, mobile, last visit date, treatment type, and recall window. For your practice staff we also store name, email, and role.
Personal information is used solely to (a) identify overdue patients, (b) generate and send recalls at your practice's direction, and (c) route replies back to your practice. We do not use patient data to train AI models.
All personal information is stored in Australia on Supabase ap-southeast-2 (Sydney). RecallQ does not transfer personal information outside Australia for storage.
However, some personal information is disclosed to overseas service providers for processing as part of delivering the service: Anthropic (USA) for AI-assisted message generation; Resend (USA) for transactional email delivery; and Sentry (EU) for error monitoring and application diagnostics. These disclosures occur under APP 8 of the Privacy Act 1988 (Cth). RecallQ takes reasonable steps to ensure that each overseas recipient handles personal information in a manner consistent with the Australian Privacy Principles. A full list of sub-processors and their locations is available on the Legal hub.
Patient records are retained while your practice uses RecallQ, plus a 30-day export window after cancellation. Message logs are retained for 24 months for Spam Act compliance.
Under the APPs you or your patients (via your practice) may request access to, correction of, or deletion of personal information. Email privacy@recallq.com.au.
On confirmation of an eligible data breach under the Notifiable Data Breaches scheme, we will notify your practice within 24 hours and assist with OAIC notification.