Privacy Policy

Last updated: 2026-03-14

1. Overview

LifeSetGo ("we", "us", "our") provides software tools for occupational therapy (OT) practices in Australia to manage clients, service agreements, and administrative processes. We are committed to protecting the privacy and security of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

service agreements, and administrative processes. We are committed to protectingsensitive information under Australian privacy law and receives a higher level of protection.

2. What information we collect

Practice account information

Practice name, contact details, staff accounts (name, email, role).

Client information

Name, email, phone, date of birth, funding type, referral details (referrer name, diagnosis, clinical notes), and any information entered during registration or service agreement signing.

Service agreement data

Agreement content, versions, service line items, electronic signatures, timestamps, and signing IP address.

AI interaction data

If AI features are enabled: messages sent to the AI assistant, AI responses, tool call logs (sanitised), and token usage statistics. Chat content may include information about clients or clinical context.

Technical and usage data

IP addresses, browser type, page views (marketing site only), error logs (sanitised to exclude personal information).

3. How we use information

  • • To provide and operate app features (client management, agreements, signing, and notifications)
  • • To generate documents using templates and, where enabled, AI assistance
  • • To send transactional emails (agreement links, reminders, confirmations)
  • • To maintain audit trails for security and compliance
  • • To respond to support enquiries

We do not use your personal or health information for marketing, advertising, profiling, or sale to third parties.

4. AI processing

LifeSetGo AI features use Amazon Web Services (AWS) Bedrock in the Sydney region (ap-southeast-2). This includes:

  • • The practitioner workspace AI assistant
  • • Client portal AI help
  • • Referral data extraction (text and image)

Data handling: AI prompts and responses are processed in the Sydney region and are not used by AWS for model training. We minimise the amount of personal context sent to the model and keep AI audit logs sanitised (personal identifiers are redacted).

AI outputs may be inaccurate or incomplete. Practitioners must review and verify all AI-generated content before use.

5. Where data is stored and processed

  • Database — PostgreSQL hosted in Sydney, Australia
  • File storage — Cloudflare R2, Oceania region (signed PDFs, encrypted signatures)
  • Application hosting — Vercel, Sydney function region
  • AI processing — AWS Bedrock, Sydney region
  • Payments — Stripe (Australian account)

6. Cross-border disclosure (APP 8)

We aim to keep all personal and health information within Australian infrastructure. The following known cross-border data flows exist:

  • Transactional emails — Emails (agreement links, reminders, confirmations) are sent using an email service that may process metadata outside Australia. Email content is limited to the minimum necessary (recipient name and a secure link). We are actively working to migrate email sending to Australian-hosted infrastructure.

No personal or health information is shared with overseas entities for marketing, analytics, or model training purposes.

7. Security (APP 11)

  • • All data in transit is encrypted using TLS
  • • All data at rest is encrypted (database and file storage)
  • • Passwords are hashed using industry-standard algorithms (bcrypt)
  • • Authentication cookies are HTTP-only, secure, and scoped
  • • Practice data is isolated — practices cannot access each other's data
  • • AI audit logs are sanitised to exclude raw personal information
  • • Rate limiting is applied to AI and authentication endpoints
  • • Security headers are enforced (HSTS, clickjacking protection, content type enforcement)

8. Data retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Practices are responsible for ensuring clinical records are retained in accordance with applicable health record retention requirements (generally at least 7 years for adult records, and until age 25 for records relating to minors, depending on jurisdiction).

When data is no longer required, it will be securely destroyed or de-identified in accordance with our retention policy.

9. Access and correction (APP 12 / APP 13)

You have the right to request access to, and correction of, your personal information. To make a request:

  • If you are a client: Contact your OT practice directly. The practice will process your request and respond within 30 days.
  • If you are a practice user: Contact us at contact@lifesetgo.net.

If we refuse a request, we will provide written reasons and information about how to complain.

10. Data breach notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

11. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by emailing contact@lifesetgo.net. We will acknowledge receipt within 7 days and aim to resolve your complaint within 30 days.

If you are not satisfied with our response, you may complain to the OAIC.

12. Contact

For privacy enquiries, access/correction requests, or complaints:

Email: contact@lifesetgo.net

This privacy policy is a working document and will be updated as our services evolve. It should be reviewed by qualified Australian privacy/legal counsel before being relied upon as final legal documentation. For general privacy guidance, see the OAIC.