Privacy Policy

1Information We Collect

1.1 Clinician Account Information

• Full name and professional credentials
• Email address and contact information
• Professional registration details (profession type)
• Password (stored in hashed format only)
• Payment and billing information (processed by Stripe)

1.2 Case/Client Information

• Child's name or identifier (as entered by clinician)
• Date of birth
• Informant email addresses (parent/carer, teacher)
• Questionnaire responses from all informants
• Generated assessment reports

1.3 Technical Information

• IP addresses and browser information
• Device identifiers and operating system
• Session timestamps and activity logs
• Cookies and similar tracking technologies

2How We Use Your Information

• Service Delivery: To provide screening assessments, generate reports, and facilitate clinician-informant communication
• Account Management: To create and maintain your account, process payments, and provide customer support
• Communication: To send transactional emails, service updates, and respond to inquiries
• Security: To monitor for fraud, unauthorized access, and maintain platform integrity
• Improvement: To analyze aggregate usage patterns and enhance our services (anonymized data only)
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

3Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We may share data only in the following circumstances:

• Service Providers: Trusted third parties who assist in operating our platform (e.g., cloud hosting, email delivery, payment processing)
• Legal Requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of ISLA LABS, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)

4Data Security

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication for clinician accounts
• Regular security audits and penetration testing
• Access controls and audit logging
• Secure, SOC 2 compliant cloud infrastructure

5Data Retention

• Active Accounts: Data retained while account is active plus 7 years (for compliance purposes)
• Screening Data: Retained for 7 years from completion, consistent with health records legislation
• Deleted Accounts: Personal data permanently deleted within 30 days of deletion request (except where legally required)
• Anonymized Data: May be retained indefinitely for research and analytics purposes

6Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access: Request a copy of personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable format
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at [email protected].

7Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering user preferences

We do not use third-party advertising or tracking cookies.

8Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after such modifications constitutes acknowledgment of the modified Privacy Policy.

9Contact Us