Privacy Policy

We collect only the information necessary to provide and improve the Service:

Account information: When you create an account, we collect your email address and name. This information is required to create and manage your account.

Usage data: We may collect anonymised data about how you use the Service - such as feature usage frequency and report generation counts - to improve the product. This data does not include report content.

Clinical data: Client records, session notes (including voice transcripts), draft reports, uploaded documents, templates, and custom rules you create are stored in your account and linked to your user profile. This data is encrypted at rest.

We use the information we collect to:

• Create and manage your account
• Authenticate you when you log in
• Send essential service communications (account creation, password reset)
• Understand aggregate usage patterns to improve the Service
• Respond to support requests or enquiries

We do not use your personal information for advertising, and we do not sell your data to third parties.

When you generate a report, the clinical information you have entered is sent to our AI provider to produce the AI-generated draft:

• Client data and notes you enter before generation are stored in your account (see Section 1)
• Draft reports you save during or after generation are stored in your account database
• Our AI provider receives your clinical inputs for the purpose of generating the response only
• Our AI provider's own privacy policy and data handling practices apply to this API interaction

Our AI provider does not use API inputs for AI training and does not retain your data after the API response is returned.

We share data with the following service providers to operate the Service:

• AI provider — Receives your clinical inputs during report generation; does not retain data after responding.
• Database and file storage provider — Stores your account data, client records, notes, reports, and uploaded documents.
• Hosting provider — Processes web requests to serve the application.
• Payment processor — Handles subscription billing; receives your payment details directly.
• Email provider — Sends transactional emails such as account creation and password reset.
• Analytics provider — Anonymised usage telemetry to understand feature usage. Does not include clinical content.

We do not sell, rent, or trade your personal information to any other third parties.

Account data (email, name, account settings) is retained for as long as your account is active. When you delete your account, this data is removed.

Clinical data (client records, session notes, draft reports, uploaded documents) is retained in your account until you delete individual records or delete your account. You can export all your data from Settings → Data before deleting.

Under the Australian Privacy Act 1988, you have the right to:

• Access - Request a copy of the personal information we hold about you
• Correction - Ask us to correct inaccurate or incomplete information
• Deletion - Request deletion of your account and associated personal data

To exercise any of these rights, contact us at scrippio.au@gmail.com. We will respond within 30 days.

Scrippio uses essential cookies only. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

• Authentication session cookie - Required to keep you logged in. Expires when you log out or the session times out.

You can disable cookies in your browser settings, but this will prevent you from logging in to the Service.

We implement appropriate technical and organisational measures to protect your personal information, including:

• TLS encryption for all data in transit
• Industry-standard password hashing - plaintext passwords are never stored
• SOC 2 compliant infrastructure providers
• Data encrypted at rest in our database — client records, notes, and reports are never stored in plaintext

For more detail, see our Security Policy.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

Scrippio is committed to compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you believe we have not complied with our obligations under the Privacy Act, you may:

• Contact us first at scrippio.au@gmail.com

For privacy enquiries, contact us at scrippio.au@gmail.com.