Privacy Policy

Last updated: 20 March 2026

About AHCRA

AHCRA (Australian Healthcare Compliance Regulatory Agency) is operated by Luna Systems Pty Ltd (ABN to be confirmed). We operate the Clinic Compliance platform, a compliance management and training service for Australian healthcare clinics.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Information We Collect

Account Information

When you create an account, we collect your name, email address, clinic details, and ABN.

Staff Information

Clinic administrators may enter staff information into the platform, including names, roles, certifications, and certification expiry dates. This information is provided by the clinic administrator and AHCRA does not independently verify it.

Compliance and Audit Data

We collect website URLs submitted for compliance audits, course progress and completion data, and policy documents generated by or uploaded to the platform.

Payment Information

Payment information is processed by our third-party payment provider. AHCRA does not store full credit card numbers or payment credentials on our systems.

Usage and Technical Data

We automatically collect usage data including pages visited, features used, and session duration. We also collect device and browser information, IP addresses, and location data at the country and state level.

How We Use Your Information

We use your information to:

Provide and improve the Clinic Compliance platform
Generate compliance documents and audit reports
Track staff certifications and send expiry notifications
Deliver CPD courses and generate completion certificates
Send service-related communications, including account notifications and feature updates
Analyse platform usage to improve features and user experience
Comply with our legal obligations under Australian law

AI-Generated Content

AHCRA uses artificial intelligence to generate policy documents, compliance audit findings, and educational content. AI-generated content is provided as a starting point and guide only. Users are responsible for reviewing, customising, and verifying all AI-generated content before use or implementation.

AHCRA does not guarantee the accuracy, completeness, or legal sufficiency of any AI-generated content. AI-generated content does not constitute legal, medical, or professional advice.

When you use AI-powered features, relevant data (such as clinic details or website content) may be processed by third-party AI providers to generate outputs. This processing is governed by the terms outlined in the Third-Party Services section below.

Data Storage and Security

Your data is stored on Supabase infrastructure, hosted in Australia where possible. We protect your information using:

Encryption in transit using TLS (Transport Layer Security)
Encryption at rest for stored data
Access controls and role-based permissions within the platform
Regular security reviews of our systems and processes

While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

Third-Party Services

We use the following third-party services to operate the platform:

Supabase — database hosting and user authentication
Vercel — website and application hosting
OpenAI / Anthropic — AI content generation. Data sent to these providers may be processed on servers located overseas, including in the United States
DataForSEO — website auditing and analysis
Payment processor — payment processing (provider to be confirmed)
Analytics tools — platform usage analytics

Each third-party provider is subject to their own privacy policy and data handling practices. We select providers that maintain appropriate security standards.

Data Sharing and Disclosure

We do not sell your personal information to any third party.

We share your data only with service providers necessary to operate the platform, as described above. AI providers may process your data to generate content, and this processing is covered under their respective privacy policies.

We may disclose your information if required to do so by law, regulation, legal process, or enforceable government request.

Data Retention

We retain your account data for as long as your account remains active. Upon request, we will delete your personal information within 90 days of account closure. Some data may be retained beyond this period where required for legal or compliance obligations.

Your Rights Under the Privacy Act 1988

Under the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you
Request correction of inaccurate, incomplete, or out-of-date information
Request deletion of your personal information, subject to any legal retention requirements
Withdraw consent for marketing communications at any time
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at info@ahcra.com.au.

Cookies

We use essential cookies for authentication and session management. We may also use analytics cookies with your consent. We do not use advertising or third-party tracking cookies. For full details, see our Cookies Policy.

Children

The AHCRA platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Where we make significant changes, we will notify you via email or through an in-app notification. The "last updated" date at the top of this page reflects the most recent revision.

Contact Us

If you have questions about this Privacy Policy or wish to make a privacy-related request, contact our Privacy Officer:

Email: info@ahcra.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.