AHCRA

Privacy Policy

Last updated: 31 March 2026

1. About This Policy

AHCRA (Australian Healthcare Compliance Regulatory Agency) operates the compliance management and training platform available at app.ahcra.com.au and this website at www.ahcra.com.au.

This Privacy Policy explains how AHCRA collects, uses, holds, and discloses your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It also addresses obligations under state health records legislation including the Health Records Act 2001 (Vic), the Health Records and Information Privacy Act 2002 (NSW), and the Health Records (Privacy and Access) Act 1997 (ACT) where applicable.

AHCRA will never sell, rent, or commercialise your personal information.

2. What We Collect and Why

Clinic administrators and account holders

  • Name, email address, and contact details — to create and manage your account
  • Clinic name, ABN, location, specialty, and clinic type — to tailor platform outputs to your practice
  • Staff information entered by you (names, roles, certifications, expiry dates) — to support credential tracking and compliance reporting
  • Policy documents, compliance settings, and audit preferences — to generate and store your compliance materials
  • Subscription and billing information — processed by our payment provider; we do not store card numbers

CPD learners and course participants

  • Name and email address — for account creation and certificate issuance
  • Course enrolment, progress, and completion data — to track CPD hours and issue certificates
  • Assessment responses — to evaluate learning outcomes

Website visitors

  • Name and contact details submitted via enquiry or contact forms — to respond to your enquiry
  • Usage data including pages visited, session duration, and device/browser information — collected via analytics tools to improve the website
  • IP address and approximate location (country and state level)

Sensitive information

The platform may indirectly involve health information through staff credential types or clinical course content. AHCRA handles any sensitive information with a higher standard of care as required by the APPs and will only collect it where reasonably necessary and with appropriate consent.

3. How We Use Your Information

  • To provide, operate, and improve the AHCRA platform and website
  • To generate compliance documents, audit reports, and course completions
  • To track staff credentials and send expiry alerts
  • To deliver CPD courses and issue completion certificates
  • To send service-related communications (account notifications, renewal reminders, regulatory update alerts)
  • To analyse platform usage and improve features
  • To comply with our legal obligations under Australian law

4. Automated Content Generation

Some platform features use automated content generation to produce policy documents, compliance audit findings, and educational materials. When these features are used, relevant data (such as clinic details or website content you submit) may be processed to generate outputs.

All generated content is provided as a guide only. You are responsible for reviewing and verifying all outputs before use. Generated content does not constitute legal, medical, or professional advice.

5. Data Storage and Security

Your data is stored on secure cloud infrastructure, hosted in Australia where practicable. We protect your information using encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews.

While we take reasonable steps to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

6. Disclosure to Third Parties

AHCRA does not sell your personal information. We share data only with service providers necessary to operate the platform — including database and hosting providers, payment processors, analytics services, and technology partners that support platform features. These providers are engaged under contractual obligations requiring them to handle your data securely and in accordance with Australian privacy requirements.

Some service providers may be located outside Australia. Where your personal information is disclosed overseas, AHCRA takes reasonable steps to ensure those providers apply privacy protections consistent with the APPs (APP 8.1), including through contractual protections, jurisdiction selection, and due diligence on provider practices. By using the platform, you acknowledge that your information may be processed overseas under these arrangements.

We may also disclose your information if required by law, regulation, or a valid government or court order.

7. Cookies and Analytics

We use essential cookies for authentication and session management, and analytics cookies to understand how visitors use our website. By continuing to use this website, you consent to the use of cookies as described in our Cookies Policy. You can manage cookie preferences through your browser settings.

8. Data Retention

We retain your account data for as long as your account is active. Upon request, we will delete your personal information within 90 days of account closure. Some data may be retained beyond this period where required by law or for legitimate business purposes.

9. Notifiable Data Breaches

AHCRA complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. If we become aware of a data breach that is likely to result in serious harm, we will assess the breach within 30 days and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. Where clinic administrators hold personal information about their staff or patients within the platform, they may also have independent notification obligations under the NDB scheme.

10. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate, incomplete, or out-of-date information
  • Request deletion of your personal information, subject to legal retention requirements
  • Withdraw consent for marketing communications at any time
  • Lodge a complaint with the OAIC if you believe your privacy has been breached

To exercise any of these rights, contact us at info@ahcra.com.au.

11. Children

The AHCRA platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where we make material changes, we will notify you via email or in-platform notification. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact and Complaints

For privacy-related questions or requests, contact us at info@ahcra.com.au. We will acknowledge your enquiry within 7 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):