Privacy Policy
Last updated: 13 April 2026
1. Overview
SmartGPAssist ("the Service") is operated by Dr Sudheer Talari ("we", "us", "our"). We are committed to protecting the privacy of our users and their patients. This Privacy Policy explains how we collect, use, store, and protect personal and health information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state/territory health records legislation.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- AHPRA registration number (optional, for verification)
- Medicare provider number (optional)
- Clinic name and address (optional)
- Specialty and qualifications
2.2 Consultation Data
When you use the consultation recording feature, we process:
- Patient first name and date of birth (entered by you)
- Presenting complaint
- Audio recordings of consultations
- AI-generated transcripts
- AI-generated clinical analysis, billing suggestions, and documents
2.3 Payment Information
Payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We retain only Stripe customer IDs and transaction references for billing purposes.
2.4 Usage Data
We collect anonymised usage data including feature usage patterns, session duration, and error logs to improve the Service. This data does not contain patient health information.
3. How We Use Your Information
We use the information collected to:
- Provide and maintain the Service
- Process consultation recordings and generate AI analysis
- Generate clinical documents (referrals, certificates, handouts)
- Process payments and manage credit balances
- Improve the Service and develop new features
- Communicate with you about your account and the Service
- Comply with legal obligations
We do NOT use patient consultation data to train AI models. Consultation recordings and transcripts are processed solely for the purpose of providing the Service to you.
4. Data Storage and Security
All data is stored on secure, encrypted servers. Audio recordings are stored in encrypted cloud storage (AWS S3) with access controls. Database connections use TLS/SSL encryption. We implement industry-standard security measures including:
- HTTPS encryption for all data in transit
- Encrypted storage for audio files and transcripts
- Secure session management with OAuth 2.0
- Role-based access controls
- Regular security reviews
5. Data Sharing
We share data only with the following third parties, solely for the purpose of providing the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI (Whisper) | Audio transcription | Audio recordings |
| AI Language Model | Clinical analysis generation | Transcripts (de-identified where possible) |
| Stripe | Payment processing | Email, payment method |
| AWS | Cloud storage and hosting | All service data (encrypted) |
We do not sell, rent, or trade your personal information or patient data to any third party.
6. Patient Data Responsibilities
Your Obligations as a Healthcare Provider
As the treating practitioner, you are responsible for:
- Obtaining appropriate patient consent before recording consultations
- Complying with your state/territory health records legislation
- Maintaining your own clinical records as required by AHPRA and the Medical Board
- Ensuring patient data entered into SmartGPAssist is accurate and necessary
- Not entering more patient-identifying information than required (first name and DOB only)
7. Data Retention
Consultation data (recordings, transcripts, and analysis) is retained for as long as your account is active. You may request deletion of specific consultations or your entire account at any time. Upon account deletion, all associated data will be permanently removed within 30 days, except where retention is required by law.
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your data
- Withdraw consent for data processing
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
9. Cookies and Analytics
We use essential cookies for authentication and session management. We may use anonymised analytics to understand usage patterns and improve the Service. We do not use cookies for advertising or tracking purposes.
10. Children's Privacy
The Service is intended for use by healthcare professionals only. We do not knowingly collect personal information from individuals under 18 years of age. Patient data for paediatric consultations is entered and managed by the treating practitioner.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
12. Contact and Complaints
For privacy-related questions, data access requests, or complaints, please contact:
Dr Sudheer Talari, FRACGP
Email: [email protected]
Website: smartgpassist.com
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
© 2026 Dr Sudheer Talari. All rights reserved.