Privacy Policy

Last updated: April 2026 — Draft

1. Introduction

Sage Clinics Pty Ltd (ABN pending), trading as "Sage" ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and store your personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW).

By using the Sage platform ("Platform"), you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Full name, email address, phone number, date of birth, state/territory of residence
  • Health information: Menopause symptoms, medical history, current medications, allergies, lifestyle factors, and clinical notes from consultations
  • Payment information: Processed securely via Stripe — we do not store your full card details
  • Technical information: IP address, browser type, device information, and usage analytics
  • Communication records: Messages, consultation notes, and correspondence with our care team

3. How We Use Your Information

We use your personal information to:

  • Provide telehealth consultations and clinical care
  • Process prescriptions and coordinate medication delivery with pharmacy partners
  • Manage your account and communicate with you about your care
  • Process payments for consultations
  • Comply with legal and regulatory obligations (including AHPRA and Medicare requirements)
  • Improve our services and Platform functionality
  • Send you appointment reminders and care-related communications

We will not use your health information for marketing purposes without your explicit consent.

4. Health Information

We recognise the sensitive nature of health information and handle it with the highest level of care. Your health information is:

  • Collected only with your consent and for the purpose of providing clinical care
  • Accessible only to your treating clinician and authorised care team members
  • Stored securely with encryption at rest and in transit
  • Retained in accordance with Australian medical record-keeping requirements (minimum 7 years from last consultation, or until you turn 25 if treated as a minor)
  • Never sold or shared for commercial purposes

5. Third Parties

We share your information with the following trusted third parties only as necessary to provide our services:

  • Stripe — Payment processing. Stripe handles your payment information in accordance with PCI-DSS standards. See Stripe's Privacy Policy.
  • Pharmacy partners — Accredited Australian pharmacies that dispense your prescriptions. We share only the information necessary for dispensing (name, address, prescription details).
  • Coviu — Video consultation platform. Coviu is an Australian telehealth provider that complies with Australian privacy legislation. See Coviu's Privacy Policy.
  • Supabase — Database and authentication infrastructure. Data is stored in Australian-region servers.

We do not sell your personal information to any third party.

6. Data Storage & Security

Your data is stored on servers located in Australia. We implement industry-standard security measures including:

  • Encryption of data at rest and in transit (TLS 1.2+)
  • Role-based access controls for clinical staff
  • Regular security audits and vulnerability assessments
  • Secure authentication with email verification

In the unlikely event of a data breach involving health information, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

7. Your Rights

Under Australian privacy law, you have the right to:

  • Access your personal information held by us
  • Correct any inaccurate or out-of-date information
  • Request deletion of your account and personal data (subject to medical record retention obligations)
  • Withdraw consent for non-essential communications at any time
  • Complain to the OAIC if you believe your privacy has been breached

To exercise any of these rights, contact us at privacy@sageclinics.com.au.

8. Cookies & Analytics

We use essential cookies to maintain your session and preferences. We may use analytics tools to understand how the Platform is used. You can disable non-essential cookies in your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or notice on the Platform. The "Last updated" date at the top reflects the most recent revision.

10. Contact

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your information:

Sage Clinics Pty Ltd
Privacy Officer
Email: privacy@sageclinics.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.