Personal information collection notice

1. Who collects the information

Janet Cares is operated by Work Healthy Australia Pty Ltd(the “Practice”), the data controller for the purposes of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What we collect

• Identifiers: full name, date of birth, postal address, mobile phone, email address.
• Sensitive health information: medical history, current medications, allergies, family history (including causes of death of parents and grandparents), lifestyle factors (smoking, alcohol, exercise, sleep, diet, stress), height, weight, sex assigned at birth and gender identity.
• Files you upload: blood work, imaging reports, genetic and microbiome reports, and other pathology you choose to share.
• Account & technical data: hashed password (via Supabase Auth), IP address and browser user-agent at the time of consent acceptance, billing identifiers (via Stripe).

3. Why we collect it (purposes)

• To generate your biological-age estimate, domain risk scores and personalised protocols (the core service).
• To enable a registered clinician to review and approve recommendations.
• To send transactional email related to your account.
• To meet our record-keeping obligations under AHPRA and the Privacy Act.

4. Who we disclose it to

We use third-party processors to run the service. Each is bound by a written data-processing arrangement and is named here so you have full visibility:

• Supabase (database, authentication, file storage) — hosting region: configured AU/EU. Service role keys are server-only.
• Anthropic(the “Janet” AI that reads your uploads and generates narrative) — processed in the United States. See APP 8 cross-border disclosure below.
• Stripe (payment processing) — payment card data goes direct to Stripe and is not stored on our servers.
• Resend (transactional email).

We do not sell or rent your information. We do not use your data to train third-party AI models.

5. APP 8 — cross-border disclosure

Some processors (notably Anthropic and Resend) process data outside Australia. By accepting the consent toggles you acknowledge this. We take reasonable steps to ensure overseas recipients comply with the APPs, but you should be aware that overseas privacy laws may differ from the Privacy Act.

6. Consequences of not providing information

Most of the questionnaire is optional and you may skip questions you don’t wish to answer; this will reduce the precision of your risk scores. If you decline mandatory consents (data processing, the “not medical advice” acknowledgement, or terms of service) we cannot provide the service.

7. Access, correction and complaints

You may request access to or correction of your personal information at any time by emailing privacy@workhealthyaus.com.au. If you believe we have breached the APPs, please raise a complaint with us in the first instance; if unresolved you may complain to the Office of the Australian Information Commissioner (OAIC).

8. Retention

Health records are retained for at least 7 years from the date of last service for adults, and until age 25 for records about minors, in line with Australian medical-record retention requirements.