← Back to Tele360

Privacy Policy

Last updated: 26 March 2026

About this policy

Black Health Intelligence Pty Ltd (ABN 23 693 026 112) ("we", "us", "our") operates Tele360, an Australian practice management system for healthcare providers. We are bound by the Australian Privacy Principles ("APPs") contained in the Privacy Act 1988 (Cth) ("Privacy Act").

This Privacy Policy explains how we collect, use, store, disclose and protect personal information, including health information, in accordance with the Privacy Act and applicable state and territory legislation.

We also comply with:

  • Privacy Act 1988 (Cth), including the Australian Privacy Principles
  • Health Records Act 2001 (Vic)
  • Health Records and Information Privacy Act 2002 (NSW)
  • Health Records (Privacy and Access) Act 1997 (ACT)
  • Spam Act 2003 (Cth)
  • My Health Records Act 2012 (Cth)

What information we collect

Healthcare provider information

When a healthcare provider registers to use Tele360, we collect:

  • Name, email address, phone number
  • Professional details: AHPRA registration number, Medicare provider number, HPI-I, specialty, qualifications
  • Practice details: clinic name, ABN, HPI-O, address, NASH certificate
  • Billing information and Stripe payment details for subscriptions

Patient information

Healthcare providers using Tele360 enter patient information into the system. This may include:

  • Name, date of birth, gender, contact details (phone, email, address)
  • Medicare number, IRN, DVA number, IHI number
  • Health information: allergies, current medications, medical history, family history, social history
  • Clinical notes, consultation records, prescriptions, pathology and radiology results
  • Appointment history, consent records, invoices and payment records
  • Emergency contact details

Healthcare providers are responsible for obtaining their patients' consent to store patient information in Tele360 and for ensuring patients are aware of this Privacy Policy.

Patient portal information

When patients use the Tele360 patient portal, we collect:

  • Email address (for magic link authentication)
  • Profile updates submitted by the patient (phone, address, emergency contact)
  • Payment card details (processed by Stripe — we only store the last 4 digits and card brand, never the full card number)

Automatically collected information

When you access our website or services, we may automatically collect:

  • IP address, browser type, device information
  • Pages visited, time and date of access
  • Cookies and similar tracking technologies

How we use your information

We use personal and health information to:

  • Provide the Tele360 practice management service to healthcare providers
  • Enable clinical record-keeping, appointment management, billing and invoicing
  • Process Medicare, DVA and private health insurance claims
  • Generate clinical documents (referral letters, prescriptions, medical certificates)
  • Provide AI-assisted documentation (clinical note generation, results analysis) — used as documentation aids only, not clinical decision support
  • Send appointment reminders and clinical communications
  • Process payments via Stripe
  • Provide customer support and respond to enquiries
  • Comply with legal obligations, including mandatory reporting requirements
  • Maintain audit logs for clinical safety and regulatory compliance

AI-assisted features

Tele360 uses artificial intelligence to assist with clinical documentation (such as note generation from consultation transcripts and pathology result analysis). These features are documentation aids only and do not provide clinical decision support, diagnosis, or treatment recommendations. All AI-generated content is reviewed and approved by the treating healthcare provider before being finalised.

AI processing is performed using third-party language models (OpenAI, Anthropic) via secure API connections. No patient-identifiable information is used to train these models. Prompts include clinical content but are processed transiently and not retained by the AI providers for training purposes.

How we store and protect your information

Personal and health information is stored in:

  • Supabase (PostgreSQL database) hosted in the Asia-Pacific region (ap-northeast-2, Seoul). All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Vercel (application hosting) — serverless infrastructure with automatic HTTPS.
  • Stripe (payment processing) — PCI-DSS Level 1 certified. We never store full card numbers.

Security measures include:

  • Row-Level Security (RLS) on all database tables, ensuring each clinic can only access their own data
  • Multi-tenant isolation via clinic_id on every data record
  • Role-based access control with 6 practitioner role levels
  • Immutable audit logging of all critical operations
  • Session-based authentication with automatic token refresh
  • HTTPS enforced on all connections

Disclosure of personal information

We may disclose personal information to:

  • Services Australia — for Medicare and DVA claims processing
  • Parchment Health — for electronic prescribing (eRx token generation)
  • Pathology and radiology laboratories — for order transmission and result receipt
  • Stripe — for payment processing
  • Resend — for transactional email delivery (appointment reminders, clinical communications)
  • AI providers (OpenAI, Anthropic) — for clinical documentation assistance (transient processing only)
  • Law enforcement or regulatory bodies — where required by law

We will never sell patients' or consumers' identifiable personal information to third parties.

Disclosure outside Australia

Some of our service providers are located outside Australia:

ServiceLocationPurpose
SupabaseAsia-Pacific (Seoul)Database hosting
VercelUnited StatesApplication hosting
StripeUnited StatesPayment processing
ResendUnited StatesEmail delivery
OpenAIUnited StatesAI documentation assistance
AnthropicUnited StatesAI documentation assistance

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure they comply with the APPs or are subject to a law or binding scheme substantially similar to the APPs.

Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyse usage of our services. You can disable cookies through your browser settings, but some features of Tele360 may not function correctly without them.

Accessing and correcting your information

Under APPs 12 and 13, you have the right to request access to the personal information we hold about you and to request its correction. Healthcare providers can access and correct patient information through the Tele360 application. Patients can access and update certain information through the patient portal.

To request access to or correction of your personal information, contact us at privacy@tele360.com.au.

We may need to verify your identity before providing access. In some circumstances, we may not be able to provide access — if so, we will explain why.

Data retention

Clinical health records are retained in accordance with Australian healthcare record retention requirements. In most jurisdictions, health records must be retained for a minimum of 7 years from the date of last entry (or until the patient turns 25, whichever is later, for records of patients who were children).

When a healthcare provider terminates their Tele360 subscription, we will provide data export facilities. Clinical records are not deleted until the provider confirms they have been migrated to another system, in compliance with record retention obligations.

Making a complaint

If you believe we have breached the Privacy Act or mishandled your personal information, please contact us at privacy@tele360.com.au. Include your name, contact details, and a description of your complaint.

We will acknowledge your complaint within 5 business days and respond with a resolution within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Changes to this policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

Contact us

For questions about this Privacy Policy or our privacy practices: