1. What Information We Collect
We may collect the following types of information:
 

A) Personal Information

• Name, email address, phone number

• Company/practice name

• Account login credentials

• Billing address and payment details
   

B) Client Health Information (Sensitive Data)

When used by allied health professionals, we may process:

• Client names and demographics

• Clinical notes, diagnoses, and session data

• Billing identifiers (e.g., NDIS number, Medicare number)

Sensitive health data is encrypted at rest and in transit.
 

C) Technical & Usage Information

• IP address, browser type, device details

• Pages visited and referral source

• Login timestamps and activity logs (for security & compliance)
   

D) Transaction Information

• Purchases, subscription details, invoices
   

E) Tracking & Analytics Data

Collected via:

• Cookies

• Google Analytics & Google Pixel

• Meta Pixel (Facebook/Instagram)

• LinkedIn Insight Tag
   

2. How We Collect Your Information

We collect information through:

• Account registration and subscription sign-up

• Direct communication (email, forms, customer support)

• Use of our Services (data input, uploads, clinical notes)

• Automatically, via cookies and tracking technologies

• Third-party service providers (e.g., payment processors, hosting providers)
   

3. Why We Collect and Use Your Information

We collect and use information for purposes including:

• Providing, maintaining, and improving our Services

• Processing payments and subscriptions

• Securely storing client and clinical data

• Responding to enquiries and providing customer support

• Sending service updates, invoices, and important notifications

• Monitoring performance and troubleshooting issues

• Marketing and advertising (with user consent, where required)

• Compliance with legal, professional, and regulatory requirements

We do not sell personal or client health data.
 

4. Use of Tracking Technologies (Meta Pixel, LinkedIn Insight Tag & Google Pixel)

Our Services use the following tracking tools:

• Meta Pixel (Facebook/Instagram) and LinkedIn Insight Tag:

These collect device, browser, IP address, and page visit data to:

• Measure and optimise ad campaigns

• Build remarketing audiences

• Analyse performance of content and campaigns

• Google Pixel & Google Analytics/Ads:

These tools allow us to:

• Measure the effectiveness of advertising campaigns

• Deliver more relevant ads (remarketing/retargeting)

• Track website conversions and user interactions

Important:

• We do not place advertising pixels on pages where users enter sensitive health or financial data.

• You can control or opt out of personalised ads in your Google, Meta, or LinkedIn account settings, or via browser settings.
   

5. Legal Basis for Processing (GDPR/UK users)

For users in the EU or UK, processing is based on:

• Your consent (Art. 6(1)(a))

• Contractual necessity (Art. 6(1)(b))

• Legal obligations (Art. 6(1)(c))

• Legitimate interests (Art. 6(1)(f))
   

6. Disclosure of Personal Information

We may share personal information with:

• Service providers (e.g., hosting, cloud storage, analytics, payment processors)

• Third-party platforms (Meta, Google, LinkedIn) for analytics/advertising

• Regulators, law enforcement, or legal authorities when required by law

• Business partners, in the event of a merger or acquisition

Some third parties may be located overseas (e.g., USA, EU). We take reasonable steps to ensure data is handled in accordance with the APPs, GDPR, or equivalent standards.
 

7. Data Storage and Security

We follow industry best practices:

• SSL encryption in transit

• AES-256 encryption at rest

• Role-based access controls

• Regular penetration testing and backups

Data is stored on secure servers located in Australia or other jurisdictions with adequate protections.
 

8. Access, Correction, and Your Rights

You have the right to:

• Request access to your personal information

• Correct inaccurate data

• Request deletion or anonymisation (subject to legal obligations)

• Withdraw consent to certain uses

• Object to processing for direct marketing

To exercise these rights, contact us (see Section 15).
 

9. Cookies and Consent

We use cookies to:

• Enhance user experience

• Track usage and analytics

• Enable secure sessions

If you are in the EU/UK, a cookie consent banner will be presented before non-essential cookies are stored.

You may disable cookies in your browser, but some features may not function properly.
 

10. Data Retention

We retain information:

• For the duration of your account

• As required by law (e.g., NDIS, Medicare record-keeping obligations)

• Up to 7 years after account closure (unless otherwise required)

Data will then be securely deleted or anonymised.
 

11. Children’s Privacy

Panellie is intended for use by healthcare professionals, not minors. Any client data involving children must be entered by qualified professionals with proper consent.
 

12. Third-Party Services

We may integrate with external services (e.g., Stripe, Xero, Medicare APIs). Each has its own privacy policy, which should be reviewed separately.
 

13. Updates to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website and/or communicated by email or in-app notifications. The updated date will always be shown at the top of this page.