Privacy Policy

maeda is an Australian healthcare technology company providing an AI-powered clinical documentation platform. Our platform assists healthcare professionals with consultation recording, SOAP note generation, clinical document creation, and post-consultation form auto-fill.

References to "maeda", "we", "us", or "our" in this policy refer to the entity operating the maeda platform.

We collect information in the following categories:

We use the information we collect to:

• Provide, operate, and maintain the maeda platform and its features
• Process consultation recordings and generate AI-assisted clinical documentation
• Enable patient screening, eligibility assessments, and form workflows
• Authenticate users and manage account access
• Process subscription payments and issue invoices
• Send transactional communications (e.g., account confirmations, usage alerts)
• Improve platform performance, reliability, and AI model quality
• Comply with legal obligations under Australian law

We do not use patient health information for advertising purposes, and we do not sell any personal information to third parties.

All data processed and stored by maeda is held on infrastructure located in Australia. We do not transfer your primary data or clinical records to servers outside Australia except where noted below under Third-Party Services.

We apply the following security controls:

• Encryption at rest: All stored data, including consultation recordings, transcriptions, and clinical documents, is encrypted using AES-256.
• Encryption in transit: All data transmitted between your device and our servers is protected using TLS 1.2 or higher.
• Access controls and authentication: User accounts are managed with multi-factor authentication support. Role-based access controls limit data access to authorised personnel.
• Audit logging: Access to clinical data is logged for security and compliance review.

maeda processes patient health information on behalf of the healthcare providers who use our platform. In this context, the healthcare provider (doctor or clinic) is the primary data controller responsible for obtaining appropriate consent from patients before recording consultations or submitting patient data through our platform.

maeda acts as a data processor and handles patient health information solely to provide the agreed services. We do not access patient records for any purpose outside of service delivery, technical support, and legal compliance.

Healthcare providers using maeda must comply with their own obligations under the My Health Records Act 2012, the Privacy Act 1988, and applicable state privacy legislation. maeda will cooperate with healthcare providers in meeting these obligations.

maeda uses a limited number of trusted third-party services to operate the platform:

• Cloud infrastructure provider: Cloud infrastructure, storage, authentication, and AI services. All data is processed and stored in Australia under the provider's Data Processing Addendum.
• Payment processor: Subscription payments are handled by a PCI DSS-compliant third-party provider. We do not store full payment card details on our servers.
• Email delivery: Transactional emails (account notifications, invitations) are sent via a managed email delivery service.

Where any third-party service involves the transfer of personal information outside Australia, we take reasonable steps to ensure that service applies protections consistent with the Australian Privacy Principles.

maeda complies with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). In particular:

• APP 1, Transparency: We maintain this policy to clearly explain our privacy practices.
• APP 3, Collection of solicited personal information: We only collect personal information that is reasonably necessary for our platform functions.
• APP 5, Notification: We inform individuals about the collection of their personal information at or before the time of collection.
• APP 6, Use and disclosure: Personal information is only used or disclosed for the primary purpose for which it was collected, or for directly related secondary purposes.
• APP 11, Security: We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
• APP 12, Access and correction: Individuals may request access to and correction of their personal information held by us.

We retain personal information only for as long as necessary:

• Account data: Retained for the duration of your active subscription, plus 7 years after account closure to meet Australian legal and tax obligations.
• Clinical documentation: Consultation recordings, transcripts, and generated documents are retained for 7 years from creation, in line with medical record-keeping requirements for adult patients.
• Patient form submissions: Screening and assessment form data is retained for 7 years unless a longer period is required by applicable healthcare regulations.
• Usage/technical logs: Typically retained for 90 days for security and diagnostic purposes.

Upon account deletion, we will securely delete or de-identify personal information within a reasonable timeframe, except where retention is required by law.

Subject to the Australian Privacy Act 1988, you have the right to:

• Request access to personal information we hold about you
• Request correction of inaccurate, incomplete, or out-of-date personal information
• Withdraw consent to the collection or use of your personal information (subject to any legal obligations to retain records)
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you believe your privacy rights have been breached

To exercise any of these rights, please contact us using the details in Section 11.

maeda uses essential cookies and similar technologies to operate the platform, maintain user sessions, and protect against fraud. We do not use third-party advertising cookies or cross-site tracking technologies.

You may configure your browser to refuse cookies, however this may affect the functionality of the platform.

For any privacy-related questions, access requests, corrections, or complaints, please contact us:

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify registered users of material changes via email or an in-platform notice. Continued use of the platform after such changes constitutes acceptance of the updated policy.

The current version of this policy was last updated in March 2026.