DORSUM.AI PTY LIMITED, ABN 82 671 574 897, ACN 671 574 897, based in New South Wales Australia ( “Dorsum”, “we”, “us” ), handles personal information in line with the Australian Privacy Principles and, where relevant, the General Data Protection Regulation.

1. Scope

This policy covers our web app, Chrome extension, and any service that links to it. It applies to clinicians, clinic administrators, and internal staff in Australia and Canada.

2. Data we collect

• Account data – name, email, password hash, role, registration numbers.
• Patient data – notes, audio recordings, demographic details entered by users.
• Technical data – IP address, device details, error logs recorded by LogRocket.
• Payment data – subscription details handled by Stripe. Card numbers never reach our servers.

3. How we use the data

• Run AI transcription and EMR integrations.
• Authenticate users and protect accounts.
• Improve reliability and fix bugs.
• Meet legal and regulatory duties.

4. Legal basis

Where GDPR applies, processing relies on consent, contract performance, legitimate interest, or legal obligation.

5. Security and retention

• All data is encrypted in transit and at rest.
• Access is limited by role based permissions.
• Patient data retention is set by each clinic. The default deletion period is ninety days.
• Operational logs stay for up to twelve months. Backups stay for thirty days.

6. Your rights

You may ask to access, correct, or delete personal data. If data has already been deleted under clinic settings it cannot be restored.

7. Complaints

Contact us first with any privacy concern. Unresolved issues may be taken to the Office of the Australian Information Commissioner or, for EU or UK users, the local data protection authority.

8. Changes

We update this policy when practices change. A new version and date will appear on this page.

9. Contact

Email [email protected]