Legal
Privacy Policy
DozeDoc Pty Ltd (“DozeDoc”, “we”, “us”) is building an anaesthetic practice app for Australia. The product is currently in pre-alpha — what exists today is this website and a waitlist form. Even at this stage we want to be clear about the personal information we collect now, what we plan to collect once the app exists, and the rights you have under Australian privacy law.
This policy explains what personal information we collect, how we use it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. What we collect
Today: waitlist data
When you join the alpha waitlist, we collect what you enter into the form: first name, last name, email, your practice type (private only, both public and private, public only, ANZCA trainee, or other), and three optional fields — state or city, your current logbook, and your current billing software. You can also check a box indicating you would consider joining the alpha cohort.
Once the app exists: account and case data
From the alpha onwards we will collect:
- Account and profile data — your name, email, professional role (consultant, registrar, fellow, trainee), training body (ANZCA / other), AHPRA registration number where applicable, and practice details such as the hospitals you work at.
- Pre-op, intra-op, and case content — the content you choose to enter, including patient identifiers and demographics where billing and invoicing require them, comorbidities, drugs, times, procedures, consent notes, intra-op events, and post-op recovery notes.
- Billing and invoicing data — MBS item numbers, fee schedules, ECLIPSE claim payloads, patient invoice records, fund and payer details, and payment receipts. Needed to operate the billing tier.
- Device and diagnostic data — app version, operating system, crash reports, and aggregate usage metrics. Used to keep the app stable and improve it.
2. How we use it
We use the information above to:
- Provide, secure, and improve the DozeDoc service;
- Generate hospital-ready pre-op printouts, intra-op records, logbook entries, and CPD evidence from the cases you enter;
- Submit ECLIPSE claims to Medicare and to private health funds at your direction, on a per-case basis;
- Issue patient invoices on your behalf from inside the case record when you authorise it;
- Send transactional emails (sign-in links, sync notifications, billing receipts);
- Send you product updates about the alpha — you can opt out at any time;
- Detect, prevent, and respond to fraud, abuse, or security incidents;
- Comply with our legal obligations.
We do not sell your personal information. We do not use your case, patient, or billing content to train machine-learning models.
3. Where we store it
Personal information is stored in Australia, on AU-resident infrastructure. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Our cloud provider is certified to ISO/IEC 27001.
Backups and disaster-recovery copies remain within Australian jurisdiction. We do not transfer your case, patient, or billing data overseas without your consent, except as described in section 4 below.
4. Who we share it with
We share personal information only with the small set of service providers we need to run DozeDoc:
- Hosting provider — an AU-resident cloud provider stores your case, account, and billing data.
- Resend (transactional email delivery) — receives your email address solely to send you the messages you have asked us to send. Resend may process this outside Australia under appropriate contractual safeguards.
- Payment processor (post-alpha) — for your DozeDoc subscription. We never see or store your full card number.
- Medicare / Services Australia and Australian private health funds (billing tier, post-alpha) — when you submit an ECLIPSE claim, we transmit the claim data you have authorised to the relevant payer on a per-case basis. We are not your billing agent in a fiduciary sense; we transmit what you submit.
We will only disclose your information beyond these providers where we are required by Australian law (for example, a valid court order) or where you have given us explicit consent.
5. Cookies and similar technologies
DozeDoc's cookie footprint is deliberately small. We do not use third-party advertising cookies, cross-site trackers, or analytics that build a profile of you. The full list of cookies the site and the app will use is on our Cookies page.
6. Your rights
Under the Privacy Act and the APPs you may:
- Access the personal information we hold about you;
- Correct it if it is inaccurate, out of date, incomplete, or misleading;
- Delete your account and the personal information associated with it, except where we are legally required to retain it (for example, billing and tax records);
- Export your case and logbook content in a machine-readable format at any time;
- Withdraw consent to marketing communications by using the unsubscribe link in any email, or by emailing us.
To exercise any of these rights, email us at legal@dozedoc.com. We will respond within 30 days.
7. How long we keep it
We retain your account, case, and billing data for as long as you have an active DozeDoc account. If you close your account we will delete or de-identify your personal information within 90 days, except where retention is legally required — typically up to seven years for billing records under ATO requirements.
Waitlist data is kept until you ask us to remove you, or for 24 months after your last interaction with us, whichever is sooner.
8. Security
We use industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, least-privilege access for staff, code review, dependency scanning, and time-bounded production access logs. No system is perfectly secure; if we ever become aware of a data breach affecting you we will notify you and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.
9. Children
DozeDoc is a professional tool for medical practitioners. It is not directed at, and is not for use by, anyone under 18. We do not knowingly collect personal information from minors.
10. International users
DozeDoc is being built for Australian medical practitioners in the first instance. We are building the product to comply with Australian privacy requirements from day one, and to meet UK and EU privacy requirements as we expand into those markets. If you sign up from outside Australia, you should know that your information will be stored in Australia and handled under Australian privacy law.
11. Changes to this policy
We may update this policy from time to time. When we do, we will change the “Effective” date at the top of this page. If the changes are material — for example, a change in how we share data or who processes it — we will email account holders before they take effect.
12. Contact us
Our Privacy Officer can be reached at legal@dozedoc.com.
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
DozeDoc Pty Ltd · Perth, Western Australia, Australia