— Legal

Privacy Policy

How we collect, use, store and protect personal information — including patient information we handle on behalf of clinics.

Last updated: 24 May 2026 · TRIAGENTS PTY LTD · ABN 60 698 265 002

Last updated: 24 May 2026

Overview

TRIAGENTS PTY LTD (ABN 60 698 265 002) ("Triagents", "we", "us") operates the triagents.ai website and the Triagents platform — a clinical triage layer comprising TriageVoice, TriageChat and TriageFlow. This Privacy Policy explains how we handle personal information when you visit triagents.ai and when you interact with our products as a clinic, clinician, employee, supplier, or member of the public.

Patient information that we handle on behalf of a clinic is treated as the clinic's data. Our handling of that information is governed by the contract between us and the clinic, and by the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth).

This Policy is written to satisfy our obligations under APP 1. By using triagents.ai, you agree to the practices described here.

Who we are

TRIAGENTS PTY LTD is an Australian proprietary limited company registered in Victoria, ABN 60 698 265 002. Our registered office is in Melbourne, Victoria, Australia. Where we act as a "contracted service provider" to a clinic, the clinic is the APP entity primarily responsible for patient information; we handle that information solely in line with their instructions and our contract with them.

What information we collect

From website visitors

  • Identifiers you provide: name, email, phone, clinic name, role.
  • Marketing preferences and unsubscribe state.
  • Technical metadata: IP address (truncated), browser, referrer, pages viewed, timestamps.

From clinics (our customers)

  • Business contact details for the personnel who administer the platform.
  • Billing and payment details (processed by our payment processor; we do not store full card numbers).
  • Configuration data — clinical rules, escalation logic, opening hours, FAQ content.

From patients and callers (handled on behalf of clinics)

  • Identifiers shared during a call or chat: name, date of birth, contact details, referring practitioner.
  • Reason for contact and intent (booking, FAQ, reschedule, referral, emergency).
  • Call audio and transcript; chat transcript.
  • Health information disclosed by the patient solely for the purpose of triage and booking.

We collect only what is reasonably necessary to provide the service. We do not knowingly collect information about children outside the context of a clinic interaction where the parent or guardian is providing it.

How we use it

We use personal information for the following purposes:

  • To operate, maintain and improve the platform.
  • To deliver the contracted service to clinics — triaging calls and chats, booking appointments, escalating to staff.
  • To respond to enquiries you make through triagents.ai.
  • To send service-related communications (uptime, security notices, contract notices).
  • To send marketing communications where you have consented (you can unsubscribe at any time).
  • To comply with our legal obligations (tax, audit, regulator requests).

We do not sell personal information. We do not use patient information to train general-purpose AI models. Where models are fine-tuned on clinic data, this is done under contract, within the clinic's jurisdiction, and with the clinic's documented consent.

Disclosure to third parties

We disclose personal information only:

  • To the clinic that owns the patient relationship.
  • To service providers acting on our behalf (cloud hosting, telephony, payment processing, customer support) — each bound by confidentiality and data-processing terms.
  • Where required by law, court order or regulator (e.g. the Office of the Australian Information Commissioner).
  • In connection with a sale, merger, or restructure — subject to the acquirer agreeing to honour this Policy.

Where data is stored

Patient data is stored in the same jurisdiction as the clinic. Australian clinics are hosted on Amazon Web Services Sydney (ap-southeast-2). United States clinics are hosted in us-east-1. United Kingdom clinics are hosted in AWS Ireland. Data does not cross jurisdictions. Each region runs redundant dual-server architecture with a 99.5% uptime SLA and complies with the local privacy framework (Australian Privacy Act, HIPAA, UK GDPR).

Where a third-party processor needs to access data (for example, a telephony carrier to deliver a call), the processor is bound by contract to the same residency and protection standards.

Security

We protect personal information using a layered set of controls, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Strict access control with least-privilege defaults and role-based authorisation.
  • Multi-factor authentication for all administrative access.
  • Continuous logging, monitoring, and intrusion detection.
  • Annual independent security review.
  • Incident response and breach notification procedures aligned with the Notifiable Data Breaches scheme.

No system is 100% secure. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC as required by Part IIIC of the Privacy Act.

Retention

We retain personal information only for as long as it is needed for the purpose for which it was collected, then either delete or de-identify it:

  • Website enquiry data — 24 months from last contact.
  • Call recordings and transcripts — retained per clinic configuration (typically 90 days), then deleted.
  • Operational logs — 12 months, then de-identified.
  • Financial records — 7 years, as required by Australian tax law.

Your rights

Under the Australian Privacy Principles you have the right to:

  • Request access to the personal information we hold about you.
  • Request that we correct information that is inaccurate, out of date, incomplete or misleading.
  • Withdraw consent for marketing communications at any time.
  • Request that we delete information where we no longer have a lawful basis to retain it.

For information we hold on behalf of a clinic, you should contact the clinic directly. We will support the clinic in responding to your request.

To exercise your rights, contact our Privacy Officer at our contact form. We will respond within 30 days.

Cookies and analytics

We use a small number of essential cookies to operate the website, and (with consent where required) analytics cookies to understand aggregated usage. See our Cookie Policy for the full list and instructions to opt out.

Complaints

If you believe we have breached the APPs or this Policy, please contact our Privacy Officer at our contact form. We will acknowledge your complaint within 5 business days and respond substantively within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner: oaic.gov.au/privacy/privacy-complaints.

Changes to this policy

We may update this Policy from time to time. The current version is always available at triagents.ai/privacy, with the "Last updated" date at the top. Where changes are material we will provide reasonable notice (typically a banner on the website and, for customers, an email to the platform administrator).

Contact us

Privacy Officer
TRIAGENTS PTY LTD · ABN 60 698 265 002
Melbourne, Victoria, Australia
Email: our contact form