How HealthPulse collects, uses, stores, and protects your practice data. Written in plain language and designed to be read.
This privacy notice explains how HealthPulse collects, uses, stores, and protects information when working with health practices in Australia. It is written to be read in plain language and to set out commitments we are willing to keep.
HealthPulse provides practice intelligence services to health practices, including dental, allied health, general practice, and veterinary clinics. This notice covers the entire engagement, from the first enquiry through to the delivery of your Practice Health Review and any subsequent work.
HealthPulse is operated by Dr Franco Mignone, a registered dental practitioner based in Adelaide, South Australia. Where this notice refers to "we" or "us," it refers to HealthPulse.
Our position on privacy is structurally simple: we do not need patient identifying information to do our work, and so we do not collect it.
Practice management software contains two broad categories of data. The first is patient identifying information, including names, dates of birth, contact details, addresses, and clinical notes. The second is operational data, including appointment outcomes, revenue figures, procedure codes, recall histories, and cancellation patterns. The first category lets you identify a specific person. The second tells the story of how a practice runs.
Our work is built on the second category. We never request, never accept, and have no use for the first. Our export guides walk practices through the process of stripping identifying columns before any data is shared with us.
We will not knowingly receive patient names, dates of birth, contact details, addresses, or clinical notes. Where such information appears in error, it will be deleted on receipt and the practice notified.
We collect three categories of information across the course of an engagement.
Including the practice name, your name and role, business email and phone, the practice management software you use, and the engagement type you have selected. This is the standard information needed to deliver a professional service.
Appointment outcomes, scheduling information, procedure codes and descriptions, revenue and invoicing figures, recall histories, practitioner allocations, and similar data. This is the data we analyse.
Emails, meeting notes, walk-through call summaries, and any documents shared during the engagement.
We do not collect, request, or accept patient identifying information of any kind. If you are unsure whether a particular field constitutes patient identifying information, please raise it before exporting. We will help you determine whether it should be stripped.
We use the information you share with us only for the purpose of delivering your engagement. Specifically:
We do not sell, trade, or share your data with third parties for marketing purposes. We do not use your data to inform our work with other practices in any way that could identify you or your business.
This section describes how your data is handled in the current phase of HealthPulse. As our infrastructure grows, this section will be updated accordingly.
Customers transmit practice data to HealthPulse via two routes. The first is encrypted email to hello@healthpulse.com.au. The email service used is Google Workspace, which encrypts emails in transit using TLS 1.2 or higher, the same standard used by Australian banks. The second is direct upload to the HealthPulse client area at healthpulse.com.au/client-area, also using TLS encryption in transit.
Once received, files are stored on encrypted local computer storage. The device used for analysis runs full-disk encryption (Apple FileVault using AES-256) and is protected by a strong login password and automatic screen lock. Files are kept in a dedicated working folder for the duration of the engagement and are not synchronised to public cloud services.
Where third-party cloud services are used for transmission or temporary storage, those providers maintain their own encryption at rest using AES-256 or equivalent standards. We do not use any cloud storage providers that lack encryption at rest.
Access to your files is limited to Dr Franco Mignone, the sole operator of HealthPulse at this stage. No other person has access to customer data. Where HealthPulse grows to include additional analysts, this notice will be updated and existing clients informed before any change takes effect.
Files you upload are deleted within 30 days of the completion of your engagement.
The Practice Health Review and associated analysis files we produce for you are retained for 7 years, in line with Australian record-keeping obligations for professional services. You may request earlier deletion at any time and we will comply within 30 days, except where we are legally required to retain a copy.
Emails and meeting notes are retained for 7 years for the same reasons.
Where we use aggregated data to inform benchmarks or improve HealthPulse, this data is fully de-identified and cannot be linked back to your practice. Aggregated data may be retained indefinitely.
You may request deletion of your data at any time by emailing hello@healthpulse.com.au. We will action requests within 30 days, except where retention is required by law. We will confirm in writing what has been deleted.
HealthPulse uses AI-powered analytical tools as part of our process, to help identify patterns in your operational data.
AI is used as an analytical assistant. It helps us work through your operational data efficiently, identify patterns that warrant further investigation, and structure findings. The AI does not make recommendations to you, does not produce your Practice Health Review unsupervised, and does not have any direct contact with you or your practice.
All clinical interpretation, judgement, and recommendations come from Dr Franco Mignone personally. The AI accelerates the analytical work. It does not replace clinician judgement.
Only the operational data you upload to HealthPulse. Patient identifying information is never shared with the AI provider because it is never collected by HealthPulse in the first place.
If you would prefer that AI is not used in the analytical processing of your data, please tell us before the engagement begins. We can produce the analysis using manual methods only, though this may extend turnaround time.
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have specific rights regarding the information held about your practice.
You can ask what information we hold about you and your practice at any time. We will provide a copy within 30 days, free of charge.
If any information we hold is inaccurate or out of date, you can ask us to correct it. We will action the correction within 14 days.
You can request deletion of your data at any time. We will action the request within 30 days unless legally prevented from doing so.
If you believe we have mishandled your information, you may raise the concern with us at hello@healthpulse.com.au and we will respond within 14 days. If you are not satisfied with our response, you can escalate the complaint to the Office of the Australian Information Commissioner at oaic.gov.au.
In the unlikely event that your data is exposed or accessed without authorisation, we commit to the following:
This notice may be updated as HealthPulse grows or as our practices evolve. Where changes are material, for example the introduction of new third-party services or changes to data retention periods, we will notify existing clients by email and post the updated version with a new effective date.
Minor changes such as wording clarifications will be reflected on this page without individual notification. The version number and effective date are shown at the top of this page.
If you have any questions about this notice, your data, or any other privacy matter, email hello@healthpulse.com.au. We respond to all privacy enquiries within 5 business days.
This notice exists to make our commitments explicit. We have built HealthPulse deliberately to need less of your data than traditional consulting requires, and we treat what you do share with the seriousness it deserves. If anything here is unclear, or if you would like a particular commitment expanded into a formal written agreement, we are happy to do so.