Askavi Pty Ltd (“Askavi”, “we”, “us”, “our”) is committed to protecting the privacy of every person who uses our platform. This Privacy Policy explains how we collect, use, store, disclose, and protect personal information — including health and sensitive information — in accordance with Australian law.

This policy applies to all users of the Askavi platform, including individuals seeking health and wellness support, proxy users (e.g. HR managers, GPs, carers referring on behalf of others), and registered provider organisations.

By using Askavi, you agree to the collection and use of information in accordance with this policy. We encourage you to read it fully.

Askavi Pty Ltd (ABN: XX XXX XXX XXX) is an Australian company based in Melbourne, Victoria. We operate an AI-assisted mental health triage and referral navigation platform that connects individuals to appropriate health and wellness service providers across Australia.

Askavi is not a registered health service provider, clinical practice, or mental health service. We facilitate navigation and referral, not clinical treatment or advice.

Our Privacy Officer can be contacted at the details listed in Section 16.

The information we collect depends on how you interact with us. It may include:

• Name, date of birth, and contact details (phone, email, address)
• Preferred method of communication
• Location (suburb or postcode, used for provider matching)
• Language preferences and interpreter requirements

Health information is classified as sensitive information under the Privacy Act and receives the highest level of protection. We may collect:

• The nature of the health concern or presenting issue you describe
• Mental health history (only as volunteered by you)
• Medicare eligibility status (not your Medicare number, unless you provide it)
• Disability or access needs relevant to service matching
• Cultural, linguistic, or community background relevant to finding an appropriate provider

For registered providers, we collect business and professional information including AHPRA registration details, practice address, specialties, availability, and billing arrangements.

• Device type, browser, and IP address
• Pages visited and interaction patterns (analytics)
• Communication channel used (web, SMS, WhatsApp, voice)

We collect information:

• Directly from you — through conversations via our web chat, SMS, WhatsApp, phone, or voice interface
• From a proxy referrer — where an employer, GP, school counsellor, or carer initiates a referral on your behalf (in this case, we will seek your consent before collecting further information)
• From providers — when a provider confirms or updates a referral outcome
• Automatically — through cookies, server logs, and analytics tools when you use our website

We will always provide a collection notice at or before the point of collection, explaining why we are collecting information and what we will do with it.

We collect personal and sensitive information for the following primary purposes:

• To understand your health and wellness support needs
• To match you with an appropriate, available provider
• To facilitate a warm referral or handoff to that provider
• To send you confirmation of your referral and follow-up information
• To operate, improve, and secure our platform
• To comply with legal obligations

We will not use your information for any purpose beyond these without your explicit consent.

Your information is used primarily to match you with a provider and to communicate that referral. This is the core function of our service.

With your explicit consent, we disclose the minimum necessary information to your matched provider to facilitate the referral. This typically includes your name, contact details, the nature of the presenting issue, and your consent to be contacted.

We may use de-identified and aggregated data to improve our matching algorithm, report on service usage, or publish anonymised insights. This data cannot be used to identify you.

• Sell your personal information to third parties
• Use your sensitive information for direct marketing
• Share your health information with any party other than your matched provider and our operational service providers (see 6.5)
• Disclose your information to advertisers

We use third-party software and infrastructure providers (such as cloud hosting, communication platforms, and analytics tools). These providers act on our instructions and are bound by privacy obligations equivalent to those in this policy. See Section 10 regarding cross-border disclosure.

We may disclose information if required by law, court order, or regulatory body, or where we believe disclosure is necessary to prevent serious harm to you or another person.

Under APP 3 and the Health Records Act 2001 (Vic), we must obtain your explicit consent before collecting, using, or disclosing sensitive information, including health information.

Consent is sought via a clear, plain-English statement at the beginning of your interaction with Askavi, and again before any referral is made. You may give consent digitally (by clicking accept, responding “yes”, or equivalent) or verbally during a voice call (recorded for compliance purposes).

You may withdraw your consent at any time by contacting us at privacy@askavi.com.au. Withdrawal does not affect the lawfulness of any processing that occurred before withdrawal.

You may begin a conversation with Askavi anonymously. We will ask for identifying information only when necessary to facilitate a referral. You are not required to provide your name or contact details to receive general guidance.

We take reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of data at rest and in transit (TLS 1.2+ and AES-256)
• Multi-factor authentication for all staff and provider access
• Role-based access controls — only authorised personnel can access personal data
• Audit logs for all access, viewing, editing, and sharing of personal data
• Secure, Australian-hosted cloud infrastructure where practicable
• Annual security audits and penetration testing
• Regular staff privacy and cybersecurity training

We do not transmit sensitive health information via unencrypted SMS or unencrypted email. All referral communications use secure, encrypted channels.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, and in accordance with our legal obligations.

• Referral records: Retained for 7 years from the date of referral, consistent with health records legislation in Victoria
• Anonymous session data: Deleted at end of session or within 30 days
• Provider records: Retained while the provider remains registered on the platform, and for 7 years thereafter
• Marketing enquiry data: Retained for 2 years or until consent is withdrawn

When personal information is no longer required, we securely destroy or de-identify it. Digital records are permanently deleted using industry-standard wiping protocols. Paper records (if any) are cross-cut shredded.

You may request early deletion of your information by contacting our Privacy Officer (see Section 16), subject to our legal retention obligations.

Some of our infrastructure and third-party service providers may process or store data outside Australia (for example, in the United States or European Economic Area). Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient is subject to privacy protections that are substantially similar to the APPs, or we obtain your consent.

Our primary AI processing providers are bound by contractual privacy obligations and operate under frameworks that meet or exceed Australian standards. We maintain an up-to-date register of our approved third-party vendors.

You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. In most cases, access is free of charge. We may refuse access on limited grounds permitted by law, in which case we will explain why.

If you believe information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will make corrections promptly and, where relevant, notify any third parties to whom we have disclosed the incorrect information.

Submit your access or correction request to privacy@askavi.com.au. We will verify your identity before releasing any information.

We comply with the Notifiable Data Breaches (NDB) Scheme under Part IIIC of the Privacy Act. If we suffer a data breach that is likely to result in serious harm to any affected individual, we will:

• Contain the breach immediately
• Assess the breach within 30 days to determine whether notification is required
• Notify the Office of the Australian Information Commissioner (OAIC) if the threshold is met
• Notify all affected individuals as soon as practicable

We maintain a Data Breach Log and an Incident Response Plan that is reviewed and tested annually.

If you suspect a breach involving your information, please contact us immediately at privacy@askavi.com.au.

Our website uses cookies and similar technologies to improve user experience and to collect analytics data. Cookies are small text files stored on your device.

We use:

• Essential cookies — required for the website to function correctly
• Analytics cookies — to understand how visitors interact with the site (no personal health data is collected via analytics)

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our platform. We do not use advertising or tracking cookies.

Askavi may be accessed by young people aged 15 and over. For users under 18, we take additional care and, where a parent or guardian is initiating a referral on behalf of a minor, we require parental or guardian consent before collecting or disclosing health information about the minor.

If you are under 15 and require urgent mental health support, please contact a crisis service directly: Kids Helpline 1800 55 1800 or Lifeline 13 11 14.

If you believe we have mishandled your personal information, please contact our Privacy Officer in the first instance at privacy@askavi.com.au. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC)
  oaic.gov.au · 1300 363 992
• Health Complaints Commissioner (Victoria)
  hcc.vic.gov.au · 1300 582 113