Privacy Policy for MidwifeGenie

Last Updated: September 2, 2025

Introduction

Thank you for choosing to use MidwifeGenie ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application MidwifeGenie (the "App"). Our App provides AI-powered midwifery guidance and information sourced from trusted Australian healthcare resources. We understand the sensitive nature of health-related conversations and are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide to Us

When you use our App, we collect information that you voluntarily provide, including:

  • Account information (email address, name, and password if you create an account)
  • Conversation data, which may include personal health information that you share during your interactions with our AI based midwife
  • Demographic information you choose to share (such as age, pregnancy status, due date)
  • Feedback and survey responses
  • Technical support requests

Information We Collect Automatically

When you use our App, we automatically collect:

  • Device information (device type, operating system version, unique device identifiers)
  • App usage data (features used, time spent in the app, interaction patterns)
  • IP address and general location information (country/region)
  • Error logs and crash reports
  • Performance data related to how the AI responds to queries

Analytics Tools

We use Google Analytics to collect data about how you interact with our App. This analytics implementation:

  • Tracks app usage patterns including session duration, features used, and user flow through the application
  • Collects technical information such as device type, operating system, and app version
  • Does not track personal identifiers or conversation content
  • Is used solely for internal purposes to improve user experience and app functionality
  • Is configured to minimize data collection to what is necessary for our internal analysis

The analytics data helps us understand how users navigate our App, which features are most valuable, and where users might encounter difficulties, allowing us to make informed improvements to our service.

Conversation Data and Consent

All conversation data is saved only with your explicit consent. When you first use the App, you will be asked to provide clear permission before we store any of your conversations with our AI midwife. You can withdraw this consent at any time through your account settings, which will prevent future conversations from being saved. We want to be clear that your conversation data is never used for marketing purposes. This data is only used to:

  1. Provide you with a history of your previous interactions
  2. Improve the accuracy and relevance of our AI responses
  3. Train our models to better understand and address common pregnancy and midwifery questions

If you choose not to provide consent for saving conversations, you can still use the App, but your conversation history will not be retained after you close the session.

How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Improve Our Services

  • Deliver AI-powered midwifery information and support
  • Personalize your experience based on your interaction history
  • Maintain and improve the functionality and user experience of our App
  • Develop new features and capabilities

For Training and Quality Improvement

  • Train and refine our AI models to improve response accuracy and relevance
  • Analyze conversation patterns to identify areas for improvement
  • Review conversation samples for quality assurance and to ensure the AI provides accurate health information
  • Identify and fix technical issues

For Communication

  • Respond to your inquiries and support requests
  • Send service-related announcements and updates
  • Provide information about new features or services (with your consent)

What We Don't Do With Your Information

We are committed to protecting your privacy and maintaining your trust. Therefore, we do not:

  • Sell or rent your conversation data to third parties
  • Use your health information or conversations for marketing or advertising purposes
  • Share your personal information with data brokers
  • Create user profiles for advertising networks
  • Use your conversation data for any purpose beyond those explicitly stated in this policy

Internal Review and Analysis

Authorized administrators within our organization may access conversation data to:

  • Troubleshoot technical issues reported by users
  • Review AI responses to ensure accuracy of health information
  • Identify patterns that can help improve our service
  • Implement quality control measures

This internal access is strictly controlled, monitored, and limited to what is necessary to maintain and improve our services.

Special Note About Health Information

Our App is not a healthcare provider as defined by the Australian Privacy Act 1988 (Cth) and is not intended to replace professional medical advice, diagnosis, or treatment. However, we recognize that the information you share may constitute "sensitive information" under the Privacy Act, and we treat it with appropriate care.

While we are not a healthcare provider, we implement appropriate safeguards for the personal health information you share, including:

  • Encryption of data in transit and at rest
  • Access controls limiting which employees can view conversation data
  • De-identification procedures when using data for training purposes
  • Regular security assessments

We will always ask for your express consent before collecting any sensitive health information, and we will only use this information for the purposes described in this policy.

Data Retention

We maintain different retention periods for different categories of data, balancing our need to provide quality service, comply with legal obligations, and respect your privacy rights:

1. Account Information
  • Active accounts: Retained for as long as your account remains active
  • Dormant accounts: After 12 months of inactivity, we'll send a notification about potential account deletion
  • Deleted accounts: Account information is deleted within 30 days of account closure request
2. Conversation Data
  • Standard retention: Conversation history is retained for 12 months from the date of the conversation
  • After this period, conversations are automatically de-identified (removing all personal identifiers) but may be retained in anonymized form for AI training purposes
  • You can manually delete specific conversations at any time through the App interface
  • Using the "Delete My Data" function will immediately remove all your conversation history
3. Health-Related Information
  • Sensitive health information (e.g., due dates, pregnancy status) is retained only while actively relevant to providing you service
  • This information is automatically archived after your due date plus 3 months
  • Archived health information is completely deleted after an additional 9 months
4. Technical and Usage Data
  • App usage statistics and technical logs are retained for 90 days in identifiable form
  • After 90 days, this data is aggregated and de-identified
  • Google Analytics data is retained according to our analytics configuration (currently set to 14 months)
5. Backup Data
  • We maintain secure backups of all data for disaster recovery purposes
  • Backups are retained for 90 days
  • When you request data deletion, your data may remain in backups until those backups are cycled out (maximum 90 days)
6. Legal Compliance Data
  • Information we are legally required to keep (e.g., for tax purposes, regulatory compliance, or legal proceedings) may be retained for longer periods as required by law
  • This data is secured and access-restricted to only essential personnel
7. Support Communications
  • Customer support interactions are retained for 2 years to ensure continuity of service
  • After 2 years, support records are archived and retained for an additional year before deletion

Our retention periods are regularly reviewed and may be adjusted based on legal requirements, technological advancements, and business needs. Any significant changes to retention periods will be reflected in updates to this Privacy Policy.

Sharing of Information

We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who help us operate, improve, and maintain our App. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them. Our service providers include:

  • Cloud hosting services
  • Analytics providers
  • Customer support tools

We use Google Analytics to help us understand app usage patterns. Google processes this data on our behalf and in accordance with our instructions. For more information about Google's data practices, you can visit their Privacy Policy at https://policies.google.com/privacy.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our App of any change in ownership or uses of your personal information.

With Your Consent

We may share your information with third parties when we have your consent to do so.

Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information, including:

  • Encryption of data in transit using TLS
  • Encryption of sensitive data at rest
  • Regular security audits and vulnerability testing
  • Employee training on privacy and security practices
  • Access controls and authentication requirements

However, please be aware that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Internal Access Controls

Certain authorized administrators within our organization have access to conversation data through our secure backend database. This access is:

  • Limited to specific employees who need this access to perform their job functions
  • Protected by strong authentication measures
  • Logged and monitored for security purposes
  • Subject to strict confidentiality obligations
  • Granted only after appropriate privacy training

All internal access to user data is governed by our internal data access policy, which enforces the principle of minimum necessary access. This means administrators can only access the specific data needed to resolve technical issues, improve service quality, or fulfill their designated responsibilities.

Your Rights and Choices

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information in certain circumstances
  • Complaint: Lodge a complaint if you believe we have breached the APPs

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section. We will respond to all requests within 30 days. If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Data Deletion Mechanism

We provide a straightforward mechanism for you to delete all your conversation records and personal data from our systems:

  • Complete Data Deletion: Through your account settings, you can access the "Delete My Data" option, which allows you to permanently remove all your conversation history and personal information from our database.
  • Immediate Effect: When you request data deletion, your records are immediately marked for deletion and are no longer accessible through the App. Complete removal from backup systems may take up to 30 days.
  • Verification: For security purposes, we will verify your identity before processing a complete deletion request, typically through your account credentials or a verification email.
  • Confirmation: You will receive a confirmation email once your deletion request has been fully processed.
  • Exception for Legal Requirements: We may retain certain information if required by law, but this will be limited to what is legally necessary and will not be used for any other purpose.

This deletion mechanism gives you full control over your personal information and conversation history at all times.

Children's Privacy

Our App is not intended for children under 15 years of age, and we do not knowingly collect personal information from children under 15. If you are a parent or guardian and believe we may have collected information from your child, please contact us so we can promptly remove the information.

International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of Australia where the data protection laws may differ from those in Australia. We ensure that any international transfer of your personal information is subject to appropriate safeguards as required by the Privacy Act 1988 (Cth). By providing your personal information, you consent to this transfer, storing and processing.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Notification of Data Breaches

In accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), if we experience a data breach that is likely to result in serious harm to individuals whose personal information is involved, we will:

  1. Take immediate steps to contain the breach
  2. Assess the potential for serious harm
  3. Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if required
  4. Take steps to prevent future breaches

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: TBD
  • Company Address: TBD
  • Phone Number:TBD