Privacy Policy

Effective date: 27 February 2026

Clinara is a trading name of Comet Apps Pty Ltd. We provide AI-assisted consultation documentation tools for aesthetic clinics and handle personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What we collect

Depending on how Clinara is used, we may collect:

  • Client identifiers (for example name and contact details)
  • Consultation audio recordings and transcripts
  • Consultation notes, coaching outputs, and follow-up content
  • User account and clinic administration information
  • Technical and security data (logs, diagnostics, audit events)

Sensitive information

Consultation audio, transcripts, and notes may include personal details such as skin concerns, treatment preferences, or other information that could be considered sensitive information under APP 3. We only collect sensitive information with explicit consent, obtained either directly from the individual or through the clinic acting on their behalf. Clinics must ensure they have obtained informed consent from each client before recording a consultation.

How we collect information

We collect personal information:

  • Directly from you — when you create an account, configure your clinic, or contact us.
  • From clinic practitioners — when they record consultations and use documentation tools on behalf of their clients.
  • Automatically — through server logs, cookies, and similar technologies when you use the platform.

How we use information

  • Operate consultation recording and transcription workflows
  • Generate AI-assisted notes and coaching insights
  • Support clinic operations, quality assurance, and training
  • Maintain security, prevent misuse, and investigate incidents
  • Meet legal and regulatory obligations

Disclosure and sharing

We do not sell personal information. We share personal information only with the following categories of recipients, and only to the extent necessary to deliver the service:

  • Cloud infrastructure — hosting, storage, and compute (e.g. AWS, Vercel, MongoDB Atlas)
  • AI processing — transcription and language model providers (e.g. AWS Transcribe, AWS Bedrock)
  • Authentication — identity and access management (e.g. Clerk)
  • Email delivery — transactional and notification emails
  • Error monitoring — application diagnostics and error tracking

Where providers process personal information on our behalf, we apply contractual and technical safeguards.

Data residency and cross-border disclosure

Clinara configures core processing in Australia (ap-southeast-2), including AWS Transcribe, AWS Bedrock, and AWS S3, with Vercel functions pinned to Sydney (syd1) and MongoDB Atlas in Sydney.

Some service providers may process limited data outside Australia, including in the United States (for example, authentication services and error monitoring). In accordance with APP 8, where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure the recipient handles the information consistently with the APPs. This includes contractual obligations and technical controls such as encryption in transit and at rest.

Cookies and tracking

We use cookies and similar technologies to support authentication, remember preferences, and collect usage analytics. These include:

  • Essential cookies — required for authentication and session management.
  • Analytics cookies — help us understand how the platform is used so we can improve the experience.

You can manage cookie preferences through your browser settings, though disabling essential cookies may affect platform functionality.

De-identification and AI improvement

We do not use identifiable consultation data to train general-purpose AI models. Where data is used for product improvement or quality assurance, it is aggregated or de-identified so that individuals cannot reasonably be re-identified.

Retention and deletion

We retain personal information only for as long as needed to fulfil the purpose for which it was collected, or as required by law. Specific retention practices include:

  • Audio recordings — retention is configurable by clinic, and recordings are automatically deleted after the configured period.
  • Account data — retained while the account is active and for a reasonable period after closure to support any outstanding obligations.
  • Logs and diagnostics — retained for a limited period for security and troubleshooting, then automatically purged.

Clinics may request deletion of their data by contacting us at the address below.

Security

We apply technical and organisational controls including access controls, encryption in transit and at rest, logging, and monitoring. No method of transmission or storage is perfectly secure, but we continuously improve our safeguards.

Your privacy rights

Under the APPs, individuals may:

  • Request access to personal information we hold about them (APP 12).
  • Request correction of personal information that is inaccurate, out-of-date, or incomplete (APP 13).

Clinics are responsible for obtaining appropriate client consent before recording consultations. To exercise your rights, contact us at the address below.

Notifiable Data Breaches

If an eligible data breach occurs, we will notify affected individuals and the Australian Information Commissioner in accordance with Australia's Notifiable Data Breaches scheme, and support impacted clinics to meet their own obligations.

Complaints

If you have a concern about how we handle personal information, please contact us first so we can try to resolve it. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Contact

For privacy enquiries or requests, contact privacy@clinara.ai.