Privacy Policy

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

Identify the entity (ABN), its role as APP entity, and a privacy contact / complaints channel.

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

Recour collects and processes SENSITIVE HEALTH INFORMATION: clinic emails, referrals, imaging and other documents, appointment details, invoices, and medication data. It also connects to the user's Google account (Gmail read + send, Calendar) and stores OAuth tokens (encrypted at rest). Counsel to formalise the collection notice covering health information and the purposes of collection.

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

Describe the assistant's processing of inbound clinic mail into proposed actions that the user approves before anything happens.

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

MATERIAL: email content and extracted health information are sent to the Anthropic API (Claude), processed on infrastructure in the UNITED STATES — a cross-border disclosure under APP 8. Google is accessed for Gmail and Calendar. Counsel to formalise the cross-border disclosure notice and any other processors.

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

Data is held in Supabase (Postgres + Storage); OAuth tokens are encrypted with AES-256-GCM. Operational records (quarantine, raw inbound, email bodies) are purged on a retention schedule. Counsel to state retention periods and security posture.

[LAWYER PLACEHOLDER — not legal advice; replace before launch]

Users can export all their data and delete their account (which erases their records, files, and Google connection) from Settings. Counsel to formalise access, correction, and complaint rights.