tydalPatient Login

Privacy Policy

Privacy Policy

Last updated: 25 March 2026

1. About This Policy

Tydal Health Pty Ltd (ABN XX XXX XXX XXX) ("Tydal", "we", "us") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, and store your personal information and health information.

2. Information We Collect

We collect two categories of information:

Personal information: your name, email address, phone number, date of birth, billing address, and payment details.

Health information: medical history, current medications, allergies, lifestyle factors, treatment goals, consult notes, prescriptions, and journal entries you submit through the platform. Health information is treated as sensitive information under the Privacy Act and is subject to additional protections.

We collect this information when you create an account, complete a health intake form, attend a consultation, use the health journal, or contact our support team.

3. How We Use Your Information

We use your information to:

  • Facilitate telehealth consultations with AHPRA-registered medical practitioners
  • Process and fulfil prescriptions
  • Manage your therapy tracking and health journal
  • Process payments and issue receipts
  • Communicate with you about appointments, prescriptions, and delivery
  • Comply with legal and regulatory obligations
  • Improve the safety and quality of our services

We will not use your health information for marketing purposes. We only collect health information with your explicit consent, and you may withdraw that consent at any time by contacting us.

4. How We Share Your Information

Your health information is shared only with the AHPRA-registered practitioner treating you and, where necessary, the compounding pharmacy fulfilling your prescription. We do not sell your personal or health information.

We may disclose information where required by law, including to comply with mandatory reporting obligations, court orders, or regulatory requirements.

5. Third-Party Services & Cross-Border Disclosure

We use the following third-party services to operate our platform:

  • Supabase (database & authentication) — data may be stored on servers located in the United States
  • Stripe (payment processing) — payment data is processed in the United States and is subject to Stripe's PCI-DSS compliance
  • Coviu (video consultations) — Australian-based, data stored in Australia
  • Australia Post / courier (delivery) — Australian-based

Where your information is transferred overseas (APP 8), we take reasonable steps to ensure the recipient complies with the APPs or is subject to a substantially similar privacy regime. By using our services, you consent to the transfer of your personal information to these third parties as described above.

6. Data Retention

We retain your personal and health information for as long as your account is active and for a minimum of seven (7) years after your last consultation, in line with medical record-keeping obligations under Australian law. Payment records are retained as required by tax law. You may request deletion of non-medical personal information at any time.

7. Data Security

We use industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, row-level security policies, and access controls. Payment information is processed by Stripe and is never stored on our servers. While we take all reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure.

8. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988).

9. Cookies & Analytics

We may use cookies and similar technologies to improve your experience, analyse usage patterns, and maintain session security. We do not use cookies to track you across other websites. You may disable cookies in your browser settings, though this may affect platform functionality.

10. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal and health information we hold about you (APP 12)
  • Request correction of inaccurate information (APP 13)
  • Request deletion of non-medical personal information
  • Withdraw consent for collection of health information
  • Lodge a complaint about our handling of your information

To exercise any of these rights, contact our Privacy Officer at privacy@tydal.com.au.

11. Complaints

If you believe we have breached the APPs, you may lodge a complaint with our Privacy Officer at privacy@tydal.com.au. We will acknowledge your complaint within 5 business days and respond within 30 business days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the platform. Continued use of the service after changes constitutes acceptance of the revised policy.

13. Contact

For privacy-related enquiries, please contact our Privacy Officer:

Tydal Health Pty Ltd
ABN XX XXX XXX XXX
Email: privacy@tydal.com.au