Privacy Policy

Last updated: January 2, 2025

Introduction

InterSession ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and the clinical data you entrust to us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform.

As a service designed for mental health professionals, we understand the sensitive nature of the information processed through our platform. We are committed to complying with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), which govern how we handle your personal and health information.

Australian Privacy Act Compliance

InterSession is designed to comply with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). Health information is classified as "sensitive information" under the Act, and we apply enhanced protections accordingly.

Our compliance measures include:

  • Explicit Consent (APP 3): We only collect sensitive health information with explicit consent from the individual or their authorised representative.
  • Purpose Limitation (APP 6): We only use and disclose personal information for the purposes for which it was collected, or as otherwise permitted by law.
  • Data Quality (APP 10): We take reasonable steps to ensure personal information is accurate, up-to-date, and complete.
  • Data Security (APP 11): We implement robust technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access.
  • Access and Correction (APP 12 & 13): Individuals can access and request correction of their personal information held by us.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Professional credentials and practice information
  • Billing information (processed securely by our payment provider)
  • Account preferences and settings

Clinical Data (Health Information)

Through your use of our service, we process clinical data that you choose to enter or record, including:

  • Session recordings (audio)
  • Transcriptions of sessions
  • Clinical notes and documentation
  • Client information that you input
  • Resources and materials you upload

This information constitutes "health information" under the Privacy Act 1988 and is afforded the highest level of protection.

Usage Information

We automatically collect certain information about your use of our service:

  • Log data (IP address, browser type, access times)
  • Device information
  • Feature usage patterns
  • Error logs and performance data

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process session recordings and generate clinical documentation
  • Send you service-related communications
  • Process payments and manage your subscription
  • Respond to your inquiries and provide customer support
  • Ensure the security and integrity of our platform
  • Comply with legal obligations

What We Do NOT Do

We want to be clear about what we never do with your data:

  • We do not sell your data. Ever. To anyone.
  • We do not use clinical data to train AI models. Your client data is processed only to provide services to you and is never used to improve our general AI capabilities.
  • We do not share identifiable clinical data with third parties except as required to provide our services or as required by law.

Overseas Data Transfers

In accordance with APP 8 (Cross-border disclosure of personal information), we inform you that your personal information may be disclosed to service providers located in the following countries:

  • United States: For audio transcription services and AI-assisted documentation generation.
  • Japan: For email delivery services (session summaries, homework reminders).
  • Singapore: For application hosting infrastructure.

All overseas service providers are contractually bound to protect your information in accordance with standards comparable to the Australian Privacy Principles. We take reasonable steps to ensure that overseas recipients do not breach the APPs.

Note: Your primary data (clinical records, client information) is stored on servers located in Australia.

Data Security

We implement robust security measures to protect your information:

  • AES-256 encryption for all stored data (via Supabase)
  • TLS encryption for all data in transit
  • Data hosted on servers in Sydney, Australia
  • Row-level security policies to isolate clinician data
  • Secure authentication with encrypted passwords
  • Audio recordings deleted after transcription processing

Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time.

For clinical data:

  • Session recordings: Audio is processed for transcription and then automatically deleted. We do not retain audio recordings.
  • Clinical notes: Retained until you delete them or close your account.
  • Client data: Retained until you delete individual records or close your account.

After account closure, we retain data for 30 days to allow for recovery, after which it is securely deleted in accordance with APP 11.2.

Third-Party Services

We use trusted third-party services to provide our platform:

  • Cloud Infrastructure: Secure hosting with data stored in Australia
  • Payment Processing: Stripe (PCI DSS compliant)
  • Email Services: For transactional communications
  • Transcription Services: For converting audio to text
  • AI Services: For generating clinical documentation

All third-party providers are vetted for security and privacy compliance, and are contractually bound to protect your information.

Your Rights Under the Privacy Act

Under the Australian Privacy Act 1988, you have the right to:

  • Access your personal information held by us (APP 12)
  • Request correction of inaccurate information (APP 13)
  • Know how your information is being used and disclosed
  • Opt out of receiving marketing communications
  • Request deletion of your data (subject to legal retention requirements)
  • Withdraw consent for optional processing
  • Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at privacy@intersession.io.

Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you can lodge a complaint with us by contacting privacy@intersession.io.

We will investigate your complaint and respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

Future: International Expansion

InterSession is currently available only in Australia. We plan to expand to other countries in future, including the United States.

If you are located outside Australia and interested in InterSession, please contact us at hello@intersession.io to be notified when we launch in your region.

Cookies and Tracking

We use essential cookies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Ensure security

We do not use third-party advertising cookies or sell data to advertisers. Analytics data is collected in aggregate and not linked to individual users.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a notice on our website. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: