← Back to app
ravel'd

Privacy Policy

Last updated: 23 June 2026 ·  Version 1.0

This Privacy Policy explains how Carenetics Pty Ltd (ABN 67 687 641 505) (“we”, “us”, “our”) trading as ravel'dcollects, uses, stores and discloses your personal information through the ravel'd application (raveld.com.au).

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a health service provider, we are required to comply with the APPs regardless of our annual turnover.

Contents

  1. 1. Who We Are
  2. 2. What Information We Collect
  3. 3. How We Collect Your Information
  4. 4. Why We Collect Your Information (Primary Purpose)
  5. 5. Use and Disclosure (Secondary Purposes)
  6. 6. AI Processing and Automated Systems
  7. 7. Cross-Border Disclosure
  8. 8. How We Protect Your Information
  9. 9. Data Retention
  10. 10. Your Rights Under the Privacy Act
  11. 11. Children
  12. 12. Notifiable Data Breaches
  13. 13. Changes to This Policy
  14. 14. Contact Us

1. Who We Are

Carenetics Pty Ltd (ABN 67 687 641 505) operates ravel'd, a digital health platform that helps Australian patients request, store and manage their personal health records.

Privacy enquiries: chris@carenetics.com.au
Postal address: Available on request

2. What Information We Collect

2.1 Information you provide directly

We collect the following personal and sensitive information:

Identity information

  • Legal first and last name
  • Date of birth
  • Sex (as recorded on Medicare card)
  • Previous names and addresses

Government health identifiers

  • Medicare number and Individual Reference Number (IRN)
  • Individual Healthcare Identifier (IHI)
  • DVA (Department of Veterans' Affairs) file number

Contact information

  • Email address (via Google account)
  • Phone number
  • Residential address

Health information

  • Medical records, test results, specialist reports and other health documents you upload to your vault
  • Health conditions, medications and allergies you record
  • Appointment information
  • Emergency health information you choose to share

Provider information

  • Names and contact details of your healthcare providers

2.2 Information collected automatically

  • Login activity and session information
  • Device type and browser information
  • Usage patterns within the app (pages visited, features used)
  • IP address

2.3 Information about dependants

If you store health information about a dependent (such as a child under 18), you confirm you have the authority to manage that person's health information and that doing so is in their best interests.

3. How We Collect Your Information

We collect information:

  • Directly from you when you create an account, complete your profile, or upload records
  • Through your Google account when you sign in (name and email address only)
  • When you use features such as New Request, Vault, or Chat
  • From AHPRA (Australian Health Practitioner Regulation Agency) public registers when you search for healthcare providers
  • From Google Places when you search for healthcare providers

4. Why We Collect Your Information (Primary Purpose)

We collect your personal and health information to:

  • Enable you to store and manage your personal health records
  • Generate APP 12-compliant record request letters to send to your healthcare providers
  • Prepare appointment summaries and health information on your behalf
  • Provide personalised responses through our AI-powered Rights Assistant
  • Verify your identity for security purposes
  • Improve the ravel'd platform

5. Use and Disclosure (Secondary Purposes)

5.1 We will not use or disclose your health information for a secondary purpose unless:

  • You have consented
  • You would reasonably expect us to use it for that purpose and it is directly related to the primary purpose
  • It is required or authorised by Australian law
  • It is necessary to prevent a serious threat to life, health or safety

5.2 We do not sell your personal information. Ever.

5.3 We do not use your health information for direct marketing.

5.4 We may use de-identified, aggregated data for product improvement purposes. This data cannot identify you.

6. AI Processing and Automated Systems

6.1 ravel'd uses Claude AI, developed by Anthropic PBC (United States), to power our Rights Assistant chat feature, appointment preparation summaries, the Chat feature for asking questions about your uploaded records, and translation of your record summaries and request letters.

6.2 When you use these features, relevant portions of your health records and your questions are sent to Anthropic's API for processing. Anthropic processes this data solely to generate your response and does not use it to train AI models.

6.3 ravel'd AI provides health information only — it does not provide medical advice, diagnosis or treatment recommendations. ravel'd is not a registered medical device under the Therapeutic Goods Act 1989 (Cth). Always consult a qualified healthcare professional for medical decisions.

6.4 From December 2026, we will be required under the Privacy and Other Legislation Amendment Act 2024 to notify you when automated systems make decisions that significantly affect your rights. We will update this policy accordingly.

7. Cross-Border Disclosure

7.1 Your data is stored in Microsoft Azure's australiaeast (Sydney) data centre. Your health information does not leave Australia for storage purposes.

7.2 When you use AI features, your data is processed by Anthropic PBC in the United States. Anthropic maintains appropriate data protection safeguards. By using AI features, you consent to this cross-border disclosure.

7.3 We use Google OAuth for authentication. Google receives your email address and processes your authentication. Google's privacy policy applies to this processing.

8. How We Protect Your Information

8.1 Technical safeguards

  • All health record content is encrypted at rest using AES-256-GCM encryption
  • All data is encrypted in transit using TLS 1.2 or higher
  • Access to your data requires authentication
  • Your data is isolated from other users' data
  • We use Azure Key Vault for secrets management
  • We apply the principle of least privilege to system access

8.2 Organisational safeguards

  • Access to production systems is restricted
  • We conduct regular security reviews
  • We have a data breach response plan

8.3 No system is completely secure. If you believe your account has been compromised, contact us immediately at chris@carenetics.com.au.

9. Data Retention

9.1 We retain your personal information for as long as your account is active.

9.2 When you delete your account:

  • Your personal profile data is deleted immediately
  • Your health records and vault documents are deleted within 30 days
  • Backup copies are purged within 90 days
  • We may retain de-identified usage logs for up to 12 months

9.3 We may retain information for longer if required by law or to resolve a dispute.

10. Your Rights Under the Privacy Act

10.1 Right to access (APP 12)

You have the right to access the personal information we hold about you. You can access most of your information directly within the ravel'd app. To request a complete export, contact chris@carenetics.com.au. We will respond within 30 days.

10.2 Right to correct (APP 13)

You have the right to correct personal information that is inaccurate, incomplete or misleading. You can correct most information directly in the app. For other corrections, contact us.

10.3 Right to complain

If you believe we have breached the APPs, you may:

  1. Contact us first: chris@carenetics.com.au
  2. We will respond within 30 days
  3. If unresolved, you may complain to the Office of the Australian Information Commissioner (OAIC):
    Website: oaic.gov.au
    Phone: 1300 363 992

10.4 Anonymity

Where practicable, you may use ravel'd anonymously or under a pseudonym. However, most features require identification to generate accurate record request letters.

11. Children

ravel'd is designed for use by adults (18 years and over). Adults may store and manage health information about their dependent children. We do not knowingly collect personal information directly from children under 18 without parental or guardian consent.

12. Notifiable Data Breaches

If we experience a data breach that is likely to result in serious harm to you, we will notify you and the OAIC as required under the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC).

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the app. The current version is always available at raveld.com.au/privacy.

14. Contact Us

Privacy Officer
Carenetics Pty Ltd (ABN 67 687 641 505)
Email: chris@carenetics.com.au
Website: raveld.com.au

© 2026 Carenetics Pty Ltd (ABN 67 687 641 505).  Terms of Service