Legal

Privacy Policy

Effective date: 20 March 2026  ·  CareTrust Solutions

CareTrust's business model is the clinic subscription fee: not your data. We do not sell, rent, or trade personal information to third parties. Ever.

1. Who we are

CareTrust Solutions ("CareTrust", "we", "us", "our") operates the CareTrust health identity wallet platform at caretrust.com.au. We are an Australian company and are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you have any questions about this policy, please contact us at hello@caretrust.com.au before using our services.

2. What personal information we collect

We collect only the information necessary to provide our services. Depending on how you interact with us, this may include:

  • Identity information: your name, date of birth, Medicare number (patient wallet holders only)
  • Contact information: email address, phone number
  • Health record data: clinical summaries, consent records, and access logs that you choose to store in your CareTrust wallet
  • Organisation information: practice name, ABN, and role (clinic and provider users)
  • Usage data: pages visited, session duration, device type, browser, IP address
  • Communications: the content of emails or messages you send us

We do not collect sensitive health information beyond what you explicitly choose to add to your wallet, and we do not collect payment card details directly (payments are processed by a PCI-DSS compliant third party).

3. How we use your information

We use personal information to:

  • Provide and operate the CareTrust platform and your health identity wallet
  • Process and record consent transactions between patients and providers
  • Send you service-related communications (account notices, security alerts)
  • Respond to your enquiries and provide customer support
  • Improve our platform through aggregated, de-identified analytics
  • Meet our legal and regulatory obligations

We will only use your information for the purpose for which it was collected, or for a directly related purpose. We will not use your health record data for marketing or advertising: to you or anyone else.

4. Disclosure of your information

We do not sell, rent, or trade your personal information. We may share it only in the following limited circumstances:

  • With providers you have consented to: when you grant a clinic access to your record, they receive only the data fields you have specifically authorised
  • With service providers: trusted third parties who operate infrastructure on our behalf (cloud hosting, email delivery), bound by strict data processing agreements and the APPs
  • Where required by law: if compelled by a court order, regulator, or law enforcement authority
  • With your explicit consent: in any other circumstances, only with your prior written consent

All third-party service providers are contractually prohibited from using your data for any purpose other than providing services to CareTrust.

5. Data storage and security

  • Hosted in Australia: all data is stored on servers located in Australia
  • Encryption at rest and in transit: AES-256 encryption for stored data, TLS 1.2+ for all data in transit
  • Multi-factor authentication: required for all accounts
  • Access controls: role-based access, least-privilege principles, and full audit logging of all data access events
  • Retention: we retain your data for as long as your account is active, or as required by applicable law. You may request deletion at any time (see Your Rights below)

No data transmission over the internet is completely secure. While we take all reasonable steps to protect your information, we cannot guarantee absolute security.

6. Your rights

Under the Australian Privacy Act and Australian Privacy Principles, you have the right to:

  • Access: request a copy of the personal information we hold about you
  • Correction: request that inaccurate or outdated information be corrected
  • Deletion: request that your account and associated data be deleted, subject to any legal retention requirements
  • Portability: request your health record data in a structured, machine-readable format
  • Withdraw consent: revoke any consent grant at any time through your wallet
  • Complain: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, please email hello@caretrust.com.au. We will respond within 30 days.

7. Cookies and tracking

We use session cookies strictly necessary for platform operation (authentication, security tokens). We do not use advertising cookies, third-party tracking pixels, or any analytics service that sends your data to a third party.

You can disable cookies in your browser settings, but this may prevent some features from working correctly.

8. Children

CareTrust supports family and guardian workflows, including managing records for children. Where a child's health information is stored in a guardian's wallet, the guardian is responsible for ensuring the use is appropriate. We do not knowingly collect information from children under 16 without the consent of a parent or guardian.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, where changes are material, notify account holders by email. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

10. Contact us

For all privacy-related enquiries, requests, or complaints:

If you are not satisfied with our response, you may contact the OAIC at oaic.gov.au or call 1300 363 992.

Stay in the loop

Product updates and CareTrust news, no noise, no spam.