Privacy Policy

Markoste Privacy Policy

Effective Date: July 25, 2025

Last Updated: 12 June 2026

1. Introduction

Markoste Pty Ltd ("we," "us," or "our") operates the Markoste platform, an AI-powered clinical workflow hub designed specifically for pharmacists in Australia. We are committed to protecting your privacy and the privacy of your patients in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the Notifiable Data Breaches (NDB) scheme, and the Essential Eight cybersecurity framework.

This Privacy Policy explains how we collect, use, disclose, and protect personal information and health information when you use our services.

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, phone number, pharmacy or organisation details, professional registration numbers
  • Payment Information: Subscription plan selection and billing details processed securely via Stripe (we do not store card numbers)
  • Usage Data: Platform interactions, feature usage patterns, session logs
  • Technical Data: IP addresses, browser information, device identifiers (for security purposes only)

2.2 Health Information

  • Audio Recordings: Deleted from cloud storage immediately after transcription processing is complete, with an automatic safety-net cleanup that removes any remaining files within 24 hours
  • Transcripts: Voice-to-text conversion of consultations, automatically deleted from cloud storage within 24 hours
  • Clinical Summaries: AI-generated summaries in SOAP notes, referral letters, or patient notes format
  • Patient Data: Patient demographics, medical history, and medication information stored in your patient files
  • Clinical Intervention Data: Records of clinical interventions, assessments, and ACOP governance activities
  • Medication Information: Drug names, dosages, interaction data, and MIMS product information lookups
  • Residential Care Data: RMMR/HMR review data, resident tracking, and Medicare claims information

2.3 Automatically Collected Information

  • System performance metrics
  • Error logs and debugging information
  • Security audit trails

3. How We Use Your Information

3.1 Primary Purposes

  • Scribe (Transcription and Summarisation): Converting audio consultations to text and generating structured clinical notes using our AI processing pipeline
  • Drug Interaction Checking: Real-time interaction and safety checks powered by the MIMS Australia database
  • Patient File Management: Uploading, parsing, and storing patient documents including medication extraction from PDFs
  • PharmCal (Task Management): Calendar scheduling, task tracking, and daily reminder services
  • RMMR/HMR Residential Hub: Pipeline management for residential medication management reviews, resident tracking, report generation, and Medicare claims
  • ACOP Governance: Clinical intervention tracking, risk assessment, quarterly reporting, and aged care quality compliance
  • Analytics: Usage dashboards, organisation metrics, and facility-level reporting
  • Compliance Support: Maintaining audit trails and records for regulatory requirements

3.2 Secondary Purposes

  • Platform improvement and feature development
  • Security monitoring and fraud prevention
  • Customer support and technical assistance
  • Legal compliance and regulatory reporting

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We never sell, rent, or trade personal or health information to third parties.

4.2 Permitted Disclosures

We may share information only in the following circumstances:

  • With Your Consent: When you explicitly authorize disclosure
  • Service Providers: Third-party processors bound by strict confidentiality agreements:
    • Google Cloud Platform (backend hosting, database, and file storage in australia-southeast1)
    • Amazon Web Services Bedrock (production AI summarisation and clinical analysis, ap-southeast-2 Sydney) — receives full clinical content including transcripts and documents, which may contain patient names, dates of birth, medications, and other identifiers. We do not apply a separate de-identification layer before inference because clinical accuracy requires full context. Patient data is not used to train AI models and is not retained by AWS for model training.
    • Microsoft Azure AI Speech (audio transcription only, australiaeast Sydney) — clinical audio is stored in Google Cloud Storage (Australia). The backend reads audio from GCS and sends it to Azure Fast Transcription in the Sydney region for processing in memory only. Azure does not retain audio after transcription completes.
    • Supabase (user authentication, row-level security, and audit logging)
    • Vercel (frontend hosting and edge delivery — no persistent patient data stored)
    • MIMS Australia (drug interaction database and product information — drug names only)
    • Stripe (payment processing - PCI DSS compliant, no card data stored by us)
    • Resend (transactional email delivery — may include patient name and date of birth in referral letters, reminders, and pharmacist digests)
    • PostHog (product analytics, EU-hosted, consent-gated — no intentional patient health information in server-tracked events)
    • Google reCAPTCHA v3 (bot and abuse protection)
  • Legal Requirements: When required by Australian law or court order
  • Emergency Situations: To prevent serious threat to health or safety

4.3 International Transfers and Cross-Border Processing (APP 8)

Primary patient records are stored in Google Cloud (australia-southeast1). Production AI summarisation uses AWS Bedrock in Sydney (ap-southeast-2) with full clinical context. Audio transcription uses Azure AI Speech Fast Transcription in australiaeast with audio at rest in Australian GCS until processing completes. Some processors operate globally:

  • Google Cloud Platform / Cloud SQL / GCS: Australia (australia-southeast1)
  • AWS Bedrock: Australia (ap-southeast-2 Sydney) — full clinical text including identifiers; no de-identification layer
  • Azure AI Speech (transcription): Australia (australiaeast Sydney); audio at rest in AU GCS; processed in memory only; not retained after job completion
  • Resend (email): Global delivery; referral and reminder emails may include patient name and date of birth
  • PostHog (analytics): EU-hosted; consent-gated product analytics
  • Supabase, MIMS, Stripe: As described above; Stripe and MIMS do not receive clinical record content

We take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs, including contractual safeguards where available and restricting AI inference to the Sydney AWS region.

5. Health Professionals and Patient Data

Pharmacists and other health professionals who use the Markoste platform (“Subscribers”) are the primary APP entities responsible for the patient health information they input into the platform. Markoste Pty Ltd acts solely as a contracted service provider, processing that information on behalf of Subscribers for the purpose of clinical documentation. Subscribers are responsible for ensuring their use of the platform is consistent with their own obligations under the Privacy Act 1988 (Cth), applicable state health records legislation, and their professional registration requirements, including obtaining any necessary patient consent for the use of AI-assisted documentation tools.

6. Data Security and Protection

6.1 Technical Safeguards

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access with unique user IDs
  • Network Security: VPC peering and private IP database access
  • Key Management: Google Cloud KMS for encryption key management

6.2 Organizational Safeguards

  • Regular security audits and penetration testing
  • Staff training on privacy and security protocols
  • Incident response procedures
  • Third-party security assessments

6.3 Local Device Storage (Offline Scribe)

Where internet connectivity is unavailable, the Scribe module may temporarily store draft notes, a cached patient list, and pending uploads in your browser's local storage so you can continue working and sync when connectivity returns. This data is cleared when you log out. You are responsible for securing devices used to access Markoste, particularly shared or unattended workstations.

6.4 Data Minimization

  • Audio recordings deleted from cloud storage immediately after transcription, with automatic cleanup within 24 hours
  • Transcription results automatically deleted from cloud storage within 24 hours
  • Identified patient health information is processed only for the specific purpose for which it was collected, and access is restricted to the treating pharmacist and authorised platform functions
  • Minimal data collection principle

7. Data Retention and Deletion

7.1 Retention Periods

  • Audio Recordings: Deleted from cloud storage immediately after transcription, with automatic cleanup within 24 hours
  • Transcription Results: Automatically deleted from cloud storage within 24 hours
  • Patient Files: Retained until user deletion or account closure
  • RMMR/HMR and ACOP Data: Retained until user deletion or account closure
  • Account Information: Retained for duration of service relationship
  • Payment Records: Retained as required by Australian tax law
  • Audit Logs: Retained for 7 years for compliance purposes

7.2 User-Initiated Deletion

You may delete individual patient records within the platform. To request deletion of your entire account and associated data, contact us by email or phone and we will process your request within a reasonable timeframe:

  • Email: mark@markoste.com.au
  • Individual patient records can be deleted in-platform by authorised users

8. Your Rights Under Australian Privacy Law

8.1 Access Rights (APP 12)

You have the right to:

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Understand how your information is being used

8.2 Correction Rights (APP 13)

You can:

  • Request correction of inaccurate or incomplete information
  • Add a statement if we cannot agree on corrections
  • Have corrections shared with third parties where appropriate

8.3 Other Rights

  • Anonymity and Pseudonymity: Where practicable under APP 2
  • Complaint Rights: Lodge complaints with us or the Office of the Australian Information Commissioner (OAIC)
  • Opt-out Rights: Withdraw consent for certain data processing activities

9. Cookies and Tracking

We use essential cookies only for:

  • Session management and authentication
  • Security monitoring
  • Platform functionality

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

10. Children's Privacy

Markoste is designed for use by licensed healthcare professionals. We do not knowingly collect personal information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Notify users of material changes via email and platform notifications
  • Post the updated policy with a new effective date
  • Maintain previous versions for reference

12. Contact Information

12.1 Privacy Officer

  • Email: mark@markoste.com.au

12.2 Complaints

If you have privacy concerns:

  • Contact us first: mark@markoste.com.au
  • OAIC Complaint: If unresolved, contact the Office of the Australian Information Commissioner
    • Website: www.oaic.gov.au
    • Phone: 1300 363 992
    • Email: enquiries@oaic.gov.au

13. Definitions

  • De-identification: Process of removing or obscuring personal identifiers
  • Health Information: Information about an individual's health, disability, or healthcare services
  • Personal Information: Information about an identifiable individual
  • Processing: Any operation performed on personal information

Markoste Pty Ltd

ABN: 29 698 051 017

www.markoste.com.au