top of page

Privacy Policy

GP Hub ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal  information when you use our  platform ("Service") designed to support general practitioners and medical practices in Australia.

​

1. WHAT INFORMATION WE COLLECT

We collect personal and health information directly from you and through automated means:

Information You Provide Directly:

  • Account registration details (name, email, practice name, contact information)

  • Communication data (support requests, feedback, inquiries)

  • Payment information (processed securely through third-party payment processors)

Information Collected Automatically:

  • Usage data (pages accessed, features used, time spent on platform)

  • Device information (browser type, operating system, device identifiers)

  • IP addresses and location data derived from IP addresses

  • Cookies and similar tracking technologies (see Section 8)

  • Server logs and performance analytics

Information from Third Parties:

  • Analytics platforms (Google Analytics)

  • Payment processors (Stripe, PayPal)

  • Authentication services (Microsoft Entra, Google Workspace sign-in)

​

2. HOW WE USE YOUR INFORMATION

We use personal and health information for these purposes:

  • Service Delivery: Operating the platform, managing accounts, providing customer support, and delivering features you request

  • Compliance & Safety: Meeting legal obligations, preventing fraud, and protecting the security of the platform

  • Improvement: Analysing usage patterns, improving user experience, and developing new features

  • Communication: Sending service updates, security alerts, and administrative notifications

  • Billing & Payments: Processing subscriptions, invoices, and payment transactions

  • Training & Support: Providing technical assistance and onboarding support

​

3. DATA SECURITY & PROTECTION

  • Encryption: All personal and health data is encrypted in transit (TLS 1.2+) and at rest (AES-256 encryption)

  • Access Controls: Only authorized staff and practitioners can access information, with role-based access controls and audit trails

  • Staff Training: Regular privacy and security training for all team members

  • Vendor Management: Third-party service providers are contractually bound to maintain equivalent security standards

  • Incident Response: We maintain a documented data breach response plan and notify affected parties and the Office of the Australian Information Commissioner (OAIC) within required timeframes if a breach is likely to result in serious harm

​

4. WHO WE SHARE YOUR INFORMATION WITH

We do not share your personal or health information without consent except as follows:

  • Service Providers: Third parties supporting platform operations (cloud hosting, payment processors, analytics platforms). These providers are contractually required to protect your information and use it only for authorized purposes

  • Legal Requirements: When required by law, court order, or regulatory body (OAIC, My Health Record System Operator)

  • Practice Users: Information you designate as shared within your practice is accessible to authorized staff members

  • Referral Partners: When you request referrals or data sharing with other healthcare providers, with your explicit consent

We do not sell your personal information to third parties for marketing or advertising purposes.

​

5. DATA RETENTION & DELETION

We retain your information only as long as necessary for the purposes outlined in this policy:

  • Active Account Data: Retained while your account is active and for 7 years after account closure (to comply with healthcare and tax legislation)

  • Backup Data: Retained for 30 days for disaster recovery purposes

​
6. CONTACT US

        Email: admin@gp-hub.com.au

bottom of page