Privacy Policy

Last updated April 09, 2026

1. Introduction

This Privacy Policy describes how EndoFlow Pty Ltd ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the EndoFlow platform ("the Service"). We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored in encrypted form)
  • Organisation/facility name
  • Language and timezone preferences
  • Role within your organisation

2.2 Operational Data

In the course of using the Service, your organisation may enter:

  • Endoscope and equipment inventory details (serial numbers, models, maintenance records)
  • Reprocessing workflow records (steps completed, staff involved, timestamps)
  • Staff member names, roles, and training records
  • Disinfectant and chemical management data
  • Inspection, microbiology, and quality compliance records
  • Patient identifiers (as entered by your facility for traceability purposes)
  • Documents and notes

2.3 Automatically Collected Information

We automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and features used within the Service
  • Timestamps of access and actions

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Generate compliance reports and audit trails as requested by your facility
  • Send service-related notifications (e.g., expiring certifications, overdue inspections)
  • Provide technical support
  • Analyse usage patterns to improve Service performance and features
  • Comply with legal obligations

4. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls within the application
  • Regular security assessments and monitoring
  • Secure cloud infrastructure with reputable hosting providers
  • Automated backups and disaster recovery procedures
  • Audit logging of data access and modifications

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • Service providers: With trusted third-party providers who assist in operating the Service (e.g., cloud hosting, email delivery), bound by confidentiality agreements
  • Legal requirements: When required by law, regulation, or legal process
  • Safety: To protect the rights, safety, or property of our users or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users

6. Healthcare Data

EndoFlow is designed for use by healthcare facilities and may process data related to healthcare operations. Important considerations:

  • EndoFlow is a workflow management tool, not a medical device or electronic health record system
  • Your facility is responsible for determining what data to enter and ensuring compliance with applicable healthcare data regulations in your jurisdiction
  • We recommend that patient identifiers entered into the Service are limited to what is necessary for reprocessing traceability
  • We implement security measures appropriate for handling sensitive operational healthcare data

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained until you request deletion
  • Operational data (workflows, audit trails) is retained in accordance with your facility's configured retention policies and applicable regulatory requirements
  • Upon account termination, data is available for export for 30 days, after which it may be permanently deleted
  • Anonymised, aggregated data may be retained for analytics purposes

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Export: Request your data in a portable, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, please contact us at [email protected].

9. Cookies and Analytics

The Service uses essential cookies required for authentication and session management. We may also use analytics tools to understand how the Service is used. We do not use advertising cookies or trackers.

10. International Data Transfers

Your data may be processed in countries other than your own. Where data is transferred internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

11. Children's Privacy

The Service is intended for use by healthcare professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: