Privacy Policy
Effective date: 21/12/2025
Last updated: 21/12/2025
1. Introduction
Hemexa Pty Ltd (ABN [insert]) (“Hemexa”, “we”, “us”, or “our”) is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information, including health information, when you access or use:
our website (including hemexa.health),
our applications and dashboards,
our services, memberships, and subscriptions,
and any related interactions with us.
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What Information We Collect
We collect information that is reasonably necessary to deliver our services.
2.1 Personal Information
This may include:
Full name
Date of birth
Gender (where relevant to testing or analysis)
Email address
Phone number
Postal address
Government-issued identifiers where legally required (e.g. pathology referrals)
Account credentials
Payment and billing details (processed via third-party providers)
2.2 Health Information
Health information is considered sensitive information under Australian law.
We may collect:
Blood test results and pathology data
Biomarker measurements
Medical history provided by you
Lifestyle or wellness data voluntarily submitted
Longitudinal health trend data
Notes, annotations, or insights linked to your results
We only collect health information with your consent or where otherwise permitted by law.
2.3 Technical & Usage Information
We may automatically collect:
IP address
Device type and operating system
Browser type
Log files and timestamps
Usage patterns within our app
Diagnostic and error logs
This information is used for security, performance, and product improvement.
3. How We Collect Information
We collect information when you:
create an account or membership
complete forms or questionnaires
submit blood tests or health data
interact with dashboards or insights
contact us directly
use our website or applications
We may also receive information from:
pathology laboratories
healthcare providers (with your authorisation)
payment processors
analytics and infrastructure providers
4. Why We Collect and Use Your Information
We use your information to:
provide and administer Hemexa memberships
facilitate pathology testing and results delivery
generate insights, dashboards, and reports
track biomarkers over time
improve service quality and accuracy
process payments and manage subscriptions
communicate service updates and support
comply with legal and regulatory obligations
maintain platform security and integrity
We do not sell your personal or health information.
5. AI, Analytics, and Insights
Hemexa may use:
analytics tools,
statistical models,
and AI-assisted systems
to help generate insights, trends, or visualisations based on your data.
Key principles:
AI outputs are informational, not medical diagnoses
AI does not replace professional medical advice
Your identifiable data is not used to train public AI models
De-identified or aggregated data may be used to improve platform performance
6. Disclosure of Information
We may disclose your information to trusted third parties, including:
6.1 Service Providers
pathology laboratories
payment processors
cloud infrastructure providers
analytics and monitoring services
customer support platforms
These providers are contractually required to protect your information.
6.2 Legal and Regulatory Disclosure
We may disclose information where required by law, court order, or regulatory authority.
6.3 Business Transfers
If Hemexa undergoes a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to confidentiality protections.
7. Overseas Disclosure
Some service providers may store or process data outside Australia.
Where this occurs, we take reasonable steps to ensure:
compliance with Australian privacy standards, or
equivalent data protection safeguards.
8. Data Security
We take data security seriously.
Measures include:
encryption of data at rest and in transit
role-based access controls
secure cloud infrastructure
regular security monitoring
audit logging and access reviews
No system is 100% secure, but we take reasonable steps to protect your information from misuse, loss, or unauthorised access.
9. Data Retention
We retain personal and health information:
only as long as necessary for our services,
to meet legal or regulatory obligations,
or until you request deletion, where permitted by law.
Health data may be retained longer where required for continuity of care, compliance, or clinical integrity.
10. Access and Correction
You have the right to:
request access to your personal information
request correction of inaccurate or outdated information
Requests can be made via the contact details below. We may need to verify your identity before processing requests.
11. Complaints
If you believe we have breached your privacy rights:
Contact us directly so we can attempt to resolve the issue.
12. Cookies and Tracking
We use cookies and similar technologies to:
operate our website
analyse usage patterns
improve user experience
You may control cookies via your browser settings, but disabling them may affect functionality.
13. Marketing Communications
We may send you service-related communications and, where permitted, marketing messages.
You may opt out of marketing communications at any time.
14. Changes to This Policy
We may update this Privacy Policy periodically.
The latest version will always be available on our website, with the updated date shown at the top.
15. Contact Us
If you have questions or requests relating to privacy:
Hemexa Pty Ltd
Email: Contact us
Website: https://hemexa.health