Updated April, 2026

Privacy Policy

Effective Date: April 2026
Version: Beta
Last Updated: December 2025

1.About this Policy

This Privacy Policy governs the collection, use, disclosure, and management of personal information (including sensitive health information) by Raffy ("we", "us", "our") through the Raffy mobile and web application ("App") and any associated services.

We are required to comply with the Privacy Act 1988 (Cth)and the 13 Australian Privacy Principles (APPs) (Schedule 1, Privacy Act), as amended by the Privacy and Other Legislation Amendment Act 2024. Because Raffy is a health service provider, these obligations apply regardless of annual turnover. All references to "sensitive information" or "health information" carry the meaning given under the Privacy Act.

By using the App, you confirm that you have read this policy and consent to your personal information being handled as described. If you do not agree, do not use the App.

2. Who We Are

Raffy Pty Ltd (ACN 695425284) is an Australian company operating the Raffy Allergy companion application. We are an APP entity and a private sector health service provider as defined by the Privacy Act.

CONTACT DETAIL

INFORMATION

Email

raffy@raffyallergy.com

Post

121 King Street Melbourne, Australia

Response time

We will acknowledge complaints within 5 business days and respond within 30 calendar days

3. Information We Collect

We collect only information that is reasonably necessary for the primary purpose described (APP 3.1). Collection occurs directly from you (and, where the patient is a child, from their parent or guardian). We do not collect personal information by unfair or unlawful means (APP 3.5).

ACCOUNT & IDENTITY INFORMATION

  • Parent/guardian name, email address, account credentials

  • Clinician name and practice details (if linked)

PATIENT HEALTH INFORMATION (SENSITIVE)

  • Patient first name, date of birth, age

  • Allergen type(s) and OIT protocol details

  • Daily dose records: amount, timing, cofactors (exercise, illness, sleep, NSAIDs, meals)

  • Reaction events: grade, symptoms, cofactors, management taken

  • Observation period and post-dose notes

  • Quality-of-life scores and comments provided by the family

  • Free-text parent/guardian notes entered into the App

TECHNICAL & USAGE INFORMATION (NON-SENSITIVE)

  • Device type, operating system version, App version

  • Session logs, error reports, and crash analytics (anonymised or pseudonymised)

  • IP address (for authentication and security only; not used for profiling)

We do not collect: precise geolocation, biometric data, financial payment information beyond what the App Store or Google Play handles independently, or any data for advertising or profiling purposes.

4. Sensitive Health Information — Special Rules

All doses, reaction, and clinical data in Raffy is sensitive health information under s 6 of the Privacy Act. The collection, use, and disclosure of sensitive information is subject to higher standards than ordinary personal information (APP 3.3, 6.1, 7.3, 8.2).

We collect sensitive health information only with your express consent, or where a permitted health situation applies under s 16B of the Privacy Act (e.g., to lessen or prevent a serious threat to health or safety).

PERMITTED HEALTH SITUATION

We do not use sensitive health information for: direct marketing, research without additional consent, or any purpose incompatible with the primary purpose of OIT tracking and clinical reporting.

5. How We Use Your Information

We use personal information (including sensitive health information) only for the primary purpose for which it was collected, or a directly related secondary purpose you would reasonably expect, or with your consent (APP 6.1, 6.2).

PURPOSE

INFORMATION USED

BASIS

Display your logs and progress

Health records, account data

Primary purpose / contract

Generate clinician export reports (PDF)

Health records, notes

Primary purpose; user-initiated

Send optional dose reminders

Account data, notification settings

Express consent (opt-in)

Authenticate users securely

Email, device ID

Primary purpose

Improve App features and performance

Anonymised/aggregated usage data

Legitimate interest (de-identified only)

Comply with legal obligations

As required

Legal obligation

Respond to privacy complaints or access requests

Account data

Legal obligation (APP 12–13)

No automated decision-making. Raffy does not use personal information for automated decisions that significantly affect you. From December 2026 the Privacy Act will impose mandatory disclosure obligations for such activities; Raffy does not engage in them. (Privacy and Other Legislation Amendment Act 2024.)

No direct marketing. We do not use health information for direct marketing (APP 7.3). We will only communicate with you about service updates, and you may opt out at any time.

6. Disclosure to Third Parties

We do not sell, rent, or trade personal or health information. Disclosure is limited to the following circumstances (APP 6):

SUPERVISING CLINICIAN

When you choose to share a Raffy export report with a clinician, you initiate that disclosure. The exported PDF is generated on your device and transmitted only by you (via email or print). We do not transmit health data to clinicians directly.

INFRASTRUCTURE SERVICE PROVIDERS

We engage sub-processors only where necessary to operate the App. Each is bound by a data processing agreement requiring APP-equivalent protections:

PROVIDER TYPE

PURPOSE

DATA SHARED

Cloud hosting (Australian region)

Account data storage, authentication

Account email, User ID, device ID

Authentication provider

Secure login

Email, hashed credentials

Crash analytics

App stability

Anonymised error data only

LEGAL COMPULSION

We may disclose personal information if required by Australian law, court order, or a lawful government or regulatory request. We will notify you of any such disclosure to the extent permitted by law.

BUSINESS TRANSFERS

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquirer. We will notify you in advance and your rights under this policy will continue to apply.

7. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). Given the sensitive nature of health data, we apply enhanced security measures:

  • Encryption at rest and in transit — AES-256 and TLS 1.3 minimum

  • Role-based access controls — staff can access only what their role requires

  • Automated audit logging — all access to personal data is logged and reviewed

  • Annual security assessments and vulnerability testing

  • Mandatory privacy training for all staff with data access

  • Contractual security requirements imposed on all sub-processors

No data transmission over the internet can be guaranteed to be completely secure. You are responsible for maintaining the security of your account credentials and device.

8. Cross-border Transfers

Where personal information (account data, authentication data) is transferred outside Australia, we comply with APP 8. We only transfer data to recipients in countries on the OAIC's international data transfer whitelist (as updated following the Privacy and Other Legislation Amendment Act 2024) or where the recipient is contractually bound to APP-equivalent standards.

Health records are stored locally and are not transferred overseas by us. If you choose to export your data and share it across international services (e.g., emailing a PDF internationally), that transfer is initiated by you.

We do not use overseas analytics providers that process identifiable health data. All identifiable data remains within Australian infrastructure or whitelisted jurisdictions.

9. Data Quality and Retention

We take reasonable steps to ensure personal information we hold is accurate, up-to-date, complete, and relevant (APP 10). You can review and correct your account information at any time through the App settings.

RETENTION PERIODS

DATA TYPE

RETENTION PERIOD

BASIS

Health records (on-device)

Until you delete the App or use the in-app deletion tool

User control

Account data (server-side)

Duration of account, plus 7 years after closure

Potential legal claims / health record obligations

Anonymised usage analytics

Up to 3 years

Legitimate interest (de-identified)

Security and audit logs

3 years

Security and legal compliance

When retention is no longer necessary, we will destroy or de-identify the information securely (APP 11.2).

10. Children's Privacy

Raffy is specifically designed to support allergy desensitisation treatment.The vast majority of patient records will relate to minors. We apply heightened protections in recognition of this.

PARENTAL/GUARDIAN CONSENT

Accounts must be created by a parent or guardian who is at least 18 years of age. The parent or guardian consents to the collection and use of their child's health information on behalf of the child. We do not knowingly allow a child to create an account or input their own data without parental authorisation.

MINIMUM AGE

The App is not intended to be directly used by individuals under 16. Account-holders must be adults (18+). If we become aware that a child under 16 has created an account independently, we will suspend the account and contact the registered email address to obtain verified parental consent or delete the account.

DATA MINIMISATION FOR CHILDREN

We collect only the health data necessary for OIT tracking. We do not collect any data for targeted advertising, profiling, or any purpose other than direct health support. We do not use children's health data to build any inferences beyond those visible to the parent in-app.

CHILDREN'S ONLINE PRIVACY CODE (ANTICIPATED)

The OAIC is developing a Children's Online Privacy Code under the Privacy and Other Legislation Amendment Act 2024, to be finalised by December 2026. As a health service, Raffy may fall outside the Code's direct scope (the Code is expected to exclude health services). Regardless, we commit to meeting its spirit: children's best interests guide every data decision, and we will review and update our practices when the final Code is registered.

11. Your Rights

Australian privacy law gives you the following rights. We will respond to all requests within 30 calendar days (APP 12.5).

RIGHT

HOW TO EXERCISE IT

Access your personal information (APP 12)

Submit a written request to raffy@raffyallergy.com. We will provide access free of charge unless the request is manifestly unfounded or excessive.

Correct your personal information (APP 13)

Update account details in-app, or contact us. We will correct or annotate disputed records within 30 days.

Withdraw consent

Withdraw consent for non-essential processing at any time via App settings or by email. Withdrawal will not be applied retroactively.

Delete your account and data

Use the in-app deletion tool or contact us. On-device health data is deleted when you delete the App. Server-side account data will be deleted within 30 days of a verified request, subject to legal retention obligations.

Opt out of communications

Unsubscribe link in any email, or contact us.

Opt out of notifications

Via App settings or device notification settings.

Anonymity (APP 2)

Where practicable, you may engage with us without identifying yourself. Note that the App's core health tracking functions require an account.

Lodge a privacy complaint

See Section 13 below.

We will not charge a fee to respond to access requests. We will notify you if we are unable to provide access and explain the reason (APP 12.9).

12. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If a data breach involving personal information is likely to result in serious harm to affected individuals, we will:

  • Notify affected individuals as soon as practicable, with advice on protective steps they can take

  • Notify the Office of the Australian Information Commissioner (OAIC)

  • Maintain records of the breach and corrective actions taken

Given that health data is stored locally on your device, the most likely breach scenarios relate to account credential compromise or a breach at our authentication provider. We will assess all incidents promptly and notify within the timeframes required by the NDB scheme (generally as soon as practicable, and no later than 30 days after becoming aware of a potential eligible breach).

13. Complaints

If you have a concern about how we have handled your personal information, we encourage you to contact us first so we can try to resolve it:

Privacy Officer

Email: raffy@raffyallergy.com

Post: 121 King Street Melbourne, Australia

Response commitment: Acknowledge within 5 business days; substantive response within 30 calendar days.

If you are not satisfied with our response, or if you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au

  • Phone: 1300 363 992

  • Post: GPO Box 5218, Sydney NSW 2001

The Privacy Act also confers a statutory tort for serious invasions of privacy (in force from June 2025 under the Privacy and Other Legislation Amendment Act 2024). Individuals may seek court remedies for serious privacy interferences independent of the OAIC complaint pathway.

14. Changes to this Policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

  • Post the revised policy at raffyallergy.com/privacy with the updated effective date

  • Notify you by in-app notification and email for material changes at least 14 days before they take effect

  • Obtain fresh consent where a change materially affects how we handle sensitive health information

Continued use of the App after the effective date of a non-material update constitutes acceptance. For material changes, we will require an explicit in-app confirmation before you continue using health-data features.