Privacy Policy
At AyniHealth™, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website www.ayni.health and our services. By using our website or services, you consent to the data practices described in this policy.
1. Information We Collect
1.1 Information You Provide
- Account registration information (name, email address, password)
- Profile information (professional credentials, healthcare organisation, role)
- Communications with us (support requests, feedback)
- Content you create or upload through our services
1.2 Information Collected Automatically
- Device information (IP address, browser type, operating system)
- Usage data (pages visited, features used, interaction patterns)
- Cookies and similar tracking technologies
- Analytics data to improve our services
1.3 Information from Third Parties
- OAuth authentication data from providers (Google, Discord, Apple)
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide and maintain our services
- To process transactions and manage subscriptions
- To personalise your experience and provide relevant content
- To communicate with you about your account and our services
- To send marketing communications (with your consent)
- To improve our services and develop new features
- To comply with legal obligations and protect our rights
- To detect and prevent fraud or security issues
3. Information Sharing and Disclosure
3.1 We do not sell, trade, or rent your personal information to third parties.
3.2 We may share your information in the following circumstances:
- Service Providers: With trusted third-party service providers who assist us in operating our website and services (e.g., PocketBase for authentication, Resend for email delivery)
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- Consent: With your explicit consent for specific purposes
- Aggregated Data: We may share anonymized, aggregated data that cannot identify you personally
4. Data Security
4.1 We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit and at rest
- Secure authentication and access controls
- Regular security audits and updates
- Limited access to personal information on a need-to-know basis
4.2 Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
5. Data Retention
5.1 We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy.
5.2 When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or legitimate business purposes.
6. Your Rights and Choices
You have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Portability: Request your data in a portable format
- Opt-out: Opt-out of marketing communications at any time
- Cookies: Manage cookie preferences through your browser settings
To exercise these rights, please contact us at privacy@ayni.health.
7. International Data Transfers
7.1 Our services are operated from Australia. If you access our services from outside Australia, your information may be transferred to and processed in Australia.
7.2 We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.
8. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
9. Third-Party Links and Services
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
10. Updates to This Policy
10.1 We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
10.2 We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date.
10.3 Your continued use of our services after such changes constitutes your acceptance of the updated policy.
11. Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Ayni Health Pty Ltd
13 Eric Lane Mosman NSW 2088
Privacy Officer: privacy@ayni.health
General Inquiries: contact@ayni.health
12. Australian Privacy Principles
As an Australian company, we are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you have concerns about our handling of your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Promotions & Raffles (GDPR)
This section applies to individuals in the European Union or European Economic Area who participate in AyniHealth promotions or raffles (e.g. the ESTRO 2026 K-beauty raffle). AyniHealth Pty Ltd is the data controller for these activities.
What we collect: full name and email address.
Why: to create your AyniHealth account and enter you in the raffle. If you separately opt in, to send you product news by email.
Retention: raffle entry data is retained for one year after the relevant conference ends, then deleted. Your account remains active until you delete it.
Your rights: access, rectification, erasure (Art. 17), restriction, and withdrawal of consent at any time without affecting the lawfulness of prior processing. Email privacy@ayni.health or use Profile → Delete Account in the app.
Third-party processors: Neon Inc. (database, EU Standard Contractual Clauses), Vercel Inc. (hosting, EU SCCs). No other third parties receive raffle entry data.
GDPR Compliance Summary
| Article | How we comply |
|---|---|
| Art. 6(1)(a) | Lawful basis is explicit, freely-given consent collected at signup via an unchecked checkbox. |
| Art. 7 | Consent is unbundled: one checkbox for raffle entry (required), a separate checkbox for marketing (optional). Both are unchecked by default. Consent can be withdrawn at any time. |
| Art. 13 | A data notice is shown on the signup form at the point of collection. Full details are in this Privacy Policy, linked from the form. |
| Art. 5(1)(c) | Data minimisation: only name and email are collected. No unnecessary fields (phone number, date of birth, etc.). |
| Art. 5(1)(e) | Storage limitation: raffle entry data deleted one year after the conference ends. |
| Art. 17 | Right to erasure: self-service account deletion available in Profile settings. All personal data and raffle entries are removed. |
| Art. 5(2) | Accountability: consent timestamp, form version, and marketing-opt-in choice are stored per entry as an audit trail. |
| Art. 32 | Security: all data transmitted over HTTPS; stored in an encrypted Neon Postgres database with access controls. |
| Art. 46 | International transfers to processors (Neon, Vercel) covered by EU Standard Contractual Clauses. |
Last Updated: January 9, 2025