Privacy Policy.

1. Introduction

Sheldon Health Pty Ltd (ABN XX XXX XXX XXX) ("Sheldon Health", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ADHD assessment and management platform.

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), the Health Records Act 2001, and applicable state and territory health privacy legislation.

2. Information We Collect

2.1 Personal Information

• Name, email address, phone number, and date of birth
• Account credentials and authentication data
• Billing and payment information (processed securely via Stripe)
• Communication preferences

2.2 Health Information

• ADHD assessment questionnaire responses (AAQoL, WEISS, ASRS, CAARS, Connors)
• Self-reported symptoms and medical history
• Diagnostic results and treatment plans
• Appointment records and practitioner notes
• Medication and management information

2.3 Technical Information

• Device information and browser type
• IP address and location data
• Usage patterns and interaction data
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

• Provide ADHD assessment, diagnosis support, and management services
• Connect you with qualified healthcare practitioners
• Process appointments and facilitate telehealth consultations
• Send appointment reminders and health-related notifications
• Process payments and manage your subscription
• Improve our platform and develop new features
• Comply with legal and regulatory requirements
• Conduct de-identified research to improve ADHD care (with consent)

4. Disclosure of Your Information

We may share your information with:

• Healthcare Practitioners: Registered specialists you choose to connect with through our platform
• Service Providers: Trusted third parties who assist with payment processing (Stripe), cloud hosting (Vercel, Supabase), and communication services
• Legal Requirements: When required by law, court order, or to protect our legal rights
• With Your Consent: For any other purpose disclosed to you at the time of collection

We never sell your personal or health information to third parties for marketing purposes.

5. Data Security

We implement robust security measures to protect your information:

• End-to-end encryption for all health data in transit and at rest
• Two-factor authentication (2FA) and SMS verification options
• SOC 2 Type II compliant infrastructure
• Regular security audits and penetration testing
• Role-based access controls for all staff
• Automatic session timeouts and secure data deletion

6. Data Retention

We retain your health records for the minimum period required by Australian healthcare regulations (typically 7 years from last contact, or until age 25 for minors). Personal account information is retained while your account is active and for a reasonable period thereafter. You may request deletion of non-essential data at any time.

7. Your Rights

Under Australian privacy law, you have the right to:

• Access your personal and health information
• Request correction of inaccurate information
• Request deletion of your data (subject to legal requirements)
• Withdraw consent for optional data processing
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
• Opt out of marketing communications

8. Cookies and Tracking

We use essential cookies to operate our platform and optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

9. Children's Privacy

Our services are available to individuals under 18 with parental or guardian consent. Parents/guardians maintain access to their child's account and health information until the child reaches 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy inquiries, data access requests, or complaints, please contact our Privacy Officer: