top of page

Privacy Policy

Updated: 2nd February 2026


This document describes the privacy policy of Unfurl Telehealth Psychology PTY LTD (the "Practice") for the management of clients’ personal information. The psychological services provided are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
 

1. Client Information
 

Client files are held in an encrypted, cloud-based practice management system with medical-grade security. This information is only accessible to authorised personnel of the Practice. The information held on each file includes:

  • Personal details (name, address, contact numbers, Medicare/billing info).

  • Medical history and clinical notes.

  • Reports and correspondence from other health practitioners.

  • AI-generated clinical summaries (processed via Novonote).
     

2. How Personal Information is Collected
 

A client's personal information is collected in several ways during the course of psychological consultation, including:

  • When the client provides information directly via digital intake forms or email.

  • During telehealth consultations (including AI-assisted scribing via Novonote).

  • When other health practitioners provide personal information via referrals, medical reports, or correspondence.
     

3. Purpose of Holding Personal Information
 

Personal information is gathered for the primary purpose of providing psychological services, including assessment, diagnosis, and treatment. This documentation enables the psychologist to provide a relevant, informed, and safe service. If a client does not wish for their personal information to be collected, the Practice may not be in a position to provide the psychological service.
 

4. Use of AI Note-Taking (Novonote)
 

To ensure our clinicians remain focused on the therapeutic process, the Practice uses Novonote, a secure, AI-assisted scribing tool.

  • Real-Time Processing: Audio is processed in real-time to create a temporary transcript used to generate a clinical summary.

  • Storage & Security: No audio recordings are saved or stored. Temporary transcripts are permanently deleted once the clinician saves the final note to the Practice’s secure management system.

  • Australian Data: All data processing occurs on secure servers located within Australia.
     

5. Disclosure of Personal Information
 

Personal information will remain confidential except when:

  1. It is subpoenaed by a court or otherwise required by law.

  2. Failure to disclose would, in the reasonable belief of the Practice, place a client or another person at serious risk to life, health, or safety.

  3. Prior approval has been obtained to provide a report to another professional (e.g., GP or Lawyer) or a third-party funder.

  4. Disclosure to a GP is directly related to the primary purpose of collection (e.g., reporting under a Mental Health Treatment Plan).
     

6. Data Security and Overseas Disclosure
 

The Practice uses all reasonable endeavours to protect the security of personal information. In the event of a data breach, the Practice will activate its Data Breach Plan in accordance with the Privacy Act. Personal information is not disclosed to overseas recipients unless the client consents or such disclosure is required by law.
 

7. Access, Correction, and Concerns
 

Clients may request to access or correct the personal information kept on their file. The Practice will respond to such requests in writing within 21 days.
 

If a client has a concern about the management of their personal information, they may inform the Practice Director. If the matter is not resolved, a formal complaint can be lodged with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

bottom of page