This Privacy Policy explains how Neuro Nexus Pty Ltd ("Neuro Nexus", "we", "us", or "our") collects, uses, discloses, and safeguards personal information, including sensitive health information, through the Neuro Nexus application and associated web portal. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and all applicable healthcare data legislation.

1. About This Policy

This Policy applies to all users of the Neuro Nexus platform, including patients, clinicians, administrators, and any other authorised users. It covers personal information collected through:

By creating an account or using Neuro Nexus, you agree to the collection and use of your information as described in this Policy. If you do not agree, you should not use the platform.

2. Who We Are

Neuro Nexus is the entity responsible for the Neuro Nexus platform and acts as the data controller for personal information collected through its services. Clinicians and healthcare organisations using the platform may also hold obligations as data controllers or processors under applicable legislation, and are required to maintain their own privacy practices consistent with this Policy and applicable law.

3. Legislative Framework

We collect, hold, use, and disclose personal information in accordance with the following legislation and standards:

Where the platform is used in clinical settings, clinicians and healthcare organisations must also comply with their own professional and regulatory obligations, including those imposed by AHPRA and relevant health practitioner registration standards.

4. Information We Collect

Neuro Nexus is a healthcare application and therefore collects a broad range of personal information, including sensitive health information as defined under the Privacy Act 1988 (Cth). The categories of information collected are set out below.

4.1 Identity and Account Information

4.2 Health and Clinical Information

This constitutes sensitive information under the Privacy Act 1988 (Cth) and is subject to heightened protections:

4.3 Biometric and Wearable Data

Wearable data is collected via the Terra API (for third-party devices) and Apple HealthKit (for iOS users) with your explicit consent. You may disconnect a wearable at any time via the app Settings.

4.4 Geolocation Data

4.5 Communications and AI Chat Data

AI chat messages are processed through our AI engine and are subject to automated safety classification. Messages containing high-risk indicators (such as expressions of suicidal ideation or acute relapse risk) are flagged and surfaced to your assigned clinician. The Nexa Assistant does not replace clinical care.

4.6 Technical and Usage Data

5. How We Collect Your Information

We collect personal information in the following ways:

We will only collect sensitive health information with your explicit consent, or where otherwise permitted by law (for example, where necessary for the provision of a health service).

6. Why We Collect and Use Your Information

We collect and use your personal information for the following primary purposes:

7. Disclosure of Your Information

We do not sell your personal information. We may disclose your information in the following circumstances:

7.1 Your Treating Clinician

Your clinician has access to your health data through the Neuro Nexus clinician portal, including mood check-ins, biometric data, goal progress, survey responses, flagged AI chat indicators, and treatment plan compliance. You were informed of this at onboarding and provided explicit consent.

Journal entries are private by default. You may voluntarily choose to share a journal entry with your clinician using the "Share with clinician" toggle within the app.

7.2 Service Providers and Technology Partners

We engage third-party service providers who process personal information on our behalf under contractual obligations consistent with this Policy and applicable law. Key partners include:

All service providers are required to handle personal information in accordance with the Australian Privacy Principles and our contractual requirements.

7.3 Emergency and Safety Disclosures

Where the platform identifies indicators of serious risk to life or safety, including acute suicidal ideation or severe relapse risk, information may be disclosed to emergency services or other appropriate parties where required or permitted by law, or where we have a duty of care to act. In such circumstances, your clinician will be notified immediately through the platform.

7.4 Legal Requirements

We may disclose your information where required to do so by law, court order, or government authority, including under the Notifiable Data Breaches Scheme.

7.5 Organisational Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to a successor entity, subject to equivalent privacy protections being maintained.

7.6 De-identified Data

We may use and disclose de-identified and aggregated data, from which individual identity cannot reasonably be determined, for research, clinical outcomes analysis, and product development. This data is not personal information.

8. Storage and Security of Your Information

We take the security of your health information seriously and implement appropriate technical, administrative, and organisational safeguards:

Your data is stored on servers located in Australia or in jurisdictions with equivalent privacy protections, consistent with APP 8 requirements for cross-border disclosure.

No system is completely secure. While we use best-practice security measures, we cannot guarantee absolute security of information transmitted over the internet. You should use a strong, unique password and enable biometric authentication to protect your account.

9. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, and to comply with our legal, regulatory, and clinical obligations. Key retention principles:

Where you request deletion of your account (see Section 11), we will delete or de-identify information that is not subject to a legal retention obligation. Information we are required by law to retain will be held securely and will not be used for other purposes.

10. Your Privacy Rights

Under the Australian Privacy Principles and applicable health records legislation, you have the following rights in relation to your personal information:

10.1 Right of Access

You have the right to request access to the personal information we hold about you. You may access much of your own health data directly within the Neuro Nexus app (including your check-in history, goal progress, and journal entries). To request a full record of your information, contact us using the details in Section 13. We will respond within 30 days. A reasonable fee may apply for complex access requests.

10.2 Right of Correction

If you believe personal information we hold about you is inaccurate, incomplete, or out of date, you may request a correction. We will correct the information or, if we disagree, note your request alongside the record. Clinical records may only be corrected by or in consultation with your treating clinician.

10.3 Right to Withdraw Consent

Where processing is based on your consent (for example, wearable data integration or location access), you may withdraw consent at any time through the app Settings. Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal, but may limit the functionality available to you and your treating clinician.

10.4 Right to Complain

If you believe we have breached your privacy rights, you may contact our Privacy Officer (see Section 13). If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or with the relevant State or Territory health complaints body.

10.5 Right to Anonymity (Where Lawful)

We recognise your right under APP 2 to interact with us anonymously or using a pseudonym where lawful and practicable. However, the provision of a healthcare application requires accurate identification for clinical safety and compliance purposes. Full anonymity is not available for registered patient accounts.

11. Account and Data Deletion

You may request deletion of your Neuro Nexus account by contacting us at privacy@neuronexus.com.au or through the account settings in the app. The following applies:

12. Children and Vulnerable Users

Neuro Nexus is designed for use by individuals aged 16 years and over. Where the platform is used by a patient under the age of 18, parental or guardian consent must be obtained by the referring clinician as part of the clinical intake process.

We recognise that many users of the platform are in active recovery and may be in vulnerable circumstances. Our platform is designed with this in mind: AI chat guardrails are configured to escalate high-risk disclosures, the app language is intentionally non-clinical and supportive, and emergency pathways are accessible from the Support tab at all times.

The Nexa Assistant is not a substitute for clinical care. In a mental health emergency or crisis, please contact Lifeline on 13 11 14, Beyond Blue on 1300 22 4636, or emergency services on 000.

13. Contact Us

For any privacy-related enquiries, access requests, correction requests, or complaints, please contact our Privacy Officer:

If you are not satisfied with our response, you may contact:

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legislative requirements. When we make material changes, we will:

Continued use of the Neuro Nexus platform following notification of changes constitutes acceptance of the updated Policy.

← Back to the site