Privacy Policy

Last updated: 04 April 2026

Getting Organ_ised ("the App") is a clinical pre-operative patient intake and workflow management system developed and operated by Dr Clint Johnson through his company. This policy explains how we collect, use, store, and protect your information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect the following categories of personal information:

For app users (providers and staff):

Name, email address, and phone number
Authentication credentials (managed by Firebase Authentication)
Provider number(s) and practice details
Profile photo (optional)
Role and approval status

For patients (via pre-operative questionnaire):

Name, date of birth, phone number, Medicare number
Medical history, current medications, allergies
Surgical procedure and treating surgeon details
Responses to clinical assessment questions

From hospital booking systems (via automated CSV pipeline):

Patient name, date of birth, phone number, Medicare number
Procedure, surgeon, provider, hospital, health fund details

2. How We Use Your Information

Your information is used solely for the following purposes:

Authenticating your identity and managing your account
Displaying personalised clinical schedules to your assigned provider
Facilitating pre-operative patient assessment and preparation
Managing anaesthetist cover requests between practitioners
Generating clinical records for anaesthetic charting, billing, and invoicing
Providing patient information resources (fasting, medications, testing guides)

We do not sell, rent, or disclose your personal information to third parties for marketing purposes.

3. Data Storage and Security

We implement the following security measures:

Database: Patient and provider data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enforced on all tables. Providers can only access their own patients' data.
Authentication: Firebase Authentication manages sign-in via email/password, Apple Sign-In, Google Sign-In, and phone SMS verification. Passwords are hashed and never stored in plaintext.
Encryption in transit: All data transfers use HTTPS/TLS encryption.
Access control: Four user roles (provider, rooms staff, admin, superuser) with database-enforced permissions. All users require admin approval before accessing any data.
Secrets management: API keys and credentials are stored in encrypted vaults (Cloudflare Wrangler secrets, macOS Keychain).
Audit logging: Cover request actions are logged with full event history.

4. Third-Party Services

The App uses the following third-party services to operate. Each processes personal information on our behalf:

Service	Purpose	Data Location
Supabase (PostgreSQL)	Primary database for all application data	Tokyo, Japan
Firebase Authentication	User identity and sign-in management	United States
Firebase Storage	Provider profile photo storage	United States
Cloudflare Workers	API processing, website hosting, CSV ingestion	Global edge network
Cloudflare KV	Temporary CSV caching (7-day TTL)	Global edge network
Apple App Store	App distribution (TestFlight)	United States

These services have their own privacy policies which we encourage you to review.

5. Cross-Border Data Disclosure

In accordance with APP 8, we disclose that your personal information may be processed outside Australia by the third-party services listed above. By using the App, you consent to this cross-border transfer. We take reasonable steps to ensure these services protect your information consistently with the APPs.

6. Data Retention

We retain your information for as long as it is necessary for the purposes described in this policy:

Patient lists: Retained for clinical record-keeping and continuity of care
Questionnaire responses: Retained for the duration of the clinical relationship
User accounts: Retained while the account is active
Cover requests: Retained for audit and operational purposes
Cached CSV data: Automatically deleted after 7 days

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access your personal information held by us
Request correction of inaccurate or incomplete information
Request deletion of your account and associated data
Lodge a complaint if you believe we have breached the APPs

To exercise these rights, use our data deletion request page, data correction request page, or contact us directly.

8. Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Significant changes will be communicated to users via the App.

10. Contact

If you have questions about this privacy policy or wish to make a complaint, contact:
Dr Clint Johnson
Email: drclintjohnson@gmail.com

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).