Patient Insights
Generates Goals
Assessment Interpretation
Diagnostic Suggestions
Patient Insights
PRIVACY POLICY
Version 2.1 – Effective May 2026
This Privacy Policy applies to all personal informationcollected by Uplift AI Group Pty Ltd t/a Ecko Health (we, us or our) via thewebsite and app located at www.eckohealth.ai and app.eckohealth.ai (Platform).
1. What information do we collect?
The kind of Personal Information that we collect from you willdepend on how you use the platform. The Personal Information which we collectand hold about you may include:
(a) Identificationdetails such as name, date of birth, gender, and professional registrationnumber (for clinicians).
(b) Contactinformation including email address, phone number, clinic or business name, andpostal or billing address.
(c) Professionalinformation such as occupation, qualifications, clinic details, andregistration with relevant professional bodies (e.g. AHPRA).
(d) Accountdetails such as login credentials, usage preferences, and communicationsettings.
(e) Patient-relatedinformation entered by clinicians into the platform (e.g. case notes, treatmentplans, assessment data), which may include sensitive health information whereapplicable.
(f) Technicaland usage data such as IP address, device type, browser, operating system,session activity, and analytics to help us understand platform use and improveperformance.
(g) Paymentand billing information when applicable for paid subscriptions, invoices, ortransactions.
(h) Telehealthand call data (e.g. audio, video, or transcript content) only to the extentrequired to provide, analyse, or improve our AI-assisted features — all inaccordance with applicable privacy and health data laws.
(i) Feedbackand support communications submitted through forms, emails, or chat with ourteam.
Ecko Health does not collect personal information that isunnecessary to the delivery of our services, and all health or sensitive datais handled in accordance with the Privacy Act 1988 (Cth), the AustralianPrivacy Principles (APPs), and AHPRA and health record regulations.
2. Types of information
The Privacy Act 1988 (Cth) (Privacy Act) defines types ofinformation, including Personal Information and Sensitive Information.
Personal Information means information or an opinionabout an identified individual or an individual who is reasonably identifiable:
(a) whetherthe information or opinion is true or not; and
(b) whetherthe information or opinion is recorded in a material form or not.
If the information does not disclose your identity or enableyour identity to be ascertained, it will in most cases not be classified as“Personal Information” and will not be subject to this privacy policy.
Sensitive Information is defined in the Privacy Act asincluding information or opinion about an individual’s racial or ethnic origin,political opinions, membership of a political association, religious orphilosophical beliefs, membership of a trade union or other professional body,criminal record, or health information. Mental health information, includinginformation about therapy engagement, psychological assessments, sessioncontent, and general wellbeing, constitutes Sensitive Information under thePrivacy Act.
Because Ecko Health is a mental health platform, thecollection of Sensitive Information — including health and mental health data —is an inherent and necessary part of delivering our services. We collect thisinformation only where it is necessary to provide the Platform’s features andservices, and we handle it with the highest standard of care and protection.Sensitive Information will be used by us only:
(a) for theprimary purpose for which it was obtained;
(b) for asecondary purpose that is directly related to the primary purpose; and
(c) with yourconsent or where required or authorised by law.
3. How we collect your Personal Information
(a) We maycollect Personal Information from you whenever you input such information intothe Platform, related app or provide it to us in any other way.
(b) We mayalso collect cookies from your computer which enable us to tell when you usethe Platform and to help customise your Platform experience. As a general rule,however, it is not possible to identify you personally from our use of cookies.
(c) Where ourPlatform is used to deliver mental health services, we will collect SensitiveInformation — including health information — as part of the ordinary operationof those services. This collection occurs with appropriate consent and incompliance with the Privacy Act 1988 (Cth) and applicable health recordlegislation. Where Sensitive Information is collected about you, we will onlyuse it as set out in Section 2 of this Policy.
(d) Wherereasonable and practicable we collect your Personal Information from you only.However, sometimes we may be given information from a third party; in caseslike this we will take steps to make you aware of the information that wasprovided by a third party.
4. Purpose of collection
(a) Wecollect Personal Information to provide you with the best service experiencepossible on the Platform and keep in touch with you about developments in ourbusiness.
(b) Wecustomarily only disclose Personal Information to our service providers whoassist us in operating the Platform. Your Personal Information may also beexposed from time to time to maintenance and support personnel acting in thenormal course of their duties.
(c) By usingour Platform, you consent to the receipt of direct marketing material. We willonly use your Personal Information for this purpose if we have collected suchinformation direct from you, and if it is material of a type which you wouldreasonably expect to receive from us. We do not use Sensitive Information indirect marketing activity. Our direct marketing material will include a simplemeans by which you can request not to receive further communications of thisnature, such as an unsubscribe link.
(d) You canmanage your marketing preferences by contacting our Privacy Officer. We willprocess opt-out requests within 14 business days and maintain records of yourpreferences. If you choose to opt-out, we will retain minimal PersonalInformation necessary to ensure compliance with your request.
5. Legal basis for processing
We collect and process Personal Information on the followinglegal bases:
(a) Consent –where you have given consent for us or your clinician to use the data fordefined purposes such as account creation, notifications, phone calls ortelehealth.
(b) Contractualnecessity – where data is required to provide you with the Platform’s servicesunder your user agreement or your clinic’s subscription.
(c) Legalobligation – where retention or disclosure is required under health-record ortaxation law.
(d) Legitimateinterests – to maintain platform security, improve clinical tools, and supportlawful analytics in a way that does not override your privacy rights.
6. Security, Access and Correction
(a) We storePersonal Information in a manner that reasonably protects it from unauthorisedaccess, misuse, modification, or disclosure. Ecko Health uses encryptedstorage, strict access controls, secure Australian data centres, and continuousmonitoring to safeguard information at every stage.
(b) BecauseEcko Health acts as a software provider and data processor, the clinician orclinic using our platform remains responsible for the lawful retention of allclient health records in accordance with their professional and legislativeobligations (for example, seven years after last client contact, or until aminor reaches 25).
(c) ThePlatform may be used in the care of clients under 18 years of age. In suchcases, clinicians are responsible for obtaining valid parental or guardianconsent before entering, storing, or transmitting any information about aminor. We do not knowingly permit children to create personal accountsdirectly.
(d) EckoHealth retains personal and account-related information only for as long asrequired to provide our services, comply with legal obligations, or resolvedisputes.
(i) Clinicianaccount and operational data are ordinarily retained for up to seven (7) yearsafter account closure.
(ii) Client data isretained only while the clinician’s account remains active, unless earlierdeletion is requested or required by law.
(iii) De-identifieddata used for analytics or product improvement may be retained indefinitely, asit cannot identify any individual.
(e) Whenpersonal information is no longer required, it is securely destroyed,anonymised, or de-identified using industry-standard erasure methods andautomated purge protocols.
(f) Inaccordance with the Australian Privacy Principles, you may request access to,or correction of, your Personal Information by contacting us in writing usingthe details provided at the end of this Privacy Policy.
(g) When aclinician account or subscription ends, all associated client data will bearchived for a limited technical retention period before permanent deletion.During this period the data remains inaccessible to users. Deletion iscompleted using industry-standard digital-shredding methods within 90 days ofaccount closure unless the clinician requests earlier removal or is legallyrequired to retain copies.
7. Third Party Services
Our Platform integrates with selected third-party services(for example, telehealth video providers, cloud hosting, analytics, and paymentgateways). These partners may process limited Personal Information solely forthe purpose of delivering those services. We require each provider to maintaincompliance with the Privacy Act 1988 (Cth) and relevant health-dataobligations. We do not authorise these providers to use your data for their ownmarketing or unrelated activities.
8. Subscription Information
When you subscribe to EckoLife, we collect and process thefollowing subscription-related information.
Information collected:
• Subscription status (active, expired, cancelled, or in billing retry)
• Subscription start date, renewal dates, and expiration date
• Subscription plan type and pricing tier
• Transaction identifiers provided by Apple App Store or Google Play
• Payment status and billing history
We do not collect or store credit card numbers, bank details,or other payment instruments. All payment processing is handled directly byApple, Google, or our subscription management provider.
How we use this information:
• To provide and maintain your EckoLife subscription access
• To manage your account entitlements and feature access
• To communicate with you about your subscription status
• To provide customer support related to your subscription
• To analyse aggregate subscription trends to improve our services
Third-party subscription processors:
We use the following third-party processors to managesubscription and payment functions. Each of these providers operates in theUnited States. By subscribing to EckoLife, you acknowledge that yoursubscription-related data will be disclosed to these overseas recipients, whomay not be subject to the Australian Privacy Principles (APP 8.1 disclosure):
• Apple Inc. (App Store) — processes payments for iOS users
• Google LLC (Google Play) — processes payments for Android users
• RevenueCat Inc. — subscription management infrastructure. RevenueCatprocesses subscription data solely for the purpose of managing yoursubscription entitlements. We have contracted RevenueCat to restrict use of yourdata to subscription management only, and prohibit use for any other purposeincluding their own marketing.
Data retention:
Subscription transaction records are retained for the durationof your account plus any period required by applicable financial reporting laws(minimum 7 years under Australian law).
For any privacy queries relating to your subscription data,please contact our Privacy Officer using the details at the end of this policy.You also have the right to lodge a complaint with the Office of the AustralianInformation Commissioner (OAIC) at www.oaic.gov.au.
9. Data Breach Notification
In the unlikely event of a data breach involving PersonalInformation, we will act in accordance with the Notifiable Data Breaches (NDB)Scheme under the Privacy Act 1988 (Cth). This includes promptly assessing thebreach, notifying affected parties and the Office of the Australian InformationCommissioner (OAIC) where required, and taking all reasonable steps to preventrecurrence.
10. Complaint Procedure
If you have a complaint concerning the manner in which wemaintain the privacy of your Personal Information, please contact us at thedetails set out at the bottom of this policy. All complaints will be consideredby Ecko Health’s Privacy Officer and we may seek further information from youto clarify your concerns. If we agree that your complaint is well founded, wewill, in consultation with you, take appropriate steps to rectify the problem.If you remain dissatisfied with the outcome, you may refer the matter to theOffice of the Australian Information Commissioner at www.oaic.gov.au.
11. How to Contact Us About Privacy
If you have any queries, seek access to your PersonalInformation, or have a complaint about our privacy practices, please contactour Privacy Officer:
Email: support@eckohealth.ai
Website: www.eckohealth.ai