← Back to Home

Privacy Policy

Last updated: April 2026

The Compliance Scalpel ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

We are an Australian business and comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). By using the Service, you consent to the collection and use of your information as described in this Policy.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using the Service, including:

  • Account Information: Name, email address, practice name, profession, contact details, and billing information when you create an account or subscribe.
  • Content Submissions: Draft communications, marketing materials, patient letters, social media posts, and other content you submit for compliance review.
  • Communications: Messages, feedback, and correspondence you send to us.
  • Help Desk Interactions: Questions submitted through the Regulatory Guidance and Platform Support features, including the content of your enquiries and the email address to which responses are delivered.
  • Survey Responses: Information provided through the Exposure Calculator or other assessments.

1.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

  • Device Information: Browser type, operating system, device identifiers.
  • Usage Data: Pages viewed, features used, time spent on the Service, referring URLs.
  • Log Data: IP address, access times, and system activity.
  • Cookies and Similar Technologies: See Section 9 for details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Process your content submissions, generate compliance analyses, and deliver Due Diligence Certificates.
  • Account Management: Create and manage your account, process payments, and communicate with you about your subscription.
  • Improve the Service: Analyse usage patterns to enhance functionality, develop new features, and improve user experience.
  • Customer Support: Respond to your enquiries, provide technical assistance, and resolve issues.
  • Security: Detect, prevent, and address fraud, unauthorised access, and other harmful activities.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.
  • Marketing: Send you information about the Service, updates, and promotional materials (with your consent where required).

3. Content You Submit

Your content remains yours. When you submit content for compliance review, we process it solely to provide the Service. We do not:

  • Sell your content to third parties
  • Use your content for advertising purposes
  • Share your content with other users
  • Use your content to train AI models for other purposes without your explicit consent

We may retain your submitted content and analysis results to provide you with historical records, generate Due Diligence Certificates, and improve our compliance algorithms. You may request deletion of your content at any time (see Section 11).

4. Artificial Intelligence and Automated Processing

The Service uses artificial intelligence (AI) systems, including third-party large language models (LLMs), to process your information and deliver its core features. This includes, but is not limited to:

  • Compliance Audits: Content you submit for review is sent to our AI systems for analysis against AHPRA and TGA advertising guidelines. The AI generates compliance reports and suggested alternatives based on this analysis.
  • Regulatory Guidance: Questions you ask through the "Not sure about the rules?" feature are processed by AI to generate educational responses about advertising regulations, which are then delivered to your email address.
  • Platform Support: Questions submitted through the "Need Help?" feature are processed by AI to generate responses about platform usage, which are then delivered to your email address.

All responses generated by the Service — including compliance analyses, suggested alternatives, regulatory guidance, and support answers — are produced by AI, not by human reviewers. While our AI systems have been developed with extensive reference to relevant Australian regulations, AI-generated outputs should be independently verified before reliance.

When your information is processed by AI, it may be transmitted to third-party AI service providers who operate the underlying language models. These providers are contractually bound to process your data solely for the purpose of generating responses for the Service and are prohibited from using your data for their own model training or any other purpose. We select AI providers who maintain appropriate data security and privacy standards.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us in operating the Service (e.g., hosting providers, payment processors, analytics services, and AI/language model providers). These providers are contractually obligated to protect your information and use it only for the services they provide to us. For further details on how your data is processed by AI providers, see Section 4.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With Your Consent: When you have given us explicit permission to share your information for a specific purpose.

6. Data Security

We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls limiting who can view your data
  • Secure data storage infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

7. Data Breach Notification

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach — that is, a breach that is likely to result in serious harm to any individual whose personal information is involved — we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable after becoming aware of the eligible breach, as required by the Privacy Act.
  • Notify affected individuals directly (where practicable) with a description of the breach, the kinds of information involved, and recommendations about the steps those individuals should take in response.
  • Take reasonable steps to contain the breach, mitigate any resulting harm, and prevent future occurrences.

Where we have reasonable grounds to suspect an eligible data breach may have occurred, we will promptly undertake an assessment to determine whether notification obligations have been triggered and will complete that assessment within 30 days, as required by law.

If you believe your personal information held by us has been compromised, please contact us immediately at [email protected] so that we can investigate and take appropriate action.

8. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (e.g., tax and accounting requirements)
  • Resolve disputes and enforce our agreements
  • Maintain Due Diligence Certificate records for your reference

When you close your account or request deletion, we will delete or anonymise your personal information within a reasonable timeframe, unless retention is required by law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of the Service. Cookies are small data files stored on your device.

Types of Cookies We Use:

  • Essential Cookies: Required for the Service to function properly (e.g., authentication, security).
  • Analytics Cookies: Help us understand how users interact with the Service to improve functionality.
  • Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than Australia, including countries where our service providers are located. These countries may have different data protection laws than Australia.

When we transfer your information internationally, we take appropriate steps to ensure it is protected in accordance with this Privacy Policy and applicable law, including using contractual safeguards with our service providers.

11. Your Rights

Under Australian privacy law and depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Objection: Object to certain processing of your information.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
  • Opt-Out: Unsubscribe from marketing communications at any time.

To exercise these rights, please contact us using the details in Section 15. We will respond to your request within a reasonable timeframe.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete it.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service with at least 30 days' notice. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

The Compliance Scalpel

Email: [email protected]

If you are not satisfied with our response to your privacy concern, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

By using The Compliance Scalpel, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

© 2026 The Compliance Scalpel. All rights reserved.

Questions?