Skip to main content

Privacy Policy

Last updated: 12 May 2026

1. Introduction

Regeniq Pty Ltd (ACN 694 432 865) (Regeniq, we, us, our) is an Australian company based in Brisbane, Queensland. We operate the website at regeniq.au and a telehealth platform that facilitates consultations between patients and Australian-registered health practitioners.

Regeniq is committed to protecting your personal information. We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, hold, and disclose personal information, and how you can exercise your rights in relation to that information.

By providing personal information to us, you consent to our collection, use, and disclosure of that information in accordance with this Privacy Policy. Consent in relation to Sensitive Health Information is addressed separately in the relevant clauses below.

This Privacy Policy should be read together with our Terms and Conditions, Refund Policy, and Fulfilment and Delivery Policy.

2. Definitions

In this Privacy Policy:

  1. Personal Information has the meaning given in section 6 of the Privacy Act. It means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information is true and whether or not it is recorded in a material form. Examples include your name, age, gender, and contact details.
  2. Sensitive Health Information means sensitive information and health information as defined in the Privacy Act. Examples include your medical history, height, weight, current medications, allergies, Medicare number, Individual Healthcare Identifier (IHI), and information about your sexual orientation or activity where clinically relevant.
  3. Spam Act means the Spam Act 2003 (Cth).
  4. APP means an Australian Privacy Principle under the Privacy Act.
  5. Partner Practitioners means Australian-registered health practitioners who provide consultations through the platform. See the Terms and Conditions for further detail.
  6. Partner Pharmacies means the pharmacies that dispense medications prescribed through the platform, including Formulae and Infinity Wellness Group, and other pharmacies engaged from time to time. See the Terms and Conditions for further detail.
  7. Services means the telehealth platform, the website, the patient portal, and any related products or services we provide.

3. How we collect your personal information

We collect personal information in the following ways:

  1. Directly from you when you create an account, complete intake forms, attend a consultation, communicate with us through the patient portal, or otherwise use the Services.
  2. Through the Halaxy iframe embedded on regeniq.au when you book a consultation or complete Halaxy-hosted intake. See section 13 for how this dual collection works.
  3. Through cookies and tracking technologies when you visit the website. See section 10.
  4. From Partner Practitioners and Partner Pharmacies during the course of providing your care, including clinical notes, prescriptions, dispensing records, and dispatch information.
  5. From third parties where you have authorised disclosure, such as your general practitioner, a pathology provider, or another health service.
  6. From government health systems where you have consented, including My Health Record and any Active Script List (ASL).
  7. When you contact us by email, phone, or in-platform messaging, including for support, complaints, or general enquiries.

4. What personal information we collect

The personal information we collect depends on how you interact with us. It may include:

  1. Identification information: your name, date of birth, gender, postal address, email address, and phone number.
  2. Account information: your username, password (stored in hashed form), and information about your use of the patient portal.
  3. Sensitive Health Information (collected with your consent): your medical history, current medications, allergies, symptoms, height, weight, blood test and pathology results, photographs of medical conditions where you provide them, and information about your sexual orientation or activity where relevant to clinical assessment.
  4. Medicare and health identifiers: your Medicare number, Individual Healthcare Identifier (IHI), and private health insurance details where you provide them.
  5. Payment information: your billing address and payment card details. Card details are collected and processed by Stripe. Regeniq does not store full card numbers.
  6. Technical information: device-related information (such as your device ID or serial number), IP address, browser type, operating system, statistics on page views, traffic, and standard web log information.

If you do not provide the personal information we reasonably request, we may not be able to provide the Services to you.

5. Why we collect, use, and disclose personal information

We collect, use, and disclose personal information for the following purposes:

  1. To facilitate consultations between you and Partner Practitioners.
  2. To facilitate the dispensing of prescriptions by Partner Pharmacies and the delivery of medication to you. Where you authorise us, we act as your agent in relation to payments to Partner Pharmacies for medication.
  3. To operate, secure, maintain, and improve the platform and the Services, including troubleshooting, fraud prevention, and analytics.
  4. To send you transactional and treatment-related communications, including booking confirmations, dispatch notifications, billing receipts, refill reminders, consultation prompts, and pathology follow-ups. See section 14.
  5. To create and maintain clinical and administrative records.
  6. To comply with our legal and regulatory obligations, including under the Privacy Act, the Health Practitioner Regulation National Law, AHPRA requirements, TGA requirements, Medicare regulations, the Healthcare Identifiers Act 2010 (Cth), and taxation laws.
  7. To resolve complaints and disputes.
  8. To detect, prevent, and respond to fraud, misuse, or unauthorised access.

6. To whom we disclose your personal information

We may disclose your personal information to:

  1. Partner Practitioners who provide consultations through the platform.
  2. Partner Pharmacies who dispense medications, including Formulae, Infinity Wellness Group, and other pharmacies engaged from time to time.
  3. Couriers appointed by a Partner Pharmacy to deliver medication to you.
  4. Pathology providers to whom you have been referred for blood tests, bulk-billed where eligible.
  5. Halaxy Pty Ltd, our practice management software provider, which collects personal information independently as a separate data controller through its embedded iframe. See section 13.
  6. Service providers, including:
    1. Stripe, our payment processor, based in the United States.
    2. Supabase, our database provider. Primary patient data is hosted in Australia (Sydney region).
    3. Vercel, our hosting and edge network provider.
    4. Our email service provider, for transactional and reminder communications.
  7. Analytics and marketing tracking providers, as described in section 10.
  8. Government agencies where required, authorised, or permitted by law, including Medicare, AHPRA, the TGA, the Office of the Health Ombudsman, the Office of the Australian Information Commissioner (OAIC), law enforcement agencies, and courts and tribunals.
  9. Professional advisers and insurers in confidence, including our lawyers, accountants, and auditors.
  10. A prospective purchaser of Regeniq or any part of its business, subject to appropriate confidentiality undertakings.

Should a Partner Practitioner form a professional view that a patient is at imminent risk of harm to themselves or others, the Partner Practitioner may, in line with their professional and ethical obligations, contact emergency services or request a welfare check, and may disclose relevant personal information to those services.

7. Prescriptions, tokens, and the Active Script List

Where a Partner Practitioner issues an electronic prescription (e-script), it is generated as a token, typically a barcode or QR code. The following applies:

  1. Regeniq's default operational model is that the e-script token is transmitted directly to a Partner Pharmacy on the patient's behalf for dispensing, rather than sent to the patient.
  2. Where you prefer, the token can be sent to you so that you can forward it to a pharmacy of your choice.
  3. Where Regeniq holds tokens on your behalf, we continue to do so until the prescription (including any repeats) has been dispensed in full, or until you withdraw your consent for us to hold the tokens.
  4. An Active Script List (ASL) is a central repository of a patient's e-script tokens, accessible to pharmacies you authorise. Where you have an ASL, your tokens may be added to the ASL unless you ask the Partner Practitioner not to do so. Any pharmacy dispensing your prescription will need to access your ASL.
  5. Tokens and dispensing information may also interact with My Health Record. See section 12.

8. Sensitive Health Information

We collect Sensitive Health Information only with your consent and in accordance with the Privacy Act and any applicable state or territory health records legislation.

  1. Consent is obtained at registration and through intake forms, consultation flows, and consent-to-treatment checkpoints within the Services.
  2. You may withdraw your consent for future collection of Sensitive Health Information at any time by emailing privacy@regeniq.au. If you do, we may not be able to continue providing the Services to you.
  3. Sensitive Health Information is treated with the highest level of protection in our systems and is only accessible to those who require access for clinical, operational, or legal purposes.

9. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include:

  1. Primary patient data hosted in Australia by Supabase in the Sydney region.
  2. Transport encryption (TLS) on all connections between your browser or device and our systems.
  3. Encryption at rest for sensitive data stored in our database.
  4. Role-based access controls and row-level security in our database.
  5. Multi-factor authentication for staff and practitioner accounts where applicable.
  6. Regular security review of our vendors and sub-processors.
  7. Staff training on privacy and information security.

No system is completely secure, and we cannot guarantee absolute security. You should keep your account credentials confidential and contact us immediately if you suspect unauthorised access to your account.

Regeniq complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act and is committed to notifying the OAIC and affected individuals where the scheme is triggered. See section 21.

10. Cookies, tracking technologies, and analytics

We use the following analytics and tracking tools on the website:

  1. Meta Pixel and Conversions API (CAPI): a browser-side pixel and a server-side API operated by Meta Platforms, Inc. Data is shared with Meta for advertising attribution and audience building. Hashed personal information may be transmitted to Meta for matching purposes.
  2. Google Analytics 4 (GA4): pseudonymous usage data is shared with Google LLC for analytics. This may include your IP address (truncated where supported), device information, and pageview events.
  3. Google Tag Manager (GTM): a tag orchestration layer operated by Google LLC. GTM itself does not collect personal information, but the tags it deploys (including those listed above) may.
  4. PostHog: a product analytics tool. PostHog may capture session-level interaction data. Session recording is configured to mask sensitive fields, including intake forms, identifiers, and payment fields. Recordings of sensitive flows are disabled.

Cookies are small text files placed on your device when you visit the website. We use cookies as follows:

  1. Essential cookies (authentication, security, and session cookies) are necessary for the Services to function and do not require separate consent.
  2. Analytics and marketing cookies are used as described above. You may disable cookies through your browser settings, although some parts of the website may not function correctly if you do.
  3. The Services are designed for Australian users. By using the Services, you are on notice that the cookies and tracking technologies described in this section are deployed.

11. Cross-border disclosure (APP 8)

Our primary clinical and account data is held in Australia (Supabase, Sydney region). Our policy is to keep primary patient data onshore. However, some service providers and analytics tools listed in this Privacy Policy are based overseas, including:

  1. Stripe (United States), for payment processing.
  2. Meta Platforms, Inc. (United States), for advertising analytics and attribution.
  3. Google LLC (United States), for analytics and tag orchestration.
  4. PostHog, for product analytics. The data centre region depends on configuration, and we select an Australian or European Union data centre where available.
  5. Our email service provider, hosting edge nodes, and similar providers may also process data overseas.

By using the Services, you consent to the disclosure of relevant personal information to these overseas recipients in accordance with this Privacy Policy. We take reasonable steps to ensure that overseas recipients are bound by contractual protections substantially similar to the APPs. You acknowledge that you may not be able to seek redress under the Privacy Act from those overseas recipients directly.

12. My Health Record and government health systems

  1. In line with Australian Government policy, Partner Practitioners and Partner Pharmacies may upload information about your care to My Health Record, unless you have opted out.
  2. You can manage or cancel your My Health Record at digitalhealth.gov.au.
  3. Regeniq does not control My Health Record. Information uploaded to My Health Record is governed by the My Health Records Act 2012 (Cth) and the Healthcare Identifiers Act 2010 (Cth).
  4. Where Medicare benefits are claimed on your behalf (for example, for bulk-billed pathology), relevant information is shared with Medicare in accordance with the Human Services (Medicare) Act 1973 (Cth) and the National Health Act 1953 (Cth).

13. Halaxy iframe and dual collection

  1. Bookings on regeniq.au are facilitated through an embedded iframe provided by Halaxy Pty Ltd, our practice management software provider.
  2. When you interact with the Halaxy iframe, including when booking a consultation or completing intake forms hosted by Halaxy, Halaxy collects your personal information independently as a separate data controller.
  3. Halaxy's collection, use, and disclosure of your personal information is governed by Halaxy's own privacy policy, available at halaxy.com/privacy. You should review Halaxy's policy in addition to this one.
  4. Regeniq receives a subset of the information collected by Halaxy that is necessary for clinical and operational purposes, including appointment details, clinical notes, and patient contact information.
  5. Where there is an overlap between Halaxy's clinical record system and Regeniq's platform records, both Regeniq and Halaxy hold copies of clinical records as required by AHPRA and applicable law, and as necessary for continuity of care.
  6. Regeniq does not control Halaxy's privacy practices. If you have concerns about Halaxy's handling of your information, you should contact Halaxy directly through the channels in Halaxy's privacy policy.

14. Direct marketing

  1. Regeniq sends treatment-related reminders, including refill reminders, consultation prompts, and pathology follow-ups. These reminders are direct marketing under the Privacy Act and the Spam Act.
  2. You may opt out at any time by:
    1. using the unsubscribe link in any reminder email;
    2. replying STOP to an SMS reminder; or
    3. emailing privacy@regeniq.au.
  3. Opting out of treatment reminders does not affect your receipt of transactional communications, including booking confirmations, dispatch notifications, and billing receipts, which are necessary for the Services.
  4. Regeniq does not currently send general newsletters, advertising emails, or third-party marketing.
  5. Regeniq does not sell, rent, or trade personal information with third parties for their independent marketing purposes.

15. AI features

  1. The platform may, from time to time, offer features powered by artificial intelligence or machine learning, including educational summaries, intake prompts, and platform assistance.
  2. AI providers contracted by Regeniq may have limited access to a subset of data necessary to deliver the relevant feature, subject to contractual protections.
  3. Regeniq prohibits AI providers from using patient data to train, fine-tune, or otherwise improve models that are not used to deliver services back to Regeniq, except where you give explicit, separate consent.
  4. AI features do not constitute medical advice. See the Terms and Conditions for the operational disclosure.
  5. Patient data shared with AI providers may include de-identified information. Where personal information is involved, you will be informed at the point of use.

16. Retention

  1. Clinical records are retained for at least 7 years from the date of last clinical contact for adult patients.
  2. For patients who were under 18 at the time of last clinical contact, records are retained until the patient reaches 25 years of age, or for 7 years from the date of last clinical contact, whichever is longer.
  3. Records may be retained for longer where required by law (for example, taxation or insurance regulations) or where there is an ongoing legal, regulatory, or insurance matter.
  4. Once retention is no longer required, personal information is destroyed or de-identified.
  5. Account data not subject to specific retention requirements is deleted within a reasonable period after account closure, except where it has been incorporated into clinical records.

17. Recordings

Consultations and telephone calls are not recorded by default. If a recording is ever required, for example for quality assurance or training purposes, you will be told in advance and may decline.

18. Access and correction

  1. You may request access to the personal information we hold about you by emailing privacy@regeniq.au.
  2. We will respond within a reasonable period. We may need to verify your identity before providing access.
  3. In limited circumstances, we may refuse access, for example where access would unreasonably impact the privacy of others, where the request is frivolous or vexatious, or where required or authorised by law. If we refuse, we will provide written reasons.
  4. You may request correction of personal information you believe is inaccurate, incomplete, or out of date. We will take reasonable steps to correct it.
  5. There is no fee for routine access or correction requests.

19. Children

The Services are intended for individuals aged 18 years and over, as set out in the Terms and Conditions. Regeniq does not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a minor outside the Services' eligibility framework, we will take reasonable steps to delete that information.

20. De-identified data

Regeniq may use de-identified data (data from which a patient cannot reasonably be re-identified) for research, analytics, quality assurance, and service improvement. De-identified data is not personal information under the Privacy Act.

21. Notifiable data breaches

Regeniq complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. Where there is a data breach likely to result in serious harm to one or more individuals, we will notify affected individuals and the OAIC as required by the scheme.

22. Complaints

  1. If you believe Regeniq has breached the Privacy Act or the APPs, or if you wish to make a privacy complaint, please contact the Regeniq Privacy Officer at privacy@regeniq.au.
  2. Please include your name, contact details, and a clear description of your complaint.
  3. We will acknowledge your complaint and respond within a reasonable period.
  4. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
  5. For health service complaints (as distinct from privacy complaints), please see the Terms and Conditions.

23. Changes to this policy

We may amend this Privacy Policy from time to time. Changes take effect from the date they are published on the website. Where a change is material, we will give reasonable notice, for example by email or in-platform notice. Continued use of the Services after the effective date constitutes acceptance of the changes.

24. Contact

For all privacy queries, please contact:

Privacy Officer Regeniq Pty Ltd (ACN 694 432 865) Brisbane, Queensland, Australia Email: privacy@regeniq.au Website: regeniq.au

See also our Terms and Conditions, Refund Policy, and Fulfilment and Delivery Policy.