Effective Date: 19 February 2026
This Privacy Policy describes how Routiq PTY LTD (ABN: 77 686 999 306), trading as Routiq ("we," "our," or "us"), collects, uses, and discloses your information when you use our website (www.routiq.ai) and our AI-powered patient re-engagement platform (the "Service").
We are committed to protecting your privacy and handling personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our Service involves the processing of health information, we comply with the additional obligations that apply to health information under the Privacy Act.
By using our Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
We collect the following categories of information:
Account and contact information (name, email address, phone number, practice name, role)
Account credentials and authentication details
Payment and billing information (processed securely via third-party payment providers)
Communications and correspondence with us
When you connect your practice management system (e.g. Cliniko) to Routiq, we access and process patient data on your behalf as a data processor. This may include:
Patient names and contact details (phone number, email address)
Appointment history, treatment types, and practitioner information
Patient activity status (active, inactive, date of last visit)
Message delivery status and patient responses
You remain the data controller for all patient data. We process this data solely to provide the Service to you and in accordance with your instructions.
Usage data (pages visited, features used, time spent, clicks)
Device and browser information (IP address, browser type, operating system)
Cookies and similar tracking technologies (see Section 5)
We may receive information from integrated third-party services (such as Cliniko), analytics providers, and marketing platforms that you have authorised to share data with us.
We use your information for the following purposes:
Providing the Service, including patient identification, message generation, campaign delivery, and booking agent functionality
Processing transactions and managing your account
Communicating with you about your account, service updates, and support requests
Generating AI-personalised patient re-engagement messages using behavioural science principles
Analysing campaign performance and providing revenue attribution reporting
Improving and optimising the Service, including AI model performance
Preventing fraud, abuse, and ensuring the security of our systems
Complying with legal obligations, including the Australian Privacy Act 1988
Our Service uses artificial intelligence to generate personalised patient re-engagement messages, handle patient replies via our AI booking agent, and provide campaign analytics. Specifically:
Message generation: AI creates personalised SMS, WhatsApp, and email messages using patient data (name, treatment history, practitioner) and behavioural science frameworks. You review and approve campaigns before they are sent.
AI booking agent: Our AI responds to patient replies, handles common questions, and facilitates appointment booking. It does not provide medical advice or make clinical decisions.
Patient segmentation: AI identifies inactive patients and segments them by inactivity period, treatment type, and likelihood of re-engagement.
No fully automated decisions with legal or similarly significant effects are made about patients without human oversight. You retain full control over which patients are contacted, through which channels, and when.
We use cookies and similar technologies to operate our website, analyse usage patterns, and improve your experience. These include:
Essential cookies: Required for website functionality and security
Analytics cookies: Help us understand how visitors interact with our website
Marketing cookies: Used to deliver relevant advertisements and measure campaign effectiveness
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.
We may share your information with:
Service providers: Third parties who perform services on our behalf, including cloud hosting (AWS), messaging delivery (SMS/WhatsApp providers), payment processing, and analytics
Integration partners: Practice management systems (e.g. Cliniko) that you have authorised us to connect with
AI providers: We use third-party AI models to generate messages and power our booking agent. Patient data shared with these providers is governed by data processing agreements and is not used to train their models
Legal authorities: When required by law, regulation, or legal process
Business transfers: In connection with a merger, acquisition, or sale of assets
We do not sell your personal information or patient data to third parties.
Our Service processes health information as defined under the Australian Privacy Act 1988. We recognise the sensitive nature of this data and apply additional safeguards:
Health information is only collected and used with the consent of the practice (data controller) and for the purpose of providing re-engagement services
We do not use patient health information for marketing our own services, research, or any purpose other than delivering the Service
Access to health information is restricted to authorised personnel and systems on a need-to-know basis
All health information is encrypted at rest and in transit
We implement robust technical and organisational measures to protect personal information, including:
End-to-end encryption for data in transit and at rest
Multi-factor authentication for account access
Regular security assessments and monitoring
Role-based access controls limiting data access to authorised personnel
While we take all reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.
In the event of an eligible data breach involving personal information, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. This means we will:
Promptly assess suspected breaches to determine if they are likely to result in serious harm
Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required
Notify affected practice clients so they can take appropriate steps regarding their patients
Take all reasonable steps to contain and remediate the breach
Your information may be transferred to and processed in countries other than Australia. Our cloud infrastructure and some service providers operate internationally. Where we transfer personal information overseas, we take reasonable steps to ensure the overseas recipient handles the information in accordance with the APPs, including:
Entering into data processing agreements with appropriate privacy protections
Verifying that recipients are subject to comparable privacy laws or binding contractual obligations
We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specifically:
Account data: Retained for the duration of your account and for a reasonable period after closure for legal and audit purposes
Patient data: Retained only while your account is active and deleted or returned to you upon termination, in accordance with our data processing obligations
Campaign data: Campaign performance and analytics data is retained for 24 months after campaign completion
Under the Australian Privacy Act and applicable laws, you have the right to:
Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to our legal retention obligations
Objection: Object to the processing of your information for direct marketing purposes
Data portability: Request a copy of your data in a structured, machine-readable format
Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs
To exercise these rights, please contact us at privacy@routiq.ai. We will respond to your request within 30 days.
Our Service is designed for use by healthcare practices and is not directed to individuals under the age of 16. We do not knowingly collect personal information directly from children. If patient data processed through our Service includes information about minors, it is the responsibility of the practice (as data controller) to ensure appropriate consents are in place.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be indicated by an updated "Effective Date" at the top of this page. For material changes, we will notify you via email or through the Service. We encourage you to review this Privacy Policy periodically.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Routiq PTY LTD
Level 2/11 York St, Sydney NSW 2000, Australia
Email: privacy@routiq.ai
Phone: (+61) 468 021 490
ABN: 77 686 999 306