Care Copilot

Legal

Privacy Policy

Last updated: November 2025

1. Who this policy is for

This Privacy Policy explains how Care Copilot (operated by COR.AI) handles personal information when we provide risk and documentation checks over aged care case notes for Australian providers. It is written for our customer organisations (approved providers and their related entities), not for consumers receiving care.

Your organisation remains responsible for meeting its obligations under the Privacy Act 1988 (Cth) and any applicable state or territory health privacy laws. We act as a service provider, processing information on your instructions.

2. Summary of how Care Copilot works

Care Copilot ingests case notes exported from your client management system and applies finding rules and AI models to:

  • flag potential clinical deterioration and SIRS-type indicators
  • highlight safety and environment risks and service delivery gaps
  • check documentation completeness after events such as falls
  • surface repeated concerns at a client level for proactive review

The tool supports your quality, risk and governance work. It does not replace clinical judgement or your existing obligations under the strengthened Aged Care Quality Standards.

3. What personal information we handle

The specific information we process depends on how your organisation configures exports and uses the product, but typically includes:

3.1 Staff account information

  • name
  • work email address
  • organisation and role
  • authentication details managed via our identity provider

3.2 Case notes and related metadata

Case notes may contain personal and health information about consumers, family members, and staff, including:

  • free-text progress notes and incident notes
  • timestamps, client identifiers from your system and structured metadata such as location or service type
  • information about events (for example falls, deterioration episodes, medication issues or complaints)

3.3 Finding outputs

  • risk categories, severities and tags applied to notes
  • short snippets from notes to show why something was flagged
  • optional short rationales describing why an issue may be relevant

3.4 Technical and usage data

  • log data such as request timestamps and response codes
  • basic device and browser information
  • configuration settings (for example which rules are enabled and which uploads have been processed)

4. How we use personal information

We use information to:

  • provide the Care Copilot application and related support
  • run findings and completeness checks over uploaded case notes
  • present dashboards, summaries and exports to authorised staff in your organisation
  • monitor, troubleshoot and improve the safety, reliability and performance of the service

We do not sell personal information or use your case notes to train AI models.

5. Use of AI

Care Copilot uses large language models (LLMs) to analyse case notes and suggest risks and documentation gaps.

  • prompts and responses are used only to deliver findings and improve our service for you – they are not used to train public foundation models

Despite these controls, case notes may still contain sensitive health information. We therefore treat all note content and finding outputs as highly confidential.

6. Where data is stored and processed

Our primary infrastructure for Australian customers is hosted in Australia using reputable cloud providers. This includes our application backend, database and AI services.

If we ever need to process data outside Australia (for example for a specific customer deployment), we will agree this with you in advance and ensure appropriate contractual and security safeguards are in place.

7. Security

We apply a privacy-by-design and security-by-design approach, including:

  • encryption in transit and at rest for case notes and findings
  • role-based access controls so that only authorised staff at your organisation can view findings
  • strict separation of environments (for example development and production)
  • logging and monitoring focused on system performance rather than consumer identities

We do not log the full text of case notes into application logs. Note content is only surfaced where required to deliver findings and exports to authorised users.

8. Retention

We retain data for as long as needed to provide the service to your organisation or as required by law. At the end of a contract, we can delete or return data to you in line with our agreement. You may also request deletion of specific uploads or findings where this is compatible with your own legal obligations.

9. Your responsibilities as an aged care provider

You are responsible for:

  • ensuring you have a lawful basis to collect and disclose case notes and related information to us
  • informing consumers and staff, where appropriate, that case notes may be analysed by third-party tools to support quality and safety
  • configuring exports so that only the minimum necessary information is shared with Care Copilot
  • reviewing findings and taking any clinical or operational decisions based on your own professional judgement

10. Access, correction and complaints

Because we operate as a service provider to aged care organisations, we generally direct consumer access or correction requests back to the relevant provider. If we receive a request directly, we will work with your organisation to respond in line with the Australian Privacy Principles.

11. How to contact us

If you have questions about this policy or how Care Copilot handles personal information, please contact us at:

Email: hello@carecopilot.com.au

You can also use the contact form on our Contact page.