MindScribe – Privacy Policy (Australia)

Last updated: January 2026
Operator: Cygnet Clinic Trading As MindScribe (“MindScribe”, “we”, “us”, “our”).
Contact: support@mindscribe.au

1) Purpose of this Privacy Policy

This Privacy Policy explains how MindScribe collects, holds, uses, discloses, and secures personal information, including sensitive information such as health information. We aim to manage personal information in an open and transparent way consistent with the Australian Privacy Principles (APPs). 

MindScribe is a web application used by practitioners to assist with preparing psychological reports by generating draft text from information supplied by the user.

2) Key definitions

“Personal information” has the meaning given in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable. 

“Health information” is a type of sensitive information and is given extra protection under the Privacy Act. It includes information or an opinion about an individual’s health, illness, disability or injury, an individual’s expressed wishes about future health services, or a health service provided (or to be provided). 

“APP entity” has the meaning in the Privacy Act. Whether the Privacy Act applies to you as a practitioner may vary; however, private sector health service providers are generally covered even if they would otherwise be a “small business”. 

3) Who this policy applies to

This Privacy Policy applies to:
• Practitioner users and authorised staff who create accounts and use MindScribe; and
• Clients/patients (or other individuals) whose information may be entered into MindScribe by a practitioner user.

If you are a client/patient, MindScribe is usually used by your practitioner as part of their workflow. In many cases, the practitioner controls what is entered and how outputs are used. You may wish to contact your practitioner first about your clinical records and consent arrangements.

4) What information we collect

We may collect the following categories of information.

Account and contact information such as name, practice/business name, email address, phone number, role, and login credentials (stored in hashed form where applicable).

Billing information such as subscription plan, invoices, payment status, and transaction identifiers (note: payments may be processed by a third-party payment provider and we may not store full card details).

Usage and device information such as log data, IP address, device/browser type, timestamps, pages/actions taken in the app, and security/audit logs.

User Content which includes any information you input or upload to the Service (e.g., assessment notes, referral information, clinical history, collateral material, questionnaires, draft formulations). User Content may include health information and other sensitive information.

Support and communications such as emails, chat messages, and attachments you provide when contacting support.

5) How we collect information

We collect information:
• directly from you when you create an account, use the Service, upload or input content, or contact support;
• automatically when you use the Service (e.g., logs, cookies); and
• from third parties you use to integrate with MindScribe (if any), as authorised by you.

6) Why we collect, hold, use and disclose personal information

We use personal information to:
• provide, operate, and maintain the Service and generate outputs you request;
• verify accounts, manage authentication, and prevent misuse;
• process subscriptions and payments;
• provide support, respond to enquiries, and send service communications;
• maintain and improve the Service, including troubleshooting and quality assurance;
• comply with legal obligations and respond to lawful requests; and
• protect the rights, property, and safety of MindScribe, our users, and others.

Where we handle health information, we take additional care because it is sensitive information under Australian privacy law. 

7) AI processing and your responsibilities as a practitioner

MindScribe uses AI to generate draft text from User Content. You remain responsible for ensuring you have appropriate authority/consent to enter information into MindScribe and for reviewing outputs for accuracy and appropriateness before use.

Ahpra and National Boards have published guidance reminding practitioners that existing professional obligations continue to apply when using AI tools in practice. 

8) When we disclose personal information

We may disclose personal information to:
• your organisation/practice administrators (where relevant to your account);
• service providers who help us operate the Service (e.g., hosting, analytics, customer support, email delivery, security monitoring);
• payment processors to process transactions;
• professional advisers (lawyers, accountants, insurers) as needed; and
• government agencies, regulators, courts or law enforcement where required or authorised by law.

We do not sell personal information.

9) Overseas disclosures (cross-border)

Some of our service providers (including cloud hosting or AI infrastructure providers) may store or process data outside Australia.

When we disclose personal information overseas, we take reasonable steps to ensure the overseas recipient handles personal information in a manner consistent with the APPs, as required by APP 8 (cross-border disclosures), unless an exception applies. 


10) Do we use your data to train AI models?

Default position (recommended wording – confirm and edit to match reality): We use User Content to provide the Service to you (including generating outputs you request). We do not use User Content containing client/patient information to train or improve general-purpose AI models for other customers unless you (or your organisation) explicitly opt in or unless required/authorised by law.

If we introduce any opt-in training or evaluation program, we will describe it clearly and provide a choice.

11) Data quality

We take reasonable steps to ensure personal information we hold is accurate, up-to-date, complete, and relevant to its purpose. You can help by ensuring information you input is correct and by updating account details when they change.

12) Data security (APP 11)

We take reasonable steps to protect personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure, consistent with APP 11. 

Our safeguards may include access controls, authentication, logging, encryption in transit, secure hosting configurations, and staff/vendor confidentiality obligations. No method of transmission or storage is completely secure, and you use the Service at your own risk.

13) Data retention and deletion

We retain personal information only for as long as necessary to provide the Service, meet legal and regulatory obligations, resolve disputes, and enforce agreements. We take reasonable steps to destroy or de-identify personal information when it is no longer needed and we are permitted to do so, consistent with APP 11 guidance on retention. 


14) Cookies and analytics

We may use cookies and similar technologies to operate the Service, maintain sessions, improve performance, and understand usage trends. You can usually control cookies through your browser settings, but disabling cookies may affect functionality.



15) Access and correction

You may request access to, or correction of, personal information we hold about you, subject to legal exceptions. We will respond within a reasonable time.

If you are a client/patient whose information was entered by a practitioner user, requests may need to be directed to the practitioner controlling the record (and we may ask you to confirm authority/identity). Nothing in this Policy limits any access rights under applicable laws.

16) Complaints

If you have a privacy concern or complaint, contact us at privacy@mindscibe.au with details of the issue. We will acknowledge and investigate your complaint and aim to respond within 30 days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

17) Notifiable Data Breaches

Where the Notifiable Data Breaches (NDB) scheme applies, we will assess suspected eligible data breaches and notify affected individuals and the OAIC when required (including where a breach is likely to result in serious harm). 

18) Interaction with State/Territory privacy laws

The Privacy Act applies to private sector health service providers across Australia. In NSW, Victoria and the ACT, private sector health service providers may need to comply with both Commonwealth and state/territory health privacy laws when handling health information. 

19) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users (e.g., via email or in-app notice). The updated version will apply from the “Last updated” date.

20) Contact us

For privacy enquiries, requests, or complaints:
Privacy Officer
Email: privacy@mindscribe.au

MindScribe™

© COPYRIGHT 2026 MindScribe™

  • MindScribe
  • Australian Based 
  • Psychological Report Assistant
  • Secure report writer
  • Select Style of Report
  • Purpose Built for various settings



A personal assistant to help proof read and personalise your reports and your clincial note to suit your needs in the style you want