Privacy Policy – Consult Buddy

Effective Date: 1 February 2026
Last Updated: 15 April 2026
Operated by JAMOZ Pty Ltd

Consult Buddy is owned and operated by JAMOZ Pty Ltd
ACN: 128674733
ABN: 84919619759
Registered Address: 200 Kambrook Road, Caulfield VIC 3162, Australia
Director: A/Prof. Jonathan Levy MBBS, BSc, FRACGP, FARGP
Email: support@consultbuddy.app

---

Overarching Statement of Intention

Consult Buddy’s central aim is to help the user maximise interactions with their doctor.

Personal data is collected solely for this purpose.

All medical data is securely stored, encrypted, and accessible only by its owner, the app user.

---

1. Introduction

Consult Buddy (“we”, “us”, “our”) is a mobile application owned and operated by JAMOZ Pty Ltd (ACN 128674733), a registered Australian company.

The official website for the application is:
https://consultbuddy.app, which is owned and operated by JAMOZ Pty Ltd.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal, health, and device-related information when you use the Consult Buddy application (“App”).

We are committed to current and ongoing compliance with all applicable privacy laws, including:

• US (health data): Health Insurance Portability and Accountability Act, 1996 (HIPAA)
• Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• EU/EEA: General Data Protection Regulation (EU Regulation 2016/679) (GDPR)
• California, USA: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Other regions: Local privacy and data protection laws where our users reside

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, you must not use the App.

---

2. Information We Collect

a. Profile and Authentication Data

• Full name
• Email address
• Date of birth
• Gender
• Profile photo (optional)
• Username and password (stored securely via authentication server)

b. Medical and Health Data

Stored securely on Amazon Web Services (AWS) servers in encrypted form, including but not limited to:

• Vital signs (e.g. height, weight, BMI)
• Current treatments and medications
• Past illnesses and surgical history
• Family and social history (e.g. smoking, alcohol, sexual activity, drug use)
• Travel history
• User-entered symptoms and consultation queries
• AI-generated follow-up questions and reports

By entering health data into the App, you consent to the collection of sensitive health information in accordance with Australian Privacy Principle 3.3.

AWS is widely used by medical platforms globally. Its security terms can be found here:
https://aws.amazon.com/service-terms/

c. AI Processing Data

Queries you enter (“Prompts”) are transmitted securely to Anthropic’s Claude models for response generation.

• Prompts are retained by Anthropic for up to 30 days to audit model safety, then deleted.
• If you allow Anthropic to use your data to improve Claude, your data may be retained in a de-identified format for up to 5 years in their model training pipelines.
• Personally identifying information should not be included in Prompts unless voluntarily provided by you.
  • Anthropic’s policies:
  • https://privacy.claude.com/en/articles/10023548-how-long-do-you-store-my-data
  • https://privacy.claude.com/en/articles/7996862-how-do-i-view-and-sign-your-data-processing-addendum-dpa

d. Technical Data

• Device type and operating system
• App usage statistics
• Crash reports and performance analytics

---

3. How We Use Your Information

Your data is used to:

• Enable secure login and account management
• Structure and store your health profile
• Generate AI-powered medically styled questions and summaries
• Produce shareable reports for your records or your doctor
• Maintain and improve App functionality

We explicitly do not use your data for:

• Advertising or marketing
• Sale to third parties
• Profiling, tracking, or behavioural analytics

4. Legal Grounds for Processing (GDPR)

For EU/EEA users, we rely on:

• Consent – you provide data voluntarily (Art. 6(1)(a))
• Explicit Consent – for sensitive health data (Art. 9(2)(a))
• Contract – necessary to provide the App’s features (Art. 6(1)(b))

5. Data Retention

• Health and medical data: Stored securely until you delete it.
• Login credentials: Stored securely on-device and on encrypted AWS servers.
• Prompts sent to Claude (Anthropic):
  • By default, prompts and responses are retained for up to 30 days to support platform stability and safety monitoring.
  • If you opt in to allow your data to be used for model improvement, your prompts and responses may be retained in a de-identified format for up to 5 years.
  • Prompts flagged for potential policy violations may be stored for up to 2 years, with associated classifier scores retained for up to 7 years.

If you delete your profile, all local and server-stored data is permanently erased. No backup is retained unless you created one. Deletions are irreversible.

6. Data Security

We use technical and organisational safeguards, including:

• End-to-end encryption of stored data
• Password and/or biometric protection
• Configurable auto-logout
• Access control and secure authentication systems

We design our privacy practices to align with major global privacy frameworks including GDPR, HIPAA, the Australian Privacy Act, and CCPA/CPRA, and apply protections consistent with the highest applicable standard.

You remain responsible for securing your device (e.g., operating system updates, passwords, personal device security/retention).

7. Disclosure to Third Parties

We (acting on behalf of JAMOZ Pty Ltd) do not sell, rent, trade, or otherwise commercially disclose your personal or health information.

We engage a limited number of carefully selected service providers to support the secure operation of the App. These providers are contractually required to safeguard data and may process information only for the purposes specified below.

Anthropic, PBC (Claude AI)

• Provides AI processing services to generate responses to user prompts on our behalf.
• Acts as a data processor/service provider and processes data only as necessary to deliver AI functionality.
• Does not use customer data to train its models unless explicitly authorized by us.
• Receives only the information required to provide the service.
• Retains data only for the period necessary to support service delivery, security, and abuse monitoring, in accordance with its published privacy and security commitments.

Anthropic privacy information: https://privacy.anthropic.com/

Amazon Web Services (AWS)

• Provides secure cloud infrastructure for application hosting and encrypted data storage.
• Implements administrative, technical, and physical safeguards designed to protect sensitive information.
• Processes data solely on our behalf and in accordance with contractual data-processing obligations.
• Data stored within AWS is deleted or irreversibly de-identified following verified user account deletion, subject only to limited backup retention required for security and disaster-recovery purposes.

AWS privacy information: https://aws.amazon.com/privacy/

We may analyse de-identified and aggregated usage data to:

• maintain platform safety
• improve system performance
• enhance user experience

Such data cannot reasonably be used to identify individual users.

8. Your Rights

Depending on jurisdiction, you may have the right to:

• HIPAA (US health data): Access your data, request amendments, request restrictions, obtain an accounting of disclosures.
• Australia (Privacy Act 1988): Access, correct, or complain to the OAIC.
• GDPR (EU/EEA): Access, correct, delete, withdraw consent, portability, object to processing, complain to a DPA.
• CCPA/CPRA (California): Know what we collect, request deletion, opt-out of data sale (not applicable as we do not sell data), non-discrimination.

To exercise these rights, contact us at the details in Section 11.

9. Children’s Privacy

The App is not designed for children under 18. We do not knowingly collect data from minors. If a child’s data is inadvertently entered, the account should be deleted immediately.

10. Account and Data Deletion

You may delete your account within the App settings at any time.

This permanently deletes all medical history, user prompts, and reports stored locally and on AWS servers.

11. Contact Us

If you have questions about your privacy rights or wish to lodge a complaint, please contact us or the relevant authority in your jurisdiction:

Consult Buddy Privacy Officer
Consult Buddy Pty Ltd
Email: privacy@consultbuddy.app

JAMOZ Pty Ltd
(Trading as Consult Buddy)
ACN: 128674733
ABN: 84919619759
200 Kambrook Road
Caulfield VIC 3162
Australia

Australia – Office of the Australian Information Commissioner (OAIC)

If you're dissatisfied with our response or wish to escalate a privacy concern:

• Website: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
• Phone: 1300 363 992
• Mail: GPO Box 5288, Sydney NSW 2001
• Fax: +61 2 6123 5145

European Union – Data Protection Authorities (GDPR)

EU/EEA residents can contact their national Data Protection Authority (DPA). A full list is available here:

• List of DPAs: https://edpb.europa.eu/about-edpb/board/members_en

Alternatively, you may contact the European Data Protection Supervisor (EDPS):

• Website: https://edps.europa.eu/about-edps/contact_en
• Email: edps@edps.europa.eu
• Phone: +32 2 283 19 00
• Mail: Rue Wiertz 60, B-1047 Brussels, Belgium

United States – HIPAA Privacy Complaints

If you believe your health information privacy rights have been violated under HIPAA:

• Office for Civil Rights (OCR), U.S. Department of Health & Human Services
  • Online Complaint Portal: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
  • Email: OCRComplaint@hhs.gov
  • Mail:
    Centralized Case Management Operations
    U.S. Department of Health and Human Services
    200 Independence Avenue, S.W.
    Room 509F HHH Building
    Washington, D.C. 20201

California – California Privacy Protection Agency (CCPA/CPRA)

California residents can submit privacy complaints under the CCPA/CPRA to:

• Website: https://cppa.ca.gov/webapplications/complaint
• Phone: +1 916-572-2900
• Mail:
  California Privacy Protection Agency
  400 R Street, Suite 350
  Sacramento, CA 95811, USA

If you need assistance with specific privacy concerns or require further information, please don't hesitate to contact us directly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the App or email. Continued use of the App after changes indicates acceptance of the updated policy.