Abby Health data privacy
Abby Health protects your personal and health information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Your data is stored in Australia, encrypted in transit and at rest, and accessed only by clinicians involved in your care. We do not sell your data. We do not share with third parties without your consent except where required by law.
Abby Health protects your personal and health information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Your data is stored in Australia, encrypted in transit and at rest, and accessed only by clinicians involved in your care. We do not sell your data. We do not share with third parties without your consent except where required by law.
The legal framework that protects you
Australian health data is protected by:
- The Privacy Act 1988 and the 13 Australian Privacy Principles, regulated by the Office of the Australian Information Commissioner (OAIC).
- State-based health records legislation that sits over the federal framework.
- The Notifiable Data Breaches scheme, which requires us to notify you and the OAIC if a breach is likely to cause serious harm.
- The professional confidentiality obligations of every AHPRA-registered clinician.
These are not optional standards. They apply to every consultation, every record, every interaction.
How Abby protects your data
Australian data residency. Your records are stored in Australia, on infrastructure that complies with Australian healthcare data standards.
Encryption in transit and at rest. Every interaction between you and Abby is encrypted. Records held in our systems are encrypted at rest.
Strict access controls. Only clinicians involved in your care can access your record. Every access is logged.
No data sale. Abby does not sell, rent, or trade your personal or health information. Ever.
Limited third-party sharing. We share information only where you have consented (for example, sending a referral to a specialist), where it is required by law, or where strictly necessary to operate the service (for example, sending an eScript to your nominated pharmacy).
What we collect
To deliver care, we collect your name, date of birth, contact details, Medicare details, medical history, current medications, allergies, consultation notes, prescriptions, pathology and imaging results, and any other information you provide during care.
For service operations, we collect basic technical information about your use of the app such as device type, app version, and error logs. This is typical of any modern app.
Your rights over your data
You have the right to:
- Access your records.
- Request corrections to inaccurate or out-of-date information.
- Request a copy of your records to share with another clinician.
- Make a complaint about how we handle your data.
To exercise these rights, contact us through the app or via our privacy policy contact details.
Abby AI and your data
Abby AI, our medical AI, operates within the same privacy framework. It surfaces relevant information from your record to support your clinician. It does not share your information with third parties. See what Abby AI is for the full picture.
Frequently asked questions
Where exactly is my data stored?
In Australia, on infrastructure that meets Australian health data standards. We can provide more specific detail on request.
Does Abby share my data with pharmaceutical companies?
No.
What happens if I close my Abby account?
Your records are retained for the period required by Australian health records legislation (typically seven years after the last consultation, longer for minors). Outside that requirement, no further use is made of your information.
What if there is a data breach?
Under the Notifiable Data Breaches scheme, we will notify you and the OAIC if a breach is likely to cause serious harm.
Find Comfort. Abby Health. Care that understands you.
-topaz-upscale-1.3x.jpeg)
-topaz-upscale-4x.jpeg)
