Skip to content
Privacy

Privacy policy

This policy explains how Aescia handles personal and health information. It sits alongside the technical detail on our security page.

Effective date: 2 July 2026

Who we are

The data controller is Aescia Pty Ltd (ABN 96 687 840 517), incorporated in Australia, with Canadian affiliate entities. In this policy, "Aescia", "we", and "us" refer to Aescia Pty Ltd and its affiliates.

Aescia is developing pre-procedure pathway software and investigational post-discharge monitoring. This policy will be updated as the products reach commercial availability.

Information we collect

From visitors to this marketing site, we collect the information you provide through the contact form (such as your name, role, organisation, and message) and basic analytics on how the site is used. We do not collect patient health information through this website.

Where Aescia processes patient data on behalf of a healthcare customer, that processing is governed by the agreement described below and by the customer's own privacy notices, not by this website policy.

Where your data is hosted

Customer data is hosted on Google Cloud in region, in the australia-southeast (Sydney) region, with per-tenant isolation so one customer's data is kept separate from another's.

Data is encrypted in transit using Transport Layer Security (TLS) 1.3 and at rest using the Advanced Encryption Standard (AES-256). Access to systems that hold customer data requires multi-factor authentication (MFA).

Sub-processors

We use a small set of sub-processors to run the service. These include Google Cloud (hosting), Resend (email), Twilio (SMS), and PostHog (product analytics). Each is engaged under terms that require appropriate handling of the data they process on our behalf.

Agreements before patient data is exchanged

A Business Associate Agreement (BAA) or Data Processing Agreement (DPA) is signed before any patient data is exchanged with a healthcare customer. The agreement sets out the purpose of processing, the security obligations, and the handling of data on exit.

How we align with privacy law

Aescia aligns its handling of personal information with the Australian Privacy Act 1988 and the Australian Privacy Principles, with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and with Quebec's Law 25.

If a data breach that is likely to cause serious harm occurs, we will notify affected individuals and the relevant regulator under the Notifiable Data Breaches scheme and the equivalent obligations in the jurisdictions above.

Data export and deletion

On exit, customers can export their data, and data is deleted with a certificate of destruction provided on request. Individuals can ask us to access or correct the personal information we hold about them.

Contact us about privacy

For privacy requests or questions about this policy, contact us at contact@aesciahealth.com.