← Back to Preventli

Privacy Policy

Effective date: 1 May 2026

1. About This Policy

Preventli Pty Ltd (ABN to be inserted) ("Preventli", "we", "us", "our") is an Australian company that provides WorkCover case management, AI-powered return-to-work planning, and pre-employment health assessment software to Australian businesses.

This Privacy Policy explains how we handle personal information — including sensitive health information — in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are also subject to the Notifiable Data Breaches (NDB) scheme.

By using our platform or website, you acknowledge that you have read and understood this policy.

2. Information We Collect

a) Contact and account information

  • Name, email address, phone number
  • Company name, ABN, number of employees
  • Role or job title
  • Username and encrypted password

b) WorkCover case data

  • Injured worker details (name, date of birth, contact information)
  • Injury type, date, and description
  • Medical certificates and capacity assessments
  • Return-to-work plans and rehabilitation progress notes
  • WorkSafe claim numbers and correspondence

c) Pre-employment health assessment data

  • Candidate name, date of birth, contact details
  • Health status responses (musculoskeletal, cardiovascular, vision, hearing)
  • Clearance level and medical notes

d) Technical and usage data

  • IP address, browser type, device type
  • Pages visited, features used, timestamps
  • Error and performance logs (via Sentry)

3. Sensitive Information (Health Data)

Health information collected through WorkCover case management and pre-employment assessments is sensitive information under the Privacy Act. We collect this information only:

  • With the individual's consent (express or implied), or
  • As required or authorised by Australian law (e.g. WorkSafe Victoria obligations)

Health information is never used for direct marketing and is never disclosed to third parties except as described in Section 5 or as required by law.

4. How We Use Your Information

  • Providing, operating, and improving the Preventli platform
  • Processing contact form submissions and responding to enquiries
  • Generating AI-powered return-to-work plans from uploaded medical certificates
  • Sending platform notifications (task reminders, certificate expiry alerts)
  • Sending transactional and service emails (onboarding, receipts, support)
  • Monitoring platform performance and diagnosing errors
  • Complying with legal obligations under WorkSafe Victoria and other applicable laws

We do not sell your personal information to third parties. We do not use personal data for automated profiling that produces legal or similarly significant effects without human review.

5. Disclosure of Information

We may disclose personal information to the following categories of recipients:

  • Your employer or organisation — managers and authorised users within your Preventli workspace who have legitimate need to access case data
  • Our technology sub-processors — listed in Section 6 below
  • Regulatory bodies — WorkSafe Victoria, SafeWork Australia, or other authorities where required by law
  • Legal and professional advisers — where necessary to protect our legal rights
  • Business successors — in the event of a merger, acquisition, or asset sale (with notice to affected users)

6. Third-Party Sub-Processors

We engage the following third parties to deliver our services. Each is bound by data processing agreements consistent with the APPs:

ProviderPurposeLocation
RenderCloud hosting and PostgreSQL databaseUSA (Oregon)
OpenAIAI RTW plan generation (medical certificate processing)USA
ResendTransactional email deliveryUSA
SentryError monitoring and performance trackingUSA
SupabaseContact form submission storageUSA

Where personal information is disclosed overseas, we take reasonable steps to ensure the recipient handles it consistently with the APPs (APP 8).

7. Data Retention

  • Active account data — retained for the duration of your subscription
  • WorkCover case records — retained for 7 years after case closure to comply with WorkSafe record-keeping obligations
  • Pre-employment assessment data — retained for 7 years or as required by applicable legislation
  • Contact form submissions — retained for 24 months
  • Error and usage logs — retained for 90 days

On account termination, we will delete or de-identify personal data within 30 days, unless longer retention is required by law.

8. Security

We implement reasonable technical and organisational measures to protect personal information, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • JWT-based authentication with short-lived session tokens
  • Role-based access control — users only access data within their organisation
  • CSRF protection and rate limiting on all API endpoints
  • Security headers (HSTS, CSP, X-Frame-Options) on all responses
  • Daily automated database backups with point-in-time recovery
  • Error monitoring via Sentry for rapid incident detection

No system is impenetrable. If we discover a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the NDB scheme.

9. Cookies and Tracking

Our website uses essential cookies for session management and security (CSRF tokens). We do not currently use third-party advertising or analytics cookies. Error monitoring via Sentry may collect browser session data for debugging purposes.

10. Your Rights (APP 12 & 13)

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete personal information
  • Complain about a breach of the APPs (see Section 11)

To make an access or correction request, contact us at privacy@preventli.ai. We will respond within 30 days.

11. Complaints

If you believe we have breached the APPs, please contact us first at privacy@preventli.ai. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email to registered users or displayed prominently on the platform. Continued use after notification constitutes acceptance of the updated policy.

13. Contact Us

For any privacy enquiries, access requests, or complaints:

Preventli Pty Ltd

Email: privacy@preventli.ai

Website: preventli.ai

Australia