Privacy Policy

Who this policy applies to

This Privacy Policy applies to:

• Website visitors (marketing pages, documentation, support)
• Application users (doctors, clinic staff, administrators)
• Organisation account holders (clinics and practices)

Bloom provides services to doctors and clinics. Our contractual relationship is with healthcare organisations, not directly with patients.

Information we collect

Website visitors

When you visit our website, we may collect limited technical information such as:

• IP address
• Browser type and device information
• Pages viewed and referring URLs

This information is used to operate, secure, and improve our website.

Information collected through the Bloom platform

When you or your organisation uses Bloom, we collect and process the following kinds of personal information. Examples are illustrative, not exhaustive.

Identifiers and demographics

e.g. patient names, dates of birth, contact details, addresses, and identifiers used to match patient records (including identifiers from a connected EMR).

Health and clinical information

e.g. audio recordings of consultations, transcripts, clinical notes, referrals, correspondence, doctor scratchpad entries, and other information captured or generated about a patient's care.

Clinical workflow data

e.g. appointments, scheduling and provider assignments, patient activity history, and external clinical contacts used for referrals and correspondence.

Account and authentication data

e.g. user names and email addresses, organisation and role assignments, and authentication information such as password hashes, passkeys, and multi-factor authentication data.

Operational and audit data

e.g. audit logs, usage telemetry, system events, and support communications.

Billing data

e.g. subscription and payment records for the commercial relationship between your organisation and Bloom. Card details are handled by our payment processor and are not stored by Bloom.

The first three categories above make up Customer Content. Bloom processes Customer Content solely on behalf of your organisation and only in accordance with its instructions. Bloom does not collect data directly from patients.

Where your organisation has connected Bloom to an external electronic medical record (EMR) or practice management system, some of the information in the above categories is synced from that system rather than entered into Bloom directly. The authoritative copy remains in your EMR or PMS.

How we use information

We use information to:

• Provide, operate, and improve the Bloom platform
• Authenticate users and manage organisation access
• Process audio, transcripts, and documents as requested
• Maintain audit logs and system integrity
• Provide customer support and service communications
• Meet legal, regulatory, and compliance obligations

We do not sell personal information.

AI and automated processing

Bloom uses AI to transcribe consultation audio and generate draft clinical documentation (notes, referrals, letters, summaries). Clinicians review and approve all AI-generated output before it is used in patient care.

All AI processing runs on enterprise cloud infrastructure located in Australia, under Bloom's contractual arrangements with our cloud provider.

Key commitments:

• Customer Content is processed only to deliver the service you requested.
• Customer Content is never used to train, fine-tune, or improve any AI model.
• Our AI infrastructure provider is contractually prohibited from using Customer Content for any purpose other than delivering the service to Bloom.
• Audio, transcripts, and prompts sent to AI models are not retained by the AI infrastructure provider after the response is returned.
• All AI processing is performed under strict confidentiality, encryption, and access-control obligations.

Data storage and sovereignty

Bloom stores and processes production data, including all Customer Content, exclusively in Australia. Our cloud and AI infrastructure is provided by Amazon Web Services (AWS) in its Australian region(s), and AI inference runs on in-region endpoints so that clinical data does not leave Australia at any point in the processing pipeline.

We take reasonable steps to ensure:

• Customer Content remains within Australian AWS data centres.
• Access is limited to authorised systems and personnel, subject to role-based access controls and audit logging.
• Appropriate technical and organisational safeguards are in place, including encryption in transit and at rest.

Cross-border disclosure of clinical information

Bloom does not disclose Customer Content (including consultation audio, transcripts, clinical notes, or generated clinical documents) to any recipient outside Australia. All clinical data is stored and processed exclusively in Australia.

Limited categories of non-clinical personal information may be handled by overseas providers in connection with specific business operations (for example, payment processing by Stripe). Where this occurs, we take reasonable steps under Australian Privacy Principle 8 to ensure the overseas recipient handles the information consistently with the Australian Privacy Principles, including through binding data processing agreements.

Disclosure of information

We may disclose information to trusted service providers who assist in operating Bloom, including:

• Cloud and AI infrastructure: Amazon Web Services (AWS), Australian region(s). Hosts all application infrastructure, storage, and AI processing. Customer Content does not leave Australia.
• Payment processing: Stripe (for subscription billing only; Customer Content is not shared with Stripe).
• Security, authentication, and monitoring: tools used to operate the service securely.

A current sub-processor list is available on request. These providers are contractually required to protect information and use it only to provide services to Bloom.

We may also disclose information where required or authorised by law.

Security

Bloom implements industry-standard security measures, including:

• Encryption in transit and at rest
• Role-based access controls
• Audit logging
• Secure authentication (including multi-factor authentication)
• Regular security reviews and operational controls

No system is completely secure, but we take reasonable steps to protect information from misuse, loss, or unauthorised access.

Data retention

Bloom's retention approach is designed to support both the operation of the service and the medicolegal obligations that apply to clinical records in Australia.

What we retain

Bloom retains the kinds of personal information described in Information we collect above, including Customer Content (identifiers and demographics, health and clinical information, and clinical workflow data) as well as operational, account, and billing data required to run the service.

Where your organisation syncs Bloom with an external EMR or practice management system, Bloom mirrors the relevant records. The authoritative copy remains in that system, and retention within Bloom is aligned to your organisation's configuration.

Why we retain audio and transcripts

Bloom's core safety feature is its citation chain: every AI-generated sentence in a note or document is anchored to the exact transcript segment and audio moment it was derived from. This anchoring is what allows clinicians, auditors, and complaints bodies to verify that any given line in a note is an accurate reflection of what occurred during the consultation.

The citation chain is only defensible if the transcript and audio it points to continue to exist. Deleting the underlying audio and transcript would break the verifiable record and remove the medicolegal protection the citation system provides.

Alignment with Australian health records law

Healthcare organisations in Australia are subject to minimum retention periods for clinical records under state and territory health records legislation. Typical minimums are seven (7) years from the date of the last service for adult records, and, for records relating to minors, until the patient reaches 25 years of age, though specific periods vary by jurisdiction and record type.

Bloom's retention is scoped to help healthcare organisations meet these obligations, not to exceed them.

Who controls retention

Under Australian privacy and health records law, the healthcare organisation (the practice, clinic, or health service) is the data controller for clinical records. Bloom stores and processes Customer Content on that organisation's behalf.

Retention periods can be configured at the organisation level, subject to the minimum periods required by law. An organisation may request export or deletion of Customer Content at any time, subject to its own legal retention duties and any outstanding contractual obligations to Bloom.

Non-clinical data

Operational data, such as account records, audit logs, and billing records, is retained for as long as reasonably necessary to operate the service and meet legal, tax, and accounting obligations. On account closure, operational data is retained only for the minimum period required by law.

Cookies and analytics

Bloom does not use third-party analytics, advertising cookies, or cross-site tracking.

We use essential cookies only for authentication and session management. These cookies are necessary for the application to function and cannot be disabled.

If we introduce analytics tools in the future, this policy will be updated accordingly.

Your rights

Under the Australian Privacy Act, you may request to:

• Access personal information we hold about you
• Correct inaccurate or outdated information
• Make a complaint regarding our handling of personal information

Requests can be made using the contact details below.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date and, where appropriate, notifying users.