TrueBlueReview

True Blue Review – Privacy Policy

Last updated: 25 February 2026

True Blue Review Pty Ltd ("True Blue Review", "we", "us", or "our") provides automated patient communication services to healthcare practices, including post-appointment communication and patient feedback requests.

This Privacy Policy explains how we collect, hold, use and disclose personal information when our services are used by healthcare practices and when individuals interact with us.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Our Role

True Blue Review acts as a service provider to healthcare practices ("Clinic").

The Clinic remains the primary holder of patient records. We process limited personal information only on behalf of the Clinic and under its instructions.

We:

  • do not provide healthcare services
  • do not make clinical decisions
  • do not control the Clinic–patient relationship

We only facilitate communication initiated by the Clinic.

2. What Information We Collect

A. Clinic Account Information

We collect information from Clinics including:

  • practice name
  • practitioner contact details
  • account login details
  • billing and subscription details
B. Patient Contact Information (provided by Clinics)

Through secure integrations with practice management systems or uploaded contact data, we may receive limited patient information:

  • patient name
  • mobile phone number
  • appointment date or attendance status
  • communication preferences
  • message delivery and opt-out status

We do not collect clinical notes, diagnoses, treatment information, or medical histories.

However, under Australian law, confirmation that a person attended a healthcare appointment constitutes health information.

3. How We Use Information

We use personal information only to operate the service requested by the Clinic:

  • sending post-appointment messages or feedback requests
  • delivering patient experience surveys
  • preventing duplicate messaging
  • maintaining opt-out records
  • ensuring system reliability and security
  • providing technical support
  • complying with legal obligations

We do not use patient information for advertising, profiling, or independent marketing.

We do not sell or rent personal information.

4. Legal Basis

We process patient information as a contracted service provider to the Clinic.

The Clinic is responsible for:

  • collecting patient contact details
  • informing patients of communication
  • obtaining any required consent under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).

We process information only to perform the services requested by the Clinic.

5. Disclosure of Information

We may disclose personal information only where necessary to operate the service, including to:

  • secure cloud hosting providers
  • SMS delivery providers (e.g., Twilio)
  • system monitoring and security providers
  • professional advisers
  • regulators where legally required

We do not disclose patient information to unrelated third parties.

6. Overseas Disclosure

Some service providers (for example SMS delivery providers such as Twilio) may process personal information outside Australia, including in the United States or other jurisdictions where their infrastructure operates.

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those providers are subject to contractual obligations requiring them to protect personal information in a manner consistent with the Privacy Act 1988 (Cth).

7. Data Retention

We retain only the minimum personal information necessary to operate the service, including:

  • message delivery logs
  • opt-out/suppression records
  • minimal identifiers to prevent duplicate messaging

We delete or de-identify information when no longer required unless required by law.

8. Security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Measures include:

  • encrypted HTTPS connections
  • restricted access controls
  • secure server infrastructure
  • audit logging
  • password hashing

No online system is completely secure.

9. SMS Communications and Opt-Out

Patients may opt out at any time using opt-out instructions (e.g., replying "STOP").

After opting out, the number is suppressed from future messaging from that Clinic via our system.

10. Access and Correction

Individuals may request access to or correction of personal information we hold.

Because we act on behalf of a Clinic, we may refer the request to the relevant Clinic.

Contact: contact@TrueBlueReview.com.au

11. Complaints

If you believe we have mishandled personal information, contact us.

If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au

12. Updates

We may update this Policy periodically. The latest version will always appear on our website.

13. Contact

True Blue Review Pty Ltd

Email: contact@TrueBlueReview.com.au

Back to Sign Up

Download PDF Handout

Save this guide for your records or share with your team.

Download PDF