Privacy Policy
Effective: February 2026 · Last updated: February 2026
About Us
Intelligent Mind Pty Ltd operates the IRIS platform — an AI-assisted workforce rostering system designed for healthcare organisations. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the EU General Data Protection Regulation (GDPR).
What This Policy Covers
This policy explains how we handle personal information about staff of healthcare organisations who use IRIS, representatives who engage with us for procurement or support, and visitors to intelligentroster.com.
IRIS is a workforce rostering system. We do not collect, store, or process patient data, clinical records, or health information as defined under the My Health Records Act 2012. That boundary is technically enforced.
What Personal Information We Collect
From staff and roster builders
- Full name and email address
- Role title, employment type, and craft group
- Employment details relevant to rostering
- Shift assignments, availability preferences, and leave information
- Qualifications and skills relevant to scope of practice
- Login credentials (stored in hashed, non-reversible form)
What we do not collect
- Patient identifiers, Medicare numbers, or medical record numbers
- Clinical notes, diagnoses, treatment information, or health records
- Payment card data
How We Use Your Information
We collect and use personal information only for purposes directly related to providing and improving IRIS: generating rosters, managing shifts and leave, authentication, AI-assisted rostering, service notifications, support, and legal compliance.
We do not sell personal information or use it for unrelated advertising.
Disclosure to Third Parties
| Subprocessor | Role | Location |
|---|---|---|
| Render | Cloud hosting (global default) | Singapore |
| Amazon Web Services | Cloud hosting (Australian option) | Australia (Sydney) |
| OpenAI | AI language model processing | United States |
| Anthropic | AI language model processing | United States |
Data Retention
We retain personal information for as long as necessary to provide the service and meet legal obligations — generally up to 7 years after account closure for audit and regulatory purposes, after which data is securely deleted or de-identified.
Security
Our security measures include AES-256 encryption at rest, TLS 1.2+ in transit, RBAC, SSO, MFA, and immutable audit logging. Infrastructure is hosted on providers with SOC 2 Type II and ISO 27001 certifications.
Your Rights
Under the Privacy Act and, where applicable, GDPR, you have the right to access, correct, request deletion (subject to legal retention obligations), and portability of your personal information. Contact us at office@intelligentroster.com. We will respond within 30 days.
Complaints
If you believe we have mishandled your personal information, contact us first. You may also refer complaints to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.
Contact Us
Privacy enquiries: office@intelligentroster.com