Spinehub Privacy Policy

This privacy policy describes how Spinehub (a mobile app by Paul Licina Medical Pty Ltd) collects, uses, shares, and protects your personal information. Spinehub is used for scheduling and managing spine surgery appointments. We comply with applicable privacy laws (e.g. Australian Privacy Act’s Australian Privacy Principles) and App Store/Play Store requirements. In line with Google and Apple guidelines, this policy explains all data collected, how it is used, and any sharing of that data.

Personal Data Collected

Spinehub collects the following personal information from users (patients and staff) to provide its services:

Patients:

Identity & Contact: Full name, email address, phone number, home address.
Demographics: Date of birth, gender.
Professional Info: Company/organization name (for staff), occupation/role.
Emergency & Billing Details: Emergency contact person, billing information.
Health-related Information: Referring General Practitioner name and provider number, Medicare member details, private health insurance details.
Account Credentials: Usernames and passwords (for login security).
Usage Data: Any content you enter or messages you send via the app (e.g. chat content, appointment notes), as well as usage information (such as login times) necessary for app functionality.

Staff:

Identity & Contact: Full name, email address, phone number.
Professional Info: Company/organization name, occupation/role.
Usage Data: Any content you enter or messages you send via the app (e.g. chat content, appointment notes), as well as usage information (such as login times) necessary for app functionality.

These categories of data include sensitive information (health and insurance data), which Spinehub treats with extra protection.

How We Use Your Data

Appointment Management: Schedule and confirm your surgical consultations and related appointments.
Communication: Send reminders, updates, and allow chat messaging between patients and staff (e.g. doctors, nurses, administrators).
Account Administration: Verify your identity, secure your login, and manage your user profile and preferences.
Support and Improvements: Perform technical support and maintenance; analyze app usage (only aggregated or anonymized data) to improve Spinehub.

We do not use your personal data for advertising or marketing, and we do not sell or rent it to third parties. All uses of personal data are limited to the purposes above and as permitted by law.

Data Sharing

Spinehub shares your data only in the following ways:

Healthcare Providers: We share relevant information with healthcare professionals involved in your care (such as surgeons, anaesthetists, or your referring GP) to coordinate appointments and care.
Service Providers: We may share data with trusted third-party service providers that help us operate the app. For example, we use CometChat for the app’s chat/messaging feature (see Third-Party Services below). These providers have agreements to protect your data.
Legal Requirements: We will disclose personal data if required by law or to protect our legal rights (for example, responding to a lawful subpoena or court order).
Consent: We may share information with any other third parties if you explicitly consent.

We do not share personal data with advertisers or marketing companies.

Data Storage & Security

Secure Servers: All personal data is stored on Paul Licina Medical Pty Ltd’s secure servers with industry-standard protection. Communications between the app and our servers use encrypted connections (HTTPS/TLS).
Encryption: Spinehub passwords are hashed in the database. For chat, we use CometChat’s service, which is compliant with HIPAA and GDPR standards. CometChat stores chat data encrypted (AES-256 at rest) and encrypts all communications in transit using TLS.
Access Controls: Only authorised Paul Licina Medical Pty Ltd personnel or service providers can access your data. Paul Licina Medical Pty Ltd uses strong password policies and role-based access controls to limit who can see or modify data.
Data Retention: We retain your personal information only as long as needed to provide Spinehub services or to comply with legal obligations. After that, data is securely deleted or anonymized.

Spinehub takes reasonable steps to protect your data from unauthorized access, alteration, or disclosure. However, no system is completely secure; if a breach occurs, we will notify affected users as required by law.

Your Rights

Access & Correction: You can view and update most of your personal information in the app at any time (e.g. updating contact details or insurance information). You can also request a copy of the personal information we hold about you.
Account Deletion: You may request deletion of your Spinehub account and associated personal data. We will comply unless we are legally required to keep certain information (for instance, medical records retention laws).
Consent Withdrawal: You can withdraw any consent you have given us (for example, consent to share certain data), which may affect your use of the app.
Complaints: If you have any concerns about how we handle your data, you can contact us at spinehub@spineplus.com.au. You also have the right to lodge a complaint with a data protection or privacy authority.

To exercise your rights or for any privacy inquiries, please contact Paul Licina Medical Pty Ltd’s Privacy Officer via the email below.

Children’s Privacy

Spinehub is not intended for children under 13 years of age. We do not knowingly collect personal data from children. If we discover that a child under 13 has registered, we will promptly delete that account and information.

Cookies and Tracking

Spinehub uses certain cookies and tokens to facilitate app functionality. The cookies include:

spine-hub-token (stores your authentication token while logged in)
spine-hub-refresh-token (used to refresh your session securely)
spine-hub-user-info-token (stores minimal user info for session persistence)

These cookies are necessary for login and are not used for advertising or analytics. They are typically HTTP-only and expire automatically. You can disable cookies in your device settings, but then the app may not function correctly (you might have to log in more often). Spinehub does not use any third-party tracking technologies or advertising identifiers.

Third-Party Services

Spinehub integrates with the following third-party service:

CometChat (Instant Messaging): Used solely to provide secure chat functionality within the app. CometChat is HIPAA and GDPR compliant. All chat data is encrypted (AES-256 at rest, TLS in transit) by CometChat. You can review CometChat’s privacy and security standards on their website.

We currently do not use any advertising networks, analytics SDKs, or other third-party data services in Spinehub. If we add any new third-party services in the future, we will update this policy accordingly.

Updates to This Policy

Paul Licina Medical Pty Ltd may update this privacy policy from time to time (for example, to reflect new features or legal requirements). The “Last Updated” date at the end of this document will indicate when it was revised. We will post changes in the app and on our website; please review this policy periodically. If changes are significant, we may notify you via email or in-app notice.

Contact Information

If you have questions, requests, or concerns about this privacy policy or Spinehub’s data practices, please contact us:

Paul Licina Medical Pty Ltd’s Privacy Officer
Brisbane Private Hospital, Level 1, 259 Wickham Terrace, Spring Hill QLD 4000, Australia
Phone: 1300 52 53 54 (Brisbane) | 1300 52 53 55 (Gold Coast)
Email: spinehub@spineplus.com.au

We will respond to your request or complaint within a reasonable time. Thank you for using Spinehub.

Last Updated: July 4, 2025

Sources: Spinehub has been developed in line with Apple’s and Google’s privacy policy requirements and the Australian Privacy Principles. The information above is based on Spinehub’s functionality and Paul Licina Medical Pty Ltd’s existing privacy practices. Other references (e.g. CometChat security) are provided for transparency.