SangraMate Privacy Policy (Australia)
Effective date: 22 October 2025
Who we are:
SangraMate is a product of Worklair Pty Ltd (ABN 16685645452) (“SangraMate”, “we”, “us”, “our”).
SangraMate is a product of Worklair Pty Ltd (ABN 16685645452) (“SangraMate”, “we”, “us”, “our”).
Contact:
📞 +61 412 428 803
📞 +61 412 428 803
🏢 Suite 302, 13–15 Wentworth Ave, Sydney NSW 2000, Australia.
We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Policy explains what we collect, why we collect it, how we use and share it, and the choices you have.
This Policy explains what we collect, why we collect it, how we use and share it, and the choices you have.
1. What we collect
Depending on how you use SangraMate (app, web, support), we may collect:
- Account & identity data: name, display name, avatar, email/phone, role/relationship (e.g., parent/carer).
- Health & activity data (sensitive information): glucose readings (from CGM/LibreLinkUp, etc.), insulin type/dose/timing, meds, meals, activity, symptoms, notes, attachments and tags you add.
- Care Circle data: information you choose to share with your invited Care Circle members and clinicians.
- Device & usage data: device identifiers, OS/app version, crash logs, diagnostics, time zone, IP, app interactions, cookie/SDK analytics.
- Support communications: emails, in-app messages, logs you send to us.
- Payment/Subscription data (if applicable): billing contact, transaction metadata (processed by our payment provider; we don’t store full card details).
2. How we collect
- Directly from you in the app and during onboarding.
- From connected services or devices you authorise (e.g., CGM data relays such as LibreLinkUp).
- Automatically via cookies/SDKs for analytics, security and reliability.
- From your Care Circle when they log entries or share with you.
3. Why we use your information
We use your information to:
- Provide and improve the service: logging, charts, reminders, Care Circle sharing, watch/complication features, reliability, support, troubleshooting.
- Clinical viewing features (optional): if you connect a clinician, we enable read-only dashboards and summaries for them.
- Security, fraud, safety: authentication, abuse prevention, incident response.
- Legal compliance: respond to lawful requests, manage consents.
- Research & product development: we may use de-identified and aggregated data to improve features and support research.
We do not sell your personal information.
4. Our legal basis & consent (Australia)
Under the APPs, we collect and handle health information (a form of sensitive information) with your consent (given during onboarding, connecting data sources, inviting Care Circle, or continuing to use the app after being informed).
You may withdraw consent for specific connections at any time in settings (this may limit functionality).
You may withdraw consent for specific connections at any time in settings (this may limit functionality).
5. Sharing & disclosure
We may share information with:
- Your Care Circle and clinicians you explicitly connect. You control who’s invited and can revoke access.
- Service providers (processors): cloud hosting, analytics, crash reporting, messaging/push, email/SMS, customer support, authentication, and payment processing — only for the services we instruct.
- Professional advisers & compliance: auditors, insurers, legal counsel.
- Law enforcement/regulators where required by law or to prevent serious harm.
We require service providers to protect your information and use it only for our purposes.
6. Overseas disclosures
We primarily store data in Australia (AWS ap-southeast-2).
Some service providers may process limited data in other countries (e.g., the United States or EU).
Where we disclose personal information overseas, we take reasonable steps under APP 8 to ensure the recipient does not breach the APPs (e.g., contractual safeguards, encryption, due diligence).
Some service providers may process limited data in other countries (e.g., the United States or EU).
Where we disclose personal information overseas, we take reasonable steps under APP 8 to ensure the recipient does not breach the APPs (e.g., contractual safeguards, encryption, due diligence).
7. Children & carers
SangraMate can be used by parents/carers to support minors.
Account creation is by adults who manage invitations and consents for the Care Circle.
If you believe a minor has provided personal information without appropriate consent, contact us and we’ll assist.
Account creation is by adults who manage invitations and consents for the Care Circle.
If you believe a minor has provided personal information without appropriate consent, contact us and we’ll assist.
8. Data retention
We retain personal information only as long as needed for the purposes above or to comply with legal obligations and dispute resolution.
You can request deletion (see Section 11).
We may retain de-identified data for analytics/research.
You can request deletion (see Section 11).
We may retain de-identified data for analytics/research.
9. Security
We use administrative, technical, and organisational safeguards suitable for health-adjacent data, including:
- Encryption at rest and in transit
- Least-privilege access
- Logging and backups
No system is 100% secure; we monitor and improve controls continually.
10. Cookies & SDKs
We use cookies and mobile SDKs for essential functionality, performance/analytics, and reliability (e.g., crash diagnostics, notification delivery).
You can adjust browser/app settings to limit certain tracking; some features may not work without essential cookies/SDKs.
You can adjust browser/app settings to limit certain tracking; some features may not work without essential cookies/SDKs.
11. Your rights (APPs)
You can request to access and correct your personal information.
You can also request deletion of your account/data (subject to lawful retention requirements).
You can also request deletion of your account/data (subject to lawful retention requirements).
To exercise these rights: use in-app settings or contact us (see Section 15).
12. Third-party services & links
If you connect third-party services (e.g., CGM portals) or follow external links, their privacy terms apply.
Review those policies carefully — your data there is governed by those parties.
Review those policies carefully — your data there is governed by those parties.
13. My Health Record (not used)
SangraMate does not connect to the Australian My Health Record system.
If we ever add this, we will publish a specific notice and obtain required consents.
If we ever add this, we will publish a specific notice and obtain required consents.
14. De-identification & research
We may use your information in de-identified and aggregated form for analytics and research (e.g., feature accuracy, safety signals).
De-identified data cannot reasonably identify you and may be shared with research partners or published in aggregate.
De-identified data cannot reasonably identify you and may be shared with research partners or published in aggregate.
15. How to contact us
Phone: +61 412 428 803
Email: info@sangramate.com
Post: Suite 302, 13–15 Wentworth Ave, Sydney NSW 2000, Australia.
Email: info@sangramate.com
Post: Suite 302, 13–15 Wentworth Ave, Sydney NSW 2000, Australia.
16. Complaints
If you have a privacy complaint, contact us first — we will acknowledge and aim to resolve it quickly.
If you’re not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC):
- Web: oaic.gov.au
- Phone: 1300 363 992
- Mail: GPO Box 5218, Sydney NSW 2001
17. Changes to this Policy
We may update this Policy to reflect changes in law or our practices.
We’ll post the updated version with a new effective date.
Material changes will be highlighted in-app or via email.
We’ll post the updated version with a new effective date.
Material changes will be highlighted in-app or via email.