Privacy Policy

Last updated: 28 June 2026

PAT Compliance is a product of BizziGroup ("we", "us"). It is a clinical governance and compliance tool for Australian psychedelic-assisted-therapy prescribers operating under the TGA Authorised Prescriber scheme. This policy explains what we collect when you use PAT Compliance, how we use it, and the choices you have. It covers the PAT Compliance website and app at bizzigrp.com/psychedelic-therapy.

Clinical and patient information stays with you. The clinic records, patient details, governance assessments, drug-register entries, adverse-event reports and exports you create are saved locally in your own browser (local storage) on the device you use. This information is not uploaded to, read by, or stored on our servers. We do not collect, hold or process patient health records.

Information We Collect

Account details - when you create an account we collect your email address and an authentication record (handled by our auth provider, Supabase). We never see or store your password in plain text.
Subscription & billing - when you start a trial or subscribe, payment is processed by Stripe. We receive your subscription status, plan tier, billing period and a Stripe customer reference, keyed to your account email. We do not collect or store your full card number - Stripe handles that.
Usage analytics - we use Google Analytics to understand aggregate, de-identified usage (pages viewed, broad device/region). This helps us improve the product.
Your clinical data - clinics, patients, governance assessments, drug registers and adverse-event reports are created and stored locally in your browser. They are not transmitted to us.

How We Use Your Information

To create and secure your account and provide access to the app.
To manage your 14-day free trial and subscription, and to process payments via Stripe.
To respond to support requests you send us.
To understand and improve how the product is used, in aggregate.

We do not sell your personal information, and we do not access or use the contents of your clinical or patient data for any purpose.

Patient Information & Your Responsibilities

Because patient and clinical information you enter never leaves your browser, you - the practitioner - are responsible for handling that information in line with your own obligations, including the Australian Privacy Principles, applicable health-records legislation, your professional and AHPRA obligations, and your clinic's information-governance policies. You are responsible for securing the device you use, for obtaining any patient consents required, and for keeping your own backups. PAT Compliance is a governance aid and does not act as a data processor for your patient records.

Where Your Data Is Stored

PAT Compliance is local-first. Your clinics, patient records, assessments and reports live in your browser's storage on the device you use. Clearing your browser data, or using a different device or browser, means that data won't be present. Use the in-app PDF export to keep your own copies and records. Only your account email and subscription status are stored on our side (via Supabase and Stripe) for billing and access.

Third-Party Services

We rely on a small set of trusted providers, each with their own privacy practices:

Supabase - authentication and account records (email + subscription status).
Stripe - subscription billing and payment processing.
Google Analytics - aggregate usage analytics.
Netlify - website and application hosting.

Cookies & Local Storage

We use cookies and browser storage that are essential to sign-in, to remember your session and preferences, and (via Google Analytics) to measure usage. You can clear or block these in your browser settings, though doing so may sign you out or remove locally-stored clinical data.

Data Security

We use reputable providers and industry-standard safeguards (encryption in transit, scoped access keys). No method of transmission or storage is completely secure, but we work to protect the account information we hold. PAT Compliance is a clinical governance and self-assessment aid - it does not replace certified audit, legal, regulatory or clinical advice.

Data Retention

We keep account and subscription records for as long as your account is active and as required to meet legal, tax and accounting obligations. You can ask us to delete your account at any time. Locally-stored clinical data is retained or deleted entirely under your control on your own device.

Your Rights

You may request access to, correction of, or deletion of the personal information we hold about you (your account and subscription details). Email us and we'll help. Depending on where you live, you may have additional rights under your local privacy laws, including the Australian Privacy Principles.

Children's Privacy

PAT Compliance is a professional clinical tool for authorised prescribers and is not directed to children under 16, and we do not knowingly collect their personal information.

Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.

Contact Us

Questions about privacy? Email support@bizzigrp.com.