Privacy Policy

Last updated: May 2026

Regenemm Healthcare is developed under Creative Thinking Institute (CTI).

Regenemm Healthcare builds clinical AI infrastructure for trusted, human-centred care. Our platform is designed around clinical governance, patient control, auditability, provenance, and secure health data handling.

This Privacy Policy explains how Regenemm Healthcare collects, uses, stores, protects, and discloses personal information and health information when people use our products, websites, services, and related clinical workflow tools.

This policy applies to Regenemm Healthcare services including Regenemm Voice, Regenemm Link, Regenemm Connect, the Edge Connector, the Knowledge Base, Hospital Hub, Home Hub, Billing, Triage, Medicolegal workflows, and related platform services.

1. Who we are

Regenemm Healthcare is an Australian healthcare technology platform developed under Creative Thinking Institute.

You can contact us at:

privacy@regenemm.com
support@regenemm.com
bren@regenemm.com

For billing enquiries:

billing@regenemm.com

2. Our privacy position

Regenemm is designed for healthcare environments where privacy, security, consent, clinical governance, and auditability are essential.

Our privacy model is based on the following principles:

• health information requires higher protection than ordinary application data;
• patients should have meaningful control over records shared through Regenemm Link;
• clinical data should be processed only for declared clinical, administrative, interoperability, patient-authorised, support, security, or legal purposes;
• Spokes provide bounded workflow surfaces, but durable clinical state returns to Regenemm Voice as the Hub;
• agentic assistants operate only inside declared workflow, role, consent, audit, and human-review boundaries;
• clinical outputs should preserve provenance and be reviewable;
• patient-facing or externally shared outputs should pass through appropriate release controls;
• identifiable patient records are not used to train AI foundation models.

3. Information we collect

The information Regenemm collects depends on the services used, the customer configuration, and the healthcare workflow involved.

We may collect or process the following categories of information.

Account and identity information

This may include:

• name;
• email address;
• organisation;
• role or professional position;
• user account details;
• authentication information;
• support contact details.

Clinical and health information

This may include:

• consultation notes;
• clinical documents;
• referral information;
• correspondence;
• pathology reports;
• radiology reports;
• medication information;
• allergies;
• diagnoses;
• procedures;
• care plans;
• discharge information;
• patient summaries;
• patient education material;
• other health information provided through the platform.

Patient-controlled information

Through Regenemm Link, patients may provide, organise, update, or share health-related information.

This may include:

• uploaded documents;
• home records;
• patient-reported information;
• sharing preferences;
• consent grants;
• carer or family access settings;
• GP or clinician sharing settings.

Interoperability information

Through Regenemm Connect, Edge Connector, and related integrations, Regenemm may process information from or for external systems, including:

• SMART on FHIR payloads;
• EMR-connected data;
• My Health Record-linked data where supported and authorised;
• HL7 messages;
• HealthLink-related data;
• practice management system information;
• pathology or radiology feeds;
• other approved clinical-system exports or imports.

Agentic workflow information

Where agentic assistants are used, Regenemm may process:

• task instructions;
• workflow state;
• agent inputs and outputs;
• tool calls;
• evidence references;
• policy checks;
• escalation records;
• human review records;
• audit events.

Agentic workflow information may contain clinical context and is treated as controlled health-adjacent data where patient information is involved.

Usage, device, and security information

We may collect:

• log-in activity;
• device and browser information;
• IP address;
• server logs;
• system events;
• audit logs;
• error reports;
• security events;
• product usage metadata.

We use this information to operate, secure, monitor, debug, and improve the platform.

Billing and transaction information

Where paid services are used, we may collect billing contact details, plan information, invoice history, and payment status.

Payment-card details should be handled by specialist payment providers. Regenemm does not need to store full card numbers inside the clinical platform.

4. How we use information

Regenemm uses information to:

• provide and operate our services;
• support clinical documentation workflows;
• support patient summaries and patient education;
• support care-team coordination;
• support patient-controlled record sharing through Regenemm Link;
• support interoperability through Regenemm Connect;
• ingest approved external data through the Edge Connector;
• support billing, triage, medicolegal, hospital, and home-monitoring workflows;
• authenticate users;
• maintain security;
• provide technical support;
• monitor platform reliability;
• maintain audit and provenance records;
• comply with legal and regulatory obligations;
• improve platform safety, usability, and performance.

We do not sell personal information.

5. Clinical AI and agentic assistants

Regenemm uses AI and agentic assistants to support healthcare workflows.

These systems may assist with:

• summarisation;
• documentation drafting;
• clinical correspondence;
• patient education drafts;
• workflow checks;
• missing-item detection;
• evidence retrieval;
• billing support;
• medicolegal preparation;
• escalation summaries.

Agentic assistants are not autonomous clinicians. They operate inside declared workflow boundaries and must not replace clinical judgement.

Where clinically material outputs are produced, Regenemm's intended model requires appropriate human review before clinical reliance, patient-facing release, or external disclosure.

Identifiable patient records are not used to train AI foundation models.

6. Hub-and-Spoke data governance

Regenemm is built around a Hub-and-Spoke architecture.

Regenemm Voice is the Hub and control plane. It governs clinical state, identity, consent, audit, provenance, orchestration, release, and data permanence.

Spokes provide bounded workflow surfaces, including:

• Hospital Hub;
• Home Hub;
• Regenemm Link;
• Billing;
• Triage;
• Medicolegal;
• Knowledge Base;
• Regenemm Connect;
• Edge Connector.

Spokes may collect, display, transform, or contextualise data for their workflow. They do not act as independent permanent stores of clinical truth unless expressly configured and governed for that purpose.

Durable clinical state, evidence, audit records, documents, and release artefacts return to Regenemm Voice through governed platform pathways.

7. Regenemm Link

Regenemm Link is designed as a patient-controlled record and sharing surface.

Patients may use Link to organise, update where supported, and share health information with authorised participants such as clinicians, general practitioners, hospitals, carers, or family members.

Sharing should be consent-oriented, purpose-bound, and auditable.

8. Regenemm Connect

Regenemm Connect is designed as the interoperability surface for external healthcare systems.

It may support:

• SMART on FHIR;
• EMR connectivity;
• My Health Record pathways;
• structured clinical data exchange;
• mapping between external systems and Regenemm domain objects.

Interoperability is treated as a governed boundary. Data exchanged through Connect is subject to authentication, consent, access control, audit, and residency requirements where applicable.

9. Edge Connector

The Regenemm Edge Connector is designed to operate near approved local systems and data sources.

It may receive or observe authorised data flows such as:

• HL7;
• HealthLink-related messages;
• pathology reports;
• radiology reports;
• practice management system signals;
• local server folders;
• approved clinical-system exports.

The Edge Connector feeds governed ingestion events into Regenemm Voice. It should not become an ungoverned long-term clinical record store.

10. Knowledge Base and retrieval

The Regenemm Knowledge Base supports evidence retrieval and clinical reference workflows.

It may include indexed biomedical literature, Regenemm internal knowledge, and other curated resources.

Knowledge retrieval can support clinician-facing review, patient education drafts, and agentic workflow context. It does not override patient-specific clinical truth governed by Regenemm Voice.

11. Data storage and residency

Regenemm is made in Australia and is designed with Australian healthcare requirements in mind.

For Australian healthcare workflows, our intended posture is Australia-first hosting and processing for:

• patient clinical information;
• Regenemm Link patient vault data;
• My Health Record-linked data;
• clinical audit logs;
• clinical documents;
• agentic run traces containing patient information;
• credentials and integration secrets.

Where data is processed outside Australia, this should occur only where legally permitted, contractually controlled, technically governed, and disclosed as appropriate.

My Health Record-linked workflows may require stricter data residency controls.

12. Security

Regenemm uses technical and organisational safeguards designed to protect personal information and health information.

These safeguards may include:

• encrypted communication;
• encrypted storage;
• access controls;
• role-based permissions;
• purpose-bound access rules;
• service identity;
• agent identity;
• audit logging;
• event correlation;
• credential isolation;
• secure infrastructure;
• secure development practices;
• monitoring and incident response.

No system can be guaranteed to be completely secure. Regenemm continually works to improve its security posture as the platform evolves.

13. Sharing and disclosure

Regenemm may disclose information where necessary to:

• provide the services;
• support authorised clinical workflows;
• connect with approved healthcare systems;
• support patient-directed sharing;
• provide technical or operational support;
• process billing;
• comply with legal obligations;
• investigate security or misuse concerns;
• work with approved service providers.

We do not sell personal information.

Where third-party service providers process information for Regenemm, they should be assessed for security, privacy, data residency, and contractual safeguards appropriate to the data they handle.

14. Service providers

Regenemm may use service providers for functions such as:

• cloud hosting;
• database services;
• authentication;
• email;
• transcription;
• AI infrastructure;
• analytics;
• logging and observability;
• payment processing;
• security monitoring;
• support operations.

Regenemm should maintain a service-provider register that identifies the purpose, data categories, region, security posture, and approval status of relevant providers.

15. Analytics

Regenemm may use analytics to understand website and product usage, improve reliability, and enhance user experience.

Analytics should not collect consultation text, uploaded clinical documents, patient records, identifiable clinical content, or agentic run payloads unless expressly approved for a controlled operational purpose.

16. Cookies and similar technologies

Regenemm may use cookies or similar technologies for:

• authentication;
• session management;
• security;
• user preferences;
• website analytics where enabled.

We do not use cookies to sell health information.

17. Data retention

Regenemm retains information for as long as needed for the purposes described in this policy, including clinical, operational, legal, audit, medicolegal, security, and regulatory purposes.

Retention periods may vary depending on the type of data, customer agreement, clinical context, legal requirements, and product configuration.

Clinical records, audit records, medicolegal records, and My Health Record-linked data may be subject to specific retention or handling requirements.

18. Access, correction, export, and deletion

Depending on your relationship with Regenemm and applicable law, you may request to:

• access personal information we hold about you;
• correct inaccurate information;
• export information where technically feasible;
• request deletion or retention review;
• change sharing preferences;
• withdraw or change consent where applicable;
• opt out of marketing communications.

Some requests may need to be handled through your healthcare provider, organisation, or the relevant clinical record holder.

Deletion or alteration may be limited where information must be retained for clinical, legal, audit, medicolegal, security, or regulatory reasons.

19. Children and young people

Regenemm may process information about children or young people where this is part of authorised healthcare activity or patient-controlled record use.

Where children's information is involved, additional care should be applied to consent, guardian access, sharing controls, and clinical governance.

20. Data breaches and incidents

Regenemm maintains processes to assess and respond to suspected privacy or security incidents.

Where required by law, affected individuals, customers, regulators, or other relevant parties will be notified.

21. Marketing communications

We may send product, service, or company updates where permitted.

You may opt out of marketing communications at any time. Operational, security, billing, or service-related messages may still be sent where required to provide the service.

22. International users

Regenemm is an Australian healthcare technology company. If services are provided outside Australia, additional regional privacy terms may apply.

International deployments may require specific contractual, hosting, data residency, and regulatory arrangements.

23. Changes to this policy

We may update this Privacy Policy as our services, legal requirements, or operational practices change.

Material changes should be communicated through the website, email, in-product notice, or another appropriate channel.

24. Contact us

For privacy questions, contact:
privacy@regenemm.com

For support:
support@regenemm.com

For billing:
billing@regenemm.com

For founder or company enquiries:
bren@regenemm.com

Regenemm Healthcare
Developed under Creative Thinking Institute
Made in Australia