NovoPsych logo
NovoPsych logo

Privacy Policy & Security

NovoPsych Psychometrics 

Updated November 2025

This Privacy Policy explains how we, NovoPsych Pty Ltd (ABN 99 158 319 629), protects the privacy of personal information when using the automated psychometrics platform known as NovoPsych Psychometrics.

Note, that there is a separate privacy policy for NovoNote AI Scribe, found here. 

NovoPsych is the custodian of your data, but you remain the owner. Every step has been taken to help you manage your information securely and confidentially. We are firmly committed to protecting the privacy and confidentiality of personal information and maintain robust physical, electronic and procedural safeguards to protect personal information in our care.

This page is broken into two sections, our Privacy Policy, which outlines what we do with data, and a Data Security section, which outlines how we keep your data secure.

We’ve tried to make this page as easy to read as possible.  After all, it’s your information, and you deserve to know what we do to protect it, and all the rights you have. If there is anything you’re not sure of the meaning of, you can see the “Definitions” section at the end. Otherwise, please contact us here, and we’d be happy to answer any questions.

We’ve taken care to structure our privacy policy and security protocols to be consistent with Australian (APP), European (GDPR) and North American (HIPAA) standards. 

Australian Compliance

NovoPsych complies with Australian Privacy Principles. The Australian Privacy Act 1988 and Australian Privacy Principles govern the standards and obligations to Australian organisations, including the following:

  • the collection, use and disclosure of personal information
  • an organisation or agency’s governance and accountability
  • integrity and correction of personal information
  • the rights of individuals to access their personal information

European Compliance (GDPR)

The European General Data Protection Regulation (GDPR) sets out clear standards for data protection, which NovoPsych meets or surpasses. In August 2024 NovoPsych reviewed our security to ensure we met GDPR standards, including:

  • documented a privacy by design approach to compliance
  • demonstrated compliance with privacy principles
  • enhanced transparent information handling practices

GDPR requirements are complementary to other countries’ standards, such as Australia’s. These laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. GDPR  requires businesses to implement measures that ensure compliance with a set of privacy principles, and both take a “privacy by design” approach to compliance. Data breach notification is required in certain circumstances under the GDPR and under the Privacy Act. In addition, privacy impact assessments, mandated in certain circumstances under the GDPR, are expected in similar circumstances in other jurisdictions. 

Although not a requirement of GDPR, organisations in Europe with internal governance guidelines may opt for servers to be located within their own country, which can be accommodated by NovoPsych under the Enterprise Plan.

United States regulations (HIPAA Compliance)

NovoPsych is HIPAA compliant. If you are in North America, please see our Business Associate Agreement.

NovoPsych complies with the California Privacy Rights Act (CPRA). We do not sell or share personal information for advertising purposes.

As a software vendor committed to HIPAA compliance, we have implemented a comprehensive set of safeguards to ensure the privacy and security of Protected Health Information (PHI). We utilize encryption to protect data both at rest and in transit, ensuring that PHI is secure from unauthorized access. Access to the system is controlled through multi-factor authentication and role-based access controls, ensuring only authorized personnel can interact with sensitive information. We conduct regular risk assessments and have developed a formal data backup and disaster recovery plan to maintain continuity in the event of a system failure. Additionally, all third-party vendors that interact with PHI sign Business Associate Agreements (BAAs), ensuring they are also HIPAA-compliant. Our employees undergo security training to remain informed of regulations and best practices. Lastly, we have established a robust breach notification process to ensure timely reporting and mitigation of any security incidents, further protecting the integrity and confidentiality of PHI.

Canadian regulations (PIPEDA and PIPA Compliance)

We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Personal Information Protection Act (PIPA) in British Columbia and Alberta. Our commitment to these standards ensures that your data is collected, stored, and processed responsibly, and in compliance with Canadian privacy laws.

NovoPsych Psychometrics Privacy Policy

Categories of Data Collected

NovoPsych collects several categories of data in order to provide our services safely, securely, and effectively. The types of data collected depend on the features used and whether the user is a clinician or a client/patient of a clinician.

We distinguish between Personal Data, Sensitive Health Data, Technical & Usage Data, and Financial/Billing Data, as outlined below.

Identity Data

Information that can be used to identify a clinician.

This may include:

  • Name
  • Email address
  • Practice name or employment settings
  • Professional details (e.g. role)
  • Account login details (username, hashed password)

Patient Health & Clinical Data (Sensitive Information), including Protected Health Information (PHI)

Sensitive health information entered by clinicians or clients/patients regarding clients.
This may include:

  • Psychometric assessment responses
  • Scores, results, reports and interpretations
  • Demographic information (e.g., age, gender)
  • Health-related information (e.g., diagnoses, symptoms)

Note: Clinicians can control the extent to which identifiable patient information is included. Clinicians may use of pseudonyms or client codes.

Technical & Device Data

Automatically collected data needed to maintain platform performance, security, and troubleshooting.
This may include:

  • IP address
  • Browser type and version
  • Device identifiers and operating system
  • Time zone and language settings
  • Access times, session duration, and log data
  • Error logs and diagnostic information

Usage Data

Data about how clinicians and patients interact with the platform.
This may include:

  • Frequency and duration of platform use
  • Responses to in-product surveys or feedback tools
  • Metadata related to psychometric assessments (e.g., time to complete)

All usage data used for analytics is de-identified or aggregated wherever practicable.

Financial & Billing Data

Information required to process payments or manage subscriptions.

Collected via secure third-party providers such as Stripe and Chargebee.
This may include:

  • Billing name and address
  • Transaction history
  • Partial payment card information (tokenised — NovoPsych never sees full card numbers)
  • Tax information where required

Cookies & Tracking Data

NovoPsych uses cookies and similar technologies to enable secure login, maintain sessions, and understand how users interact with the service.

This may include:

  • Session cookies
  • Preference cookies
  • Analytics cookies (e.g. page performance, load time)

Users may disable cookies through their browser, although doing so may limit functionality.

Optional Communication Data

Information voluntarily provided when contacting us.

This may include:

  • Support requests and correspondence
  • Survey responses
  • Error reports submitted by users
  • Training or onboarding communications

How We Use Data

All information we collect directly or indirectly about users or their patients is strictly confidential. We do not rent, lease nor make available customer lists or any other identifiable information contained in customer accounts (including patient details), to third parties. We will not reveal, disclose, sell, distribute, rent, license, share or pass onto any third party (other than those who are contracted or supply services to us including spam filter operators) any identifiable information that may have been provided to us directly, or stored in a customer’s account unless we have express consent to do so, other than in the circumstances set out in this policy.

Service Provision

We require this information to understand your needs and provide you with a better service, and may use the data for the following reasons:

Communication

We may use personal data to contact users with information about new features or announcements, to update users on the status of their account, to issue invoices, receipts, payment reminders, to provide training information, operational communications (like security updates), to send marketing communications, to seek feedback, or communicate other information that may be relevant.

We don’t recommend it, but you can opt-out of receiving emails about new features and similar announcements by clicking on the ‘opt-out’ link or instructions in the email. Users cannot opt-out of receiving some transactional emails or notifications relating to their account status, security announcements or other communication that might be essential to the operation of their account.

Customer Support

We use personal data to provide assistance with the resolution of any technical support issues and to assist users with using our service.

Ending Service Provision

Of course, users that cease to use NovoPsych, and all business with us is concluded (for example they have closed their practice and their NovoPsych account), can opt-out of all communications from us. See below section for your rights on deleting data.

Legal Basis for Processing (under GDPR)

For users from the European Economic Area (EEA), NovoPsych’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

NovoPsych may process your Personal Data because:

  • We need to perform a contract with you;
  • You have given us permission to do so;
  • The processing is in our legitimate interests and it’s not overridden by your rights;
  • For payment processing purposes;
  • To comply with the law.

Location of Your Data

If you’re on an Enterprise Plan you can opt to have your data stored in your country of operation, such as the UK, Australia, USA, Canada or, European Union. When opting for data location, choosing your jurisdiction is beneficial for data security, compliance  and speed purposes.  For other users who have not specified a data location, Patient Data is stored in Australia. Other data (non Patient Data) will not be stored outside of Australia, the USA, Ireland and the UK. These practices are consistent with Australian Privacy Principles, HIPAA & GDPR. 

Research and Your Data Choices 

By default, no user data is used for research or psychometric development for users with a paid NovoPsych account. Free user accounts can opt out of anonymous data being used for these purposes.  All features of NovoPsych operate fully without requiring any data-sharing beyond what is needed to deliver the service. 

Clinicians may voluntarily opt in to allow NovoPsych to use de-identified, aggregated data to improve the science and practice of psychological assessment, supporting the ongoing refinement of the assessment tools used in practice. You can review and change your settings at any time in your NovoPsych account under Account → Data & Privacy. We provide information about NovoPsych’s Psychometric Research on our website.

If you choose to opt in, you may enable any of the following options:

  1. Benchmarking Improvements
    Contribute fully de-identified, aggregated psychometric data to help improve benchmarks of treatment response or clinical thresholds.
  2. Psychometric Development (Beta or In-Development Scales)
    Specifically for assessments labelled “beta” or “in-development”, allow anonymous responses to be used to validate and refine instruments as part of Human Research Ethics Committee (HREC) approved projects.
  3. Academic Research Partnerships
    Permit anonymised psychometric data to be shared with approved university research teams.  All such projects operate under Human Research Ethics Committee (HREC) approval, and no identifiable information is ever shared.

These options allow clinicians to voluntarily contribute to the ongoing improvement of psychometric tools and clinical benchmarks used in practice.

De-Identified & Aggregated Data

NovoPsych’s research projects aim to improve psychometrics, support research collaborations, and enhance product performance. The research involves the creation and analysis of aggregated and de-identified data sets. These datasets cannot be used to identify any individual and do not contain names, email addresses, or any other identifiable information.

More information about NovoPsych’s research projects is available here.  

Details of Human Research Ethics Committee (HREC) Approvals

All academic research NovoPsych conducts is approved by university Human Research Ethics Committees. Below are details of such projects. 

Griffith University Human Research Ethics Committee (GUHREC 2022/070)
Construct Validity of the Caregiver Composite Questionnaire: A Confirmatory Factor Analysis. 

Macquarie University Human Research Ethics HREC Humanities & Social Sciences Committee. 24/05/2024
Examining Covariation in Self-Reported Symptoms within DSM-5 Disorders During Treatment.  Reference No: 520241691957021 

University of Melbourne Human Research Ethics Committee
A Retrospective Study of Outcomes of Users of Psychological Services. This research ran from 13/9/2021 to 31/12/22. Consistent with this Privacy Policy, no identifiable information was shared. Non-personal aggregated data was provided to University of Melbourne researchers. No individual assessment results were provided, only collated statistics.  

 Southern Cross University Human Research Ethics Committee.  23/04/2024
Exploring Interconnections Among Mental Health Conditions and Enhancing Measurement of Psychological Constructs Using Routinely Collected Psychometric
Data. Principal Researcher: Dr Mary-Anne Kate

Monash University Human Research Ethics Committee  (Project ID: 45278): 9/10/2024
Psychometric Analysis of Mental Health Symptom Scales. Chief Investigator: Dr Ben Buchanan 

How your data might be shared

NovoPsych will not disclose any identifiable data uploaded to our servers to anyone else, including for research, without permission, except for the following reasons;

Legal or Moral Requirement

In rare circumstances, where permitted or required by law, requested and needed for a patient’s emergency treatment in exceptional circumstances, or for the prevention of immediate risk of loss of life or serious harm; to various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes, we will share the personal data necessary.

International Data Transfers

NovoPsych operates internationally and we may share, transfer and process data in countries other than the country you live in. These practices are consistent with Australian Privacy Principles, GDPR and HIPAA. These countries may have different laws but rest assured that when we share personal data to a third party, we take all reasonable steps to ensure that personal data remains protected in the manner you would expect. For individuals in the European Economic Area (EEA), your data may be transferred outside of the EEA but it will only be transferred to countries that provide adequate protection, or to a third party where we have reviewed their data protection processes and policies for adherence to the GDPR Standard Contractual Clauses.

Infrastructure Sub-Processors

In order to provide our services to customers and their patients, NovoPsych Psychometrics employs third party companies and individuals to assist with providing the services. Where necessary, we share a limited amount of personal data with our third-party service providers and sub-processors. NovoPsych Psychometrics takes care to select integration partners who have good data management policies in place and will only share the data necessary for the integration to work effectively. In all cases, we provide only the minimum amount of personal data that is needed to perform the service and take reasonable steps to ensure these parties have appropriate data protection safeguards in place.

A list of our sub-processors is as follows;

Entity Name

Corporate Location

Activities

Amazon Web Services, Inc (AWS)

United States

Web hosting (Australian Server)

Chargebee

United States

Invoicing and subscription services, CRM

Google, LLC

United States

Analytics, Email

Stripe

Ireland

User payments

Mailchimp

United States

Email sending

Atlassian

Australia

Issue tracking, feature requests

Corporate Transactions

In the unlikely event that NovoPsych is involved in a merger, acquisition or asset sale, Personal Data may be ultimately transferred as part of the completed transaction. However all data remains subject to the promises made in this Privacy Policy unless the customer agrees to be subject to new Privacy Policy terms.

How we retain your data

We will retain Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will also retain and use Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Your rights to your data

We aim to take reasonable steps to allow you to correct, amend, delete, destroy or limit the use of your Personal Data. If you are a resident of the European Economic Area (EEA), you have certain data protection rights, and we extend these rights to all users. In addition, Under Australian Privacy Principle 11 (APP 11) we are required to take reasonable steps to destroy or de-identify personal information when it is no longer required for the purpose for which it was collected.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where NovoPsych relied on your consent to process your personal information.

If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us. Please note that we may ask you to verify your identity before responding to such requests. (If you are a patient or client of a business that uses NovoPsych you will need to contact that business directly to discuss and evoke your protection rights.)

If you live in the EEA, you have the right to complain to a Data Protection Authority about our collection and use of your Personal Data (see below for information about how to contact them). For more information, please contact your local data protection authority in the European Economic Area (EEA).

Sharing NovoPsych Psychometric data with NovoNote

If a NovoPsych Psychometrics user uses other products produced by NovoPsych Pty Ltd, such as NovoNote, then information gathered through NovoPsych Psychometrics may be shared with NovoNote in order to improve the quality of service. For example, client files are synced between NovoPsych Psychometrics and NovoNote, and psychometric information may be integrated into notes produced by NovoNote, only if a NovoPsych Psychometrics user is also using NovoNote. Note, the NovoNote AI Scribe Privacy Policy  applies to psychometrics data that a user integrates into their use of NovoNote AI Scribe.

Exemptions

Note that this policy refers to customer and user data and where applicable, the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation will apply.

Changes to this policy

From time to time, we may review and update this Privacy Policy. Revised versions will be updated on this website and will be effective once posted.

NovoPsych Psychometrics Data Security

NovoPsych will take extensive steps to protect the personal information we hold from any misuse, interference, loss, and unauthorised access, modification or disclosure.

Data Security

NovoPsych has an extensive range of security measures in place to protect personal information from unauthorised access, use, or loss. Our servers are maintained in a controlled and secured environment and access is restricted to only those who need it in order to provide the service.

NovoPsych uses 256 bit encryption. We use the cryptographic algorithms SHA-256 with RSA Encryption for our main services.

In addition, our 256bit (Security Sockets Layer) SSL encryption and has employed a number of high level security protocols to protect personal data. Strong encryption such as 256 bits, is over a trillion times stronger as 40-bit encryption. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would theoretically require a trillion years to break into a session protected by a Server Gated Cryptography (SGC) enabled certificate.

Below are some of the processes that we have implemented to protect your security.

  • The infrastructure we use (AWS) complies with the Commonwealth Government standards governing the security of IT systems and infrastructure.
  • The data centre is an enterprise grade data centre with world-leading Class 1IDC infrastructure. This is the same data centre used and approved by the Department of Health and Ageing.
  • Data is fully monitored with 24×7 security guards onsite and premises under constant CCTV surveillance.
  • To comply with Australian Laws, all data, backups and offsite backups are stored within Australia.
  • The data you enter in NovoPsych is replicated among several database servers, as well as backed up off-site to prevent a single failure from causing data loss.
  • The multiple redundant VMware platform utilised offers, load balanced ESX servers to maximise performance and availability which has a minimalistic chance of unavailability
  • A full time staff member who acts as our Data Security and Protection Officer. 

Third-Party Risk Management

NovoPsych engages third-party service providers only after assessing their security posture and suitability for handling health-related personal information. Vendors must meet strict privacy, compliance, and security requirements, including adherence to the Australian Privacy Principles.

Contracts with third parties include obligations relating to confidentiality, data protection, and breach notification. We periodically review vendor compliance and monitor changes that may affect the risk profile of our service.

Accreditations and Certifications

We choose our partners carefully. Our hosting partner, Amazon Web Services (AWS), has achieved the following accreditations and certifications:

  • PCI DSS Level 1 (Payment Card Industry Data Security Standard)
  • ISO 27001 (Information Security Management System)
  • FIPS 140-2 (United States Federal Information Processing Standard)

Access Controls and Identity Management

NovoPsych maintains strict access control measures to ensure that only authorised personnel can access systems containing personal and clinical information. Access privileges follow the principle of least privilege and are granted based on job role and operational necessity.

All internal administrator access requires multi-factor authentication such as locally installed VPNs and is logged and reviewed regularly. NovoPsych staff accounts are provisioned and deprovisioned through documented procedures to prevent unauthorised or lingering access.

User (clinician) accounts within NovoPsych are protected via secure password hashing, session management, and optional two-factor authentication. We enforce minimum password complexity requirements and encourage users to adopt strong authentication practices. Session timeouts and automatic logout are applied to reduce the risk of unauthorised use on unattended devices.

Data Breaches

Under the Notifiable Data Breaches (NDB) scheme any organisation or agency the (Australian) Privacy Act 1988 covers must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in harm to an individual whose personal information is involved. A data breach occurs when there is unauthorised access or disclosure. For example, when:

  • a device owned by NovoPsych with a customer’s personal information is lost or stolen
  • a NovoPsych database with personal information is hacked
  • personal information is mistakenly given to the wrong person

NovoPsych has never had a data breach of this nature however if one were to occur we would notify customers and OAIC immediately.

Data Retention and Data Deletion Policies

NovoPsych retains client assessment data for as long as it is necessary to provide services to clinicians and in accordance with clinician needs and legal obligations. As the Data Processor, NovoPsych acts under the lawful instructions of clinicians regarding data storage duration.

Clinicians may delete assessment data at any time. When a deletion request is submitted, data is removed from active systems and scheduled for secure deletion from backups during their standard lifecycle. Secure deletion is performed using AWS cryptographic erasure methods.

Users may export their data at any time for local backup or clinical record-keeping in accordance with professional and regulatory requirements.

Backups

NovoPsych data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up to the second redundancy.

In other words, we’ve got backups for your backups and a contingency in place to handle any potential interruptions to the storage process. Don’t forget that you can also export your data and create your own backups too.

Logging, Monitoring and Incident Detection

NovoPsych employs continuous logging and monitoring to detect and respond to suspicious or unauthorised activity. System events—including authentication attempts, administrative access, configuration changes, and anomalous behaviours—are logged and retained in line with security and operational requirements.

Monitoring tools alert our technical team to potential threats in real time. We use AWS-native monitoring services to identify unusual patterns that may indicate security risks. All security incidents are investigated promptly following internal incident response procedures.

Security Audits and Penetration Testing

NovoPsych conducts regular internal security audits and engages qualified external providers to perform independent penetration testing. These reviews evaluate the resilience of our systems, identify vulnerabilities, and confirm that our security controls are functioning as intended.

Vulnerabilities are logged, prioritised, and remediated in accordance with severity and potential impact. 

Business Continuity and Disaster Recovery

NovoPsych maintains comprehensive Business Continuity and Disaster Recovery (BCDR) plans to ensure ongoing service availability. Our platform architecture is designed for high-availability using redundant AWS infrastructure located in multiple availability zones.

Key elements include:

  • Daily backups stored in multiple secure locations.
  • Rapid failover capability in the event of infrastructure disruption.
  • Defined recovery objectives, including a short Recovery Time Objective (RTO) and Recovery Point Objective (RPO) appropriate for clinical systems.
  • Regular testing and review of disaster recovery procedures.

These measures enable NovoPsych to maintain service continuity even during unexpected events.

Your Role in Security of Your Data

Our users also have an important role to play in keeping data secure. You are responsible for maintaining the confidentiality of your account details and password. Your passwords protect your personal information and you are responsible for any activities that occur in your account or in respect of your use of this service. Please let us know immediately if you suspect that the security of your password or account has been compromised in any manner.

Create a strong password

Use a unique password for your NovoPsych account. Since longer passwords are generally harder for criminals to break, try using a line from your favourite song or a short sentence you’ll easily remember. We require 8 or more characters in our passwords, have complexity requirements and non letter and number character requirements. 

Enable two-factor authentication

Two-factor authentication is an authentication mechanism to double check your identity is legitimate. The intention is to provide stronger protection against unauthorised access to user accounts. NovoPsych emails you a temporary code that you need to enter in order to login. That way, even if someone has unauthorised access to your password, they still can’t access your data. It is recommended that you have two-factor authentication enabled in your NovoPsych account.

Logout of NovoPsych when not in use

If you’re not using NovoPsych, logout, rather than keeping it logged on in a browser tab.

Keep your browser updated

An up-to-date browser will ensure that NovoPsych is performing at its best and that you have the latest protection against online threats.

Use “Guided Access” an iPads

If using NovoPsych on an iPad, ensure you’re familiar with ‘Guided Access’, which allows you to temporarily restrict your iPad to a single app (i.e. NovoPsych). If you have activated Guided Access before you pass your iPad to a client to complete the assessment they will not be able to exit NovoPsych. Only you will be able to deactivate Guided Access with a passcode.

When using NovoPsych on an iPad we recommend you become familiar with Guided Access so you can have an extra layer of security and your clients can’t access other data or apps on your iPad.

Instructions to set up Guided Access on your iPad can be found here:

https://support.apple.com/en-au/guide/ipad/ipada16d1374/ipados

Use passwords on your devices

Whether you use NovoPsych on a tablet or a computer, make sure that you have password protection to activate the device.

Protecting Your Clients

You are responsible for making sure that your clients’ / patients’ privacy and associated rights are respected. As your Data Processor, we will take care to protect the privacy of your patients and will process their Personal Data in accordance with the terms of our agreement with you, and under your lawful instruction.

How To Contact Us

We welcome your feedback. If you have any questions or concerns about our Privacy Policy or our privacy practices, if you would like to make a request for information, or if you believe that we have not complied with this policy, the Privacy Act, or other privacy obligations, please contact us at:

Attention: Data Protection Officer
Email: info@novopsych.com

Telephone: If you would prefer to speak by telephone, please email us with your
contact details and concerns, and we will respond in a timely manner. https://novopsych.com/contact-us

NovoPsych treats your privacy seriously and any complaints will be assessed by an appropriate person with the aim of resolving any issue in an efficient and timely manner.

If you are not happy with our handling of your privacy concerns, you can also contact your local data protection authority. Depending on your location, you can use the following links;

These organisations are independent from NovoPsych and can investigate privacy complaints.

Definitions

We used a heap of different terms in this policy. To make sure it’s clear what we are talking about, here are some definitions:

  • Personal Data
    Personal Data means data about an individual that allows them to be identified from that data. It may be provided directly by a user, or provided indirectly by a user about their client (for example a health practitioner entering data about their patient). Personal information does not include “aggregate” information, which is data we collect about a group or category of products, services or people, from which individual identities have been removed.
  • Usage Data
    Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Cookies
    Cookies are small pieces of data stored on a User’s device.
  • Data Processor
    Data Processor means the person or entity that processes data on behalf of a data controller. According to GDPR and for the purposes of this policy, NovoPsych is considered to be the data processor.
  • Data Controller
    Data Controller means a person or entity who determines the purposes for which and the manner in which any personal data are, or are to be, processed. As part of using NovoPsych you are likely to store personal data about your clients (or patients) in your NovoPsych account. According to GDPR and for the purpose of this Privacy Policy, you, our customer and user, are considered to be the Data Controller of the data given to us to set up and manage a NovoPsych account.
  • User
    The User (also referred to as our Customer) is the individual using our Service either directly or indirectly. The User is also referred to as the Data Subject and is any individual who can be identified via the Personal Data.
  • NovoPsych Psychometrics
    NovoPsych Psychometrics is a software product developed by the company NovoPsych Pty Ltd. NovoPsych Psychometrics provides, processes and stores psychometric questionnaires for use by mental health practitioners.