top of page

Privacy Policy

Last Updated: July 22, 2025

This Privacy Policy explains how Mendalia, a product of Sirohi Corporation Pty Ltd (ABN 73 683 661 181), collects, uses, discloses, and secures personal and clinical data in accordance with applicable privacy laws in Australia and internationally.

By using Mendalia, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
 

1. About Mendalia

Mendalia is an AI-powered clinical decision support platform built for use by licensed healthcare professionals and organisations. It is developed and operated by Sirohi Corporation Pty Ltd, located in South Australia.

For questions regarding this Privacy Policy, please contact us at: contact@mendalia.com; www.mendalia.com

2. Scope

This Privacy Policy applies to all users of Mendalia’s services, website, and software platform. It applies to any data collected through your interaction with our platform, including:

  • Clinical users (individual doctors, clinics, hospitals)

  • Trial or demo users

  • Partners or third-party integrations
     

3. Types of Personal Information Collected

We collect the following types of information:

a. Account and Identity Data

  • Name

  • Work email address

  • Contact number

  • Organisation and professional details

  • User credentials and profile settings

b. Operational and Transactional Data

  • Subscription details

  • Payment or invoice data (processed via secure third-party systems)

  • Account activity logs

c. Clinical and Health Data (Optional and Controlled)

  • Case descriptions input by users

  • Uploaded diagnostic reports, labs, and medical letters

  • Information derived from use of AI summaries

d. Device and Technical Information

  • IP address

  • Browser type and version

  • Device identifiers and operating system

  • Access times and session metadata

e. Communication and Support Data

  • Contact requests

  • Customer service records

  • Feedback and surveys
     

4. How We Collect Information

Information is collected:

  • Directly from you when you create an account or use the platform

  • Automatically through your interactions (cookies, log files, session tracking)

  • When you upload documents or enter patient information voluntarily

  • When you contact our support, sales, or compliance teams
     

5. Use of Information

We use your data to:

  • Deliver our AI-powered support services

  • Provide a personalised clinical experience

  • Ensure platform security and reliability

  • Process payments and manage subscriptions

  • Respond to enquiries and support requests

  • Improve our AI models (only with explicit user consent and data anonymisation)

  • Comply with legal obligations and regulatory audits
     

6. Data Storage and Localisation

We adopt a local-first storage model:

  • All data is hosted in secure, region-specific servers (e.g., within Australia for AU users)

  • Data is encrypted in transit (TLS 1.3) and at rest (AES-256)

  • Session data is transient unless you opt to store cases for follow-up

  • Logs are retained for audit, fraud prevention, and debugging for up to 12 months
     

7. Legal Basis for Processing

Under the Privacy Act 1988 (Cth), GDPR, and other applicable laws, we process your data under the following bases:

  • Consent (e.g., for AI feedback, case retention)

  • Contractual necessity (e.g., to deliver subscribed services)

  • Legitimate interest (e.g., for security and product improvement)

  • Legal obligation (e.g., fraud detection, audit trails)
     

8. Disclosure of Personal Information

We do not sell or share your information for commercial purposes. We may disclose your information:

  • To trusted service providers who process data under binding agreements

  • To regulatory authorities if legally compelled

  • To legal counsel in the event of claims, investigations, or violations

  • With your consent, in the case of research collaborations or referrals
     

9. International Transfers

Where personal information is transferred outside your country (e.g., for global support services), we:

  • Ensure data remains encrypted

  • Require service providers to comply with equivalent legal and contractual standards

  • Minimise transfer volumes and duration
     

10. AI Processing and Model Interaction

  • AI insights are generated dynamically; we do not retain model output unless explicitly stored by the user

  • Prompts and responses are never used to train public AI models

  • We do not apply generative AI for diagnosis or treatment recommendations
     

11. Your Responsibilities

You are responsible for:

  • Ensuring you have legal authority to input any personal or patient data

  • Obtaining informed consent when required

  • Using the platform in accordance with applicable laws and codes of conduct
     

12. Your Rights and Access

You have the right to:

  • Request access to personal data we hold

  • Request correction of inaccurate data

  • Request deletion of stored data (except as legally required)

  • Withdraw consent for optional features (e.g., AI feedback logging)

Requests may be sent to contact@mendalia.com
 

13. Security Measures

We follow rigorous security standards, including:

  • Multi-layered network security

  • Role-based access control (RBAC)

  • Two-factor authentication (2FA)

  • Regular third-party penetration testing

  • Data loss prevention (DLP) systems

No internet-connected system can guarantee absolute protection, but our systems exceed industry benchmarks.
 

14. Data Retention

  • Account information: retained while your account remains active

  • Case data: retained only with your explicit consent

  • Analytics and log data: retained up to 12 months unless longer required by law
     

15. Cookies and Analytics

Mendalia uses first-party cookies to support:

  • User login sessions

  • Anonymous traffic analytics

  • Security monitoring (e.g., bot detection)

No third-party advertising or marketing cookies are used.
 

16. Children and Minor Users

Mendalia is intended for use by healthcare professionals. It is not marketed to, nor suitable for, individuals under 18. We do not knowingly collect information from children.
 

17. Changes to This Privacy Policy

We may revise this policy periodically. Material changes will be communicated via:

  • Email to registered users

  • Banner notifications on the platform

The most current version will always be available at www.mendalia.com/privacy-policy

18. Contact Us

For all privacy and data handling questions, contact:

Sirohi Corporation Pty Ltd
ABN: 73 683 661 181
SA 5000, Australia
 contact@mendalia.com
www.mendalia.com

This Privacy Policy is governed by:

  • The Privacy Act 1988 (Cth) (Australia)

  • The General Data Protection Regulation (GDPR) (EU)

  • The Health Insurance Portability and Accountability Act (HIPAA) (USA)
     

We are committed to ethical, secure, and lawful data practices that uphold the trust placed in us by clinicians and institutions alike.

bottom of page