Privacy Policy
Pilot version — applies to pilot participants only. A revised policy will be issued at public launch.
Our commitment
Caring for an ageing parent is one of the hardest things you will ever do. We built Navello because we have been in your shoes — overwhelmed by the aged care system, unsure where to turn, and worried about getting it right.
We take the trust you place in us seriously. This Privacy Policy explains, in plain language, exactly what information we collect, why we collect it, how we protect it, and what rights both you and your care recipient have.
We do not sell your data. We never will.
If anything in this policy is unclear, please contact us at support@navello.com.au.
About Navello
Navello Pty Ltd (ABN 78 691 881 526) is an Australian company that provides an AI-powered aged care navigation platform. We help carers (typically adult children) understand and navigate the aged care system for their elderly parents or loved ones (care recipients).
We are subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we collect and hold health information, we are covered by the Privacy Act regardless of our annual turnover. We also comply with the Victorian Health Records Act 2001 (Health Privacy Principles).
Information we collect
We only collect what is reasonably necessary to provide our service (APP 3.2).
3.1 Carer account information
When you create an account, we collect your name, email address, phone number (optional), and relationship to care recipient.
3.2 Care profile (health information)
When you build a care profile, we collect health information as defined in the Privacy Act. This includes care notes, care statuses, services, living situation, safety concerns, care preferences, and aged care funding events (e.g. progress through My Aged Care assessments and funding milestones).
3.3 Conversations and voice
- Chat conversations — your text interactions with Navello's AI assistant
- Voice input (dictation) — processed by Google Cloud Speech-to-Text in Singapore (asia-southeast1). Audio is streamed in real-time and not stored by Google after transcription; only the resulting text transcript is returned to Navello's Australian servers (see Section 8).
3.4 Automatically collected information
Device information, IP address (city/state level only), usage analytics (anonymous identifiers), session data, and error logs.
3.5 What we do not collect
- We do not access your device's contacts, photos, or files
- We do not track your browsing activity outside of Navello
- We do not use advertising trackers or sell data to advertisers
- We do not access the care recipient's medical records or My Health Record
- We do not retain voice audio after transcription
Why we collect your information
We collect information to provide our service, manage your account, deliver care navigation, improve the service (you can opt out), ensure safety, comply with legal obligations, and send service communications.
How our AI works
5.1 The technology
Our AI assistant is powered by Google's Gemini model, accessed through Vertex AI. All Vertex AI processing occurs in Google Cloud's Sydney (australia-southeast1) region.
5.2 What the AI can access
The AI reads your care profile and conversation history to provide contextual guidance. It may add notes to your care profile automatically when it identifies relevant information — these notes appear immediately in your conversation. You can edit or remove any auto-saved note at any time.
5.3 What the AI does not do
- Does not provide medical advice
- Does not provide legal or financial advice
- Does not make decisions for you
5.4 Product improvement
We do not train AI models. If you opt in, we may review your conversations to evaluate and improve our AI responses. You can opt out at any time through your account settings or by emailing support@navello.com.au.
Care recipient privacy
When you use Navello, you enter personal and health information about another person — your care recipient. This creates a third-party data collection situation that we take very seriously.
Care recipients have the same privacy rights as carers. They can access their information, request correction, request deletion, opt out of product improvement, and make a complaint.
Contact us at support@navello.com.au for all care recipient privacy matters.
Who we share your information with
We do not sell your personal information. We never will.
We share information only with service providers necessary to operate Navello:
| Provider | Purpose | Location | Data shared |
|---|---|---|---|
| Google Cloud / Vertex AI | Cloud hosting, AI processing | Australia (Sydney) | Care profiles, conversations (encrypted) |
| Google Cloud Speech-to-Text | Voice dictation transcription | Singapore (asia-southeast1) | Voice audio (real-time only — not stored) |
| Neon | Database hosting | Australia | All application data, including any feedback you submit through the app (encrypted) |
| Clerk | Authentication | US | Account credentials only — no health data |
| Langfuse | AI monitoring | EU | Conversation traces — 90 day retention |
| Loops | Transactional email | US | Name, email address, and account event metadata — no health data |
| Stripe | Payment processing & subscription management | US | Name and email address (if provided), the payment/card details you enter at checkout, and subscription & transaction records — no health data, no care profile data |
| Slack | Internal operational notifications | US | Notification metadata only (e.g. "new feedback received") — no user-submitted content, no name, no email, no care profile data |
| PostHog | Product analytics | EU | Anonymous usage events — no health data |
| Tavily | Web search for AI | US | General queries only — no personal data |
We will notify you at least 30 days before adding any new subprocessor that handles health data.
Third-party data sources
Navello incorporates publicly available aged care data published by the Australian Government — the Aged Care Provider Register (ACQSC), Star Ratings (Department of Health, Disability and Ageing), and the Aged Care Service List (data.gov.au) — under the Creative Commons Attribution 4.0 International licence. We attribute these sources and acknowledge that they do not endorse Navello. See Data Sources & Attribution for the full attributions and last-refreshed dates.
Cross-border data transfers
Identifiable health data is stored at rest in Australia. A small amount of data is transiently processed overseas, and a limited amount of non-health data is handled by overseas service providers:
- Voice audio for dictation is streamed to Google Cloud Speech-to-Text in Singapore (asia-southeast1) for real-time transcription. Audio is not stored by Google after transcription; only the text transcript is returned to Australia. Singapore maintains comprehensive data protection laws under the Personal Data Protection Act 2012.
- AI monitoring traces (Langfuse) are stored in the EU for up to 90 days. Traces may include conversation content and are used solely to monitor AI performance — they are not used to train models.
- Account and email metadata (name, email address, account event timestamps) is sent to Loops (US) to deliver transactional emails.
- Authentication credentials are handled by Clerk (US).
- Billing and subscription data (name, email address, the payment/card details you enter at checkout, and your subscription and transaction history) is handled by Stripe (US) to process payments and manage your subscription.
- General web search queries sent to Tavily (US) for AI research, with no personal or health information attached.
- Anonymous product analytics sent to PostHog (EU).
Under APP 8, Navello remains accountable for your personal information even when it is processed overseas.
Data retention
| Data type | Retention period |
|---|---|
| Account data | Active account + 30 days after closure |
| Health information (care profiles) | Kept while the relevant care profile is active. Deleted or de-identified within 30 days of profile deletion or account closure, except where retention is required by law or to resolve a dispute. |
| Conversations | Deletable on request; deleted 30 days after request |
| AI monitoring data (Langfuse) | 90 days |
| Audit logs | 2 years |
| Analytics data (PostHog) | 90 days |
Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use row-level security, role-based access controls, multi-factor authentication for staff, and audit logging.
Our infrastructure is hosted on Google Cloud Platform (Sydney region), which maintains SOC 2 Type II and ISO 27001 certifications.
Your rights
You have the right to access, correct, delete, and export your personal information. Many rights can be exercised directly from your account settings.
Email: support@navello.com.au — we respond to formal requests within 30 days.
Complaints
Step 1: Contact us at support@navello.com.au. We aim to resolve complaints within 30 days.
Step 2: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au or call 1300 363 992.
Data breach response
We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. If a breach occurs, we will contain it, assess it, notify the OAIC, and notify all affected individuals.
Not a health service provider
Navello is not a health service provider within the meaning of the Privacy Act 1988. We provide aged care navigation and information services only.
If you or your care recipient are experiencing a medical emergency, call 000 immediately.
Contact us
| Details | |
|---|---|
| Company | Navello Pty Ltd |
| ABN | 78 691 881 526 |
| support@navello.com.au | |
| Response time | 1–2 business days (general), 30 days (formal requests) |
This Privacy Policy is governed by the laws of the Commonwealth of Australia.
© 2026 Navello Pty Ltd. All rights reserved.