Privacy Policy
Pilot version — applies to pilot participants only. A revised policy will be issued at public launch.
Our commitment
Caring for an ageing parent is one of the hardest things you will ever do. We built Navello because we have been in your shoes — overwhelmed by the aged care system, unsure where to turn, and worried about getting it right.
We take the trust you place in us seriously. This Privacy Policy explains, in plain language, exactly what information we collect, why we collect it, how we protect it, and what rights both you and your care recipient have.
We do not sell your data. We never will.
If anything in this policy is unclear, please contact us at privacy@navello.com.au.
About Navello
Navello Pty Ltd (ABN 78 691 881 526) is an Australian company that provides an AI-powered aged care navigation platform. We help carers (typically adult children) understand and navigate the aged care system for their elderly parents or loved ones (care recipients).
We are subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we collect and hold health information, we are covered by the Privacy Act regardless of our annual turnover. We also comply with the Victorian Health Records Act 2001 (Health Privacy Principles).
Information we collect
We only collect what is reasonably necessary to provide our service (APP 3.2).
3.1 Carer account information
When you create an account, we collect your name, email address, phone number (optional), and relationship to care recipient.
3.2 Care profile (health information)
When you build a care profile, we collect health information as defined in the Privacy Act. This includes care notes, care statuses, services, living situation, safety concerns, and care preferences.
3.3 Conversations and voice
- Chat conversations — your text interactions with Navello's AI assistant
- Voice input (dictation) — processed by Google Cloud Speech-to-Text in Singapore (asia-southeast1 region). Audio is processed in real-time and not stored after transcription.
3.4 Automatically collected information
Device information, IP address (city/state level only), usage analytics (anonymous identifiers), session data, and error logs.
3.5 What we do not collect
- We do not access your device's contacts, photos, or files
- We do not track your browsing activity outside of Navello
- We do not use advertising trackers or sell data to advertisers
- We do not access the care recipient's medical records or My Health Record
- We do not retain voice audio after transcription
Why we collect your information
We collect information to provide our service, manage your account, deliver care navigation, improve the service (you can opt out), ensure safety, comply with legal obligations, and send service communications.
How our AI works
5.1 The technology
Our AI assistant is powered by Google's Gemini model, accessed through Vertex AI. All Vertex AI processing occurs in Google Cloud's Sydney (australia-southeast1) region.
5.2 What the AI can access
The AI reads your care profile and conversation history to provide contextual guidance. It may add notes to your care profile automatically when it identifies relevant information — these notes appear immediately in your conversation. You can edit or remove any auto-saved note at any time.
5.3 What the AI does not do
- Does not provide medical advice
- Does not provide legal or financial advice
- Does not make decisions for you
- Directs you to call 000 if you describe an emergency
5.4 Product improvement
We do not train AI models. If you opt in, we may review your conversations to evaluate and improve our AI responses. You can opt out at any time through your account settings or by emailing privacy@navello.com.au.
Care recipient privacy
When you use Navello, you enter personal and health information about another person — your care recipient. This creates a third-party data collection situation that we take very seriously.
Care recipients have the same privacy rights as carers. They can access their information, request correction, request deletion, opt out of product improvement, and make a complaint.
Contact us at privacy@navello.com.au for all care recipient privacy matters.
Who we share your information with
We do not sell your personal information. We never will.
We share information only with service providers necessary to operate Navello:
| Provider | Purpose | Location | Data shared |
|---|---|---|---|
| Google Cloud / Vertex AI | Cloud hosting, AI processing | Australia (Sydney) | Care profiles, conversations (encrypted) |
| Neon | Database hosting | Australia | All application data (encrypted) |
| Clerk | Authentication | US | Account credentials only — no health data |
| Langfuse | AI monitoring | Australia (self-hosted) | Conversation traces — 90 day retention |
| PostHog | Product analytics | EU | Anonymous usage events — no health data |
| Tavily | Web search for AI | US | General queries only — no personal data |
We will notify you at least 30 days before adding any new subprocessor that handles health data.
Cross-border data transfers
All identifiable health data is stored and processed in Australia. The only data that leaves Australia is de-identified, anonymised, or contains no health content.
Under APP 8, Navello remains accountable for your personal information even when it is processed overseas.
Data retention
| Data type | Retention period |
|---|---|
| Account data | Active account + 30 days after closure |
| Health information (care profiles) | As required by applicable privacy legislation |
| Conversations | Deletable on request; deleted 30 days after request |
| AI monitoring data (Langfuse) | 90 days |
| Audit logs | 2 years |
| Analytics data (PostHog) | 90 days |
Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use row-level security, role-based access controls, multi-factor authentication for staff, and audit logging.
Our infrastructure is hosted on Google Cloud Platform (Sydney region), which maintains SOC 2 Type II and ISO 27001 certifications.
Your rights
You have the right to access, correct, delete, and export your personal information. Many rights can be exercised directly from your account settings.
Email: privacy@navello.com.au — we respond to formal requests within 30 days.
Complaints
Step 1: Contact us at privacy@navello.com.au. We aim to resolve complaints within 30 days.
Step 2: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au or call 1300 363 992.
Data breach response
We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. If a breach occurs, we will contain it, assess it, notify the OAIC, and notify all affected individuals.
Not a health service provider
Navello is not a health service provider within the meaning of the Privacy Act 1988. We provide aged care navigation and information services only.
If you or your care recipient are experiencing a medical emergency, call 000 immediately.
Contact us
| Details | |
|---|---|
| Company | Navello Pty Ltd |
| ABN | 78 691 881 526 |
| Privacy email | privacy@navello.com.au |
| Response time | 1–2 business days (general), 30 days (formal requests) |
This Privacy Policy is governed by the laws of the Commonwealth of Australia.
© 2026 Navello Pty Ltd. All rights reserved.