Privacy Policy

Last Updated: 16 December 2025

This Privacy Policy explains how Logsage ("we", "us", or "our"), based in Perth, Western Australia, collects, uses, and protects your information when you use the Logsage application ("App").

We understand that as a psychology professional, confidentiality is your currency. We are the custodians of your data, but you remain the owner. Every step of our architecture has been designed to help you manage your professional logs securely, with a strict commitment to Australian Data Sovereignty.

1. Data Ownership

To ensure clarity under privacy laws (including the Privacy Act 1988 and GDPR), we distinguish between our role and yours:

  • You are the Data Controller: You determine what you log. You own the log entries, supervision records, and de-identified client metadata you create.

  • We are the Data Processor: Logsage acts as the secure vault for your data. We process and store data on your behalf, strictly in accordance with your instructions. We do not sell, rent, or trade your data to advertisers or third parties.

2. How We Protect Your Data

We utilise the same infrastructure providers trusted by banks and governments to ensure your data is safe.

a. Encryption (Bank-Grade Security)

We use industry-standard encryption protocols to protect your data at all times:

  • In Transit: When data moves between your device and our servers, it is protected by TLS (Transport Layer Security) 1.2 or higher.

  • At Rest: When your data is sitting in our database, it is encrypted using AES-256 (Advanced Encryption Standard). Theoretically, it would take a supercomputer trillions of years to crack this encryption level.

b. Physical Security & Infrastructure

We do not run our own physical servers in a back office. We partner with Amazon Web Services (AWS) and Supabase, whose data centres maintain world-leading certifications including ISO 27001, SOC 2 Type II, and PCI-DSS Level 1.

c. Access Controls (Row Level Security)

We implement strict "Row Level Security" (RLS) within our database. This acts like a digital safety deposit box: even at the deepest level of our system, a user cannot query or view data that belongs to another user unless explicitly authorised (such as a Supervisor approval).

d. Redundancy & Backups

Your data is replicated to prevent a single point of failure. We perform automatic daily backups to ensure that in the unlikely event of a system failure, your professional history remains intact.

3. Where Your Data Lives (Australian Sovereignty)

We know that data residency is critical for Australian psychologists. We have configured our infrastructure to ensure your core data stays on Australian shores.

  • Primary Hosting: Hosted on AWS Amplify in Sydney.

  • Database: Stored in Supabase (PostgreSQL) in Sydney.

  • AI Processing: Voice transcription is processed via Microsoft Azure in Australia East.

4. Artificial Intelligence & Privacy

We use AI to assist with data entry (Voice-to-Text), but we do so with strict boundaries to protect client confidentiality.

  • Zero Training: We use enterprise-grade endpoints. Your audio and log data are NOT used to train Microsoft or OpenAI's public models (e.g., ChatGPT).

  • Transient Processing: When you record a voice note, it is sent securely to Microsoft Azure (Australia) for transcription. Once the text is extracted, the audio file is discarded. It is not retained by the AI provider.

5. Information We Collect

We collect only what is necessary to provide a functioning logbook service.

  • Account Details: Name, email, and Ahpra registration details (to verify your program pathway).

  • Logbook Data: The dates, durations, and activity categories you enter.

  • Client Metadata: De-identified client codes (e.g., initials) and broad presenting issues.

    • Important Note: Logsage is a professional logbook, not a Clinical Record System. You should never enter fully identifiable client names or sensitive clinical notes into your professional logbook.

  • Billing Metadata: We collect your subscription status (e.g., "Active"). We do not store your credit card numbers; these are handled exclusively by Stripe, a global leader in secure payments.

6. Third-Party Service Providers

We choose our partners carefully. We share only the minimum amount of data necessary for these providers to perform their specific functions.

  • Supabase (Database): Located in Sydney, Australia. Used for the secure storage of your logs, user profile, and supervision records.

  • Amazon Web Services (Hosting): Located in Sydney, Australia. Used to deliver the secure web application to your browser.

  • Microsoft Azure (AI Services): Located in Australia East. Used to process voice transcription services securely.

  • Stripe (Payments): Global. Used for secure credit card processing (PCI-DSS Level 1 compliant). We do not see or store your card details.

7. Data Retention & Deletion

  • Your Control: You can export your full logbook data at any time (Right to Portability).

  • 7-Year Standard: As long as you maintain a subscription, we retain your data to assist you in meeting the 7-year record-keeping standard required by the Psychology Board of Australia.

  • Deletion: If you choose to leave Logsage, you can request the permanent deletion of your account. Your data will be scrubbed from our production systems.

8. Compliance

Our architecture is designed to support your regulatory obligations.

  • Australian Privacy Principles (APP) Compliant: We are transparent about data collection and provide you with access and correction rights.

  • GDPR: We support key GDPR rights, including the "Right to be Forgotten" and "Data Minimisation."

  • HIPAA: While Logsage is not a medical record system, our technical safeguards (encryption, access logging, audit trails) align with HIPAA standards for the protection of practice data.

9. Your Role in Security

Security is a partnership. You play a vital role in keeping your account safe:

  • Passwords: Use a strong, unique password.

  • 2FA: We strongly recommend enabling Two-Factor Authentication (2FA) in your account settings.

  • Client Privacy: Ensure you only enter de-identified client codes (e.g., "Client JW"), never full names or other personal identifying information.

10. Contact Us

We welcome your feedback. If you have questions about this policy or your data rights, please contact us:

Email: support@logsage.com.au

Location: Perth, Western Australia