Privacy Policy

This Privacy Policy explains how Oexa Pty Ltd (ACN 640 736 910) (“Oexa”, “we”, “us”, “our”) collects, uses, stores and discloses personal information.

We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and the Notifiable Data Breaches scheme.

Oexa is headquartered in Queensland, Australia.

This Privacy Policy applies to personal information collected in connection with:

• Our website (oexa.co)
• Our software platforms, including Checkpoint, Healthd, Managed Intermediary and related services
• Our APIs
• Our mobile applications, including Scripty
• Any other products or services operated by Oexa (collectively, the “Services”)

Different Services may collect different categories of personal information depending on their purpose and users.

Depending on the Service and context, Oexa may act in different capacities:

Technology Provider to Pharmacies and Healthcare Professionals

Where pharmacies, corporate pharmacy groups, or healthcare professionals use our platforms, Oexa provides technical infrastructure and support. The relevant healthcare provider remains responsible for clinical decisions and patient records they create.

Direct Service Provider

Where individuals use an Oexa-operated website or mobile application (including Scripty), create an account, store ePrescription tokens, connect to their Active Script List or interact directly with us, Oexa collects and handles personal information to provide those Services.

Intermediary

Where we facilitate ePrescription token management and Active Script List or integrations with government systems, we act as a secure intermediary supporting information exchange.

We may collect the following categories of personal information:

General Information

• Name
• Address
• Email address
• Phone number
• Date of birth
• Account credentials
• Billing and payment information
• Device and usage data (such as IP address and browser type)

Health and Sensitive Information

Where relevant to the Services, we may collect sensitive information, including:

• ePrescription tokens
• Active Script List activation code
• Medication details
• Clinical information entered into forms
• Medicare number
• Individual Healthcare Identifier (IHI)
• Concession or healthcare card details
• Information shared with pharmacists or healthcare professionals through our platforms

Sensitive information is collected only with consent, where reasonably necessary to provide healthcare-related services, or where required or authorised by law.

We do not sell personal information.

We collect personal information when you:

• Create an account
• Use our platforms or mobile applications
• Upload or access an ePrescription token
• Make a booking
• Communicate with us
• Complete forms
• Integrate with our APIs

We may also receive information from pharmacies, healthcare providers, government systems (where authorised), and trusted third-party service providers.

We use personal information to:

• Provide and operate our Services
• Facilitate prescription management and healthcare workflows
• Enable pharmacies and healthcare professionals to provide services
• Verify identity
• Process transactions
• Provide customer support
• Maintain platform security
• Improve system performance and user experience
• Comply with legal and regulatory obligations

We may send service-related communications. Marketing communications are optional and can be unsubscribed from at any time.

Health information is not used for unrelated marketing purposes.

We may disclose personal information to:

• Pharmacies and healthcare professionals
• Corporate pharmacy groups using our platforms
• Government agencies where required by law
• Payment processors
• Cloud hosting and IT service providers
• Regulators or law enforcement agencies where required

We take reasonable steps to ensure third-party providers implement appropriate security safeguards.

Some technology service providers may be located outside Australia. Where personal information is disclosed overseas, we take reasonable steps to ensure it is handled in accordance with Australian privacy law.

Our website and applications may use cookies and similar technologies to:

• Enable authentication
• Improve functionality
• Monitor performance
• Analyse usage patterns

You can control cookies through your browser settings.

We implement reasonable technical and organisational measures to protect personal information, including:

• Encryption in transit
• Secure hosting environments
• Role-based access controls
• System monitoring and audit logging

While no system can guarantee absolute security, we take appropriate steps consistent with healthcare technology standards.

We retain personal information only for as long as necessary to:

• Provide our Services
• Comply with healthcare and legal recordkeeping requirements
• Resolve disputes
• Maintain system integrity

When information is no longer required, we take reasonable steps to securely destroy or de-identify it.

If we experience an eligible data breach under Australian law that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

Our Services are intended for use by adults. However, in some circumstances, our platforms may be used by a parent, guardian or authorised healthcare provider in connection with a minor (for example, where a prescription relates to a child). In those cases, personal information relating to the minor may be processed for the purpose of providing healthcare-related services in accordance with applicable laws.

You may request access to or correction of personal information we hold about you by contacting us at hello@oexa.co.

In some cases, requests relating to clinical records may need to be directed to the relevant pharmacy or healthcare provider.

If you believe we have breached the Privacy Act, you may contact us at hello@oexa.co.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.

We may update this Privacy Policy from time to time. The current version will always be published on our website with the effective date.