Privacy
Privacy Policy
Template policy for review. Last updated June 2026.
Information we collect
Episap may collect account details, clinician profile information, meeting metadata, patient case information entered by authorised users, consent records, audit events and technical logs needed to operate and protect the service.
How information is used
Information is used to create and run MDT meetings, maintain patient-case records, manage invitations and consent, support secure access, troubleshoot the service and comply with operational, legal and audit obligations.
Health and patient information
Patient information should only be entered by authorised care-team members for legitimate clinical coordination. Episap is designed to separate identifying information from clinical case content where practical and to limit access to users with a relevant role.
Australian data residency
Episap is intended to use Australian-hosted infrastructure for patient and clinical information where practical. If any service provider processing changes this position, the privacy and security review should be updated before production use.
Disclosure
Information may be disclosed to invited clinicians, authorised workspace members, service providers who help operate Episap, regulators or advisers where required, and other parties where the patient or account holder has authorised disclosure.
Security and retention
We use technical and organisational safeguards intended to protect information against unauthorised access, loss and misuse. Records are retained for as long as needed for clinical, operational, audit and legal purposes, unless deletion is required and permitted.
Access, correction and deletion
Users may request access to, correction of, or deletion of information. Some information may need to be retained where required for audit, legal, safety or clinical governance reasons.