Privacy, hosting, and data governance — built in from day one.
This page explains ROQAIAH's intended privacy posture, data-residency commitment, and security controls. It is a public trust note — not a substitute for contract-level privacy schedules or legal terms.
Minimum-PID design intent
ROQAIAH is designed around device-event records, not patient records. The preferred operating stance minimises unnecessary sensitive data. The workflow focuses on notices, devices, owners, actions, evidence, and exceptions — not patient health information.
AU data sovereignty
All data is intended to be stored exclusively in Australian data centres — Microsoft Azure Australia East (primary) with Azure Australia Southeast for backups only. No data leaves Australian Azure regions. This commitment is stated in customer contracts.
Controlled support access
Routine support does not depend on standing vendor access. All support access is Just-in-Time (JIT), customer-approved, time-limited, and fully logged. Customers can view all vendor access events in their activity history.
Transparency over theatre
ROQAIAH explains its operating model in plain language. No exaggerated claims about automation, compliance completion, or clinical function. What the platform does — and does not do — is clearly stated.
Privacy Policy
ROQAIAH Health Governance Pty Ltd · Version 1.0 [Draft — requires legal finalisation before publication] · Effective date: on entity formation
1. About this policy
ROQAIAH Health Governance Pty Ltd ("ROQAIAH", "we", "us", "our") is committed to protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs 1–13). This policy explains how we collect, hold, use, and disclose personal information in connection with our services.
2. What personal information we collect
We collect: contact information (name, work email, job title, organisation, phone); usage information (access logs, IP addresses, device-event records entered by authorised users); and communications content (enquiries, support requests, correspondence).
Minimum-PID design: The Recall Ready platform is designed around device-event records, not patient records. ROQAIAH does not require or store patient health information (PHI) as part of its standard service model.
3. How we use personal information (APP 3, 6)
We use personal information to provide and improve our services, to communicate about your account or enquiry, to send the Recall Watch bulletin (with your consent), and to comply with legal obligations. We do not use personal information for any purpose inconsistent with the purpose for which it was collected.
4. Data storage and sovereignty (APP 8)
All personal information collected through ROQAIAH's services is stored on infrastructure in Australian data centres (Microsoft Azure Australia East, backups to Azure Australia Southeast only). ROQAIAH does not transfer personal information outside Australia without your consent or unless required by law. This commitment is stated in all customer contracts.
5. Disclosure (APP 6)
We do not sell or share personal information with third parties for commercial purposes. We may disclose information to trusted subcontractors (such as Microsoft Azure) who are contractually bound to protect your information. We may disclose information if required by law.
6. Security (APP 11)
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Security controls are aligned to the ASD Essential Eight Maturity Level 1. We operate a zero-standing vendor access model — our team accesses production data only through JIT sessions that are customer-approved and fully logged.
7. Notifiable Data Breaches (NDB scheme)
ROQAIAH is subject to the NDB scheme under the Privacy Act 1988 (Cth). In the event of an eligible data breach, we will notify affected individuals and the OAIC within 30 days of becoming aware, as required by law.
8. Access and correction (APP 12, 13)
You have the right to request access to your personal information and to request corrections. Contact us at privacy@roqaiah.com.au. We will respond within 30 days.
9. Contact
Privacy Officer · ROQAIAH Health Governance Pty Ltd · privacy@roqaiah.com.au
Terms of Service
Version 1.0 [Placeholder — requires legal finalisation] · Governing law: Australia
1. Acceptance
By accessing or using ROQAIAH's website or services, you agree to be bound by these Terms and the Privacy Policy above.
2. Service description
ROQAIAH provides hospital workflow software for the administration and management of healthcare facility recall and adverse-event processes. The services are not intended to diagnose, screen, treat, or make recommendations about individual patients or clinical conditions.
3. Intellectual property
All intellectual property in the ROQAIAH platform, framework, and associated materials (including the ROQ-AIAH-STD-1000 standard, RCES artefact classes, and Healthchain architecture) remains the property of ROQAIAH Health Governance Pty Ltd and its principals.
4. Limitation of liability
[To be finalised by legal counsel — standard SaaS limitation of liability, capped at fees paid in the preceding 12 months for most claims.]
5. Contact
For terms enquiries: hello@roqaiah.com.au
Need the full privacy and hosting summary pack?
Request the current external-safe summary and specify whether the context is a website review, service discussion, or pilot conversation.