Effective Date: November 12, 2025
Last Updated: November 12, 2025

1. Introduction

JR Analytics Pty Ltd (“JR Analytics”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable data protection laws.

This Privacy Policy (“Policy”) explains how we collect, use, store, disclose, and protect your personal information when you use our websites, mobile applications, and digital health services (collectively, “Services”), including:

• jranalytics.com

• PulsEMR, Interpreting TEM (iTEM), Blood Location, MyMedNotes, and other JR Analytics products.

By accessing or using our Services, you confirm that you have read, understood, and agree to this Policy.

​

2. Scope

This Policy applies to all users of our websites, applications, and digital platforms, including healthcare professionals, partner organisations, and research collaborators.
It does not apply to services operated by third parties or to data handled under separate contractual or research agreements.

​

3. Information We Collect

We collect information to deliver and improve our Services, ensure security, and comply with applicable laws.

 

3.1 Information You Provide

We may collect:

• Account details: Name, email, password, role, and organisation.

• Contact details: Email address, phone number, or professional affiliation.

• Professional or clinical details: Specialty, workplace, or training institution (for verified healthcare access).

• Feedback and correspondence: Support requests, surveys, and feature suggestions.

• Payment details: When purchasing premium or enterprise features (processed securely through third-party payment providers).

 

3.2 Automatically Collected Information

When you visit our Website or use our apps, we automatically collect:

• Device information (browser type, OS, IP address, unique device ID).

• Usage data (pages visited, time spent, actions performed).

• Cookies or similar identifiers (see Section 12).

This information is used for analytics, security, and improving user experience.

 

3.3 Sensitive and Health Information

Some of our apps (such as PulsEMR and iTEM) may handle health-related data, such as simulated or de-identified clinical datasets used for research, education, or testing.
We do not collect identifiable patient health records unless explicitly provided under a compliant research or clinical agreement.
Any health or biometric data processed by JR Analytics is stored securely and handled in accordance with Australian Privacy Principle 12 and GDPR Article 9 (special category data).

 

4. How We Use Your Information

We use collected information to:

• Provide and manage user accounts and access to Services.

• Improve app performance, features, and clinical usability.

• Communicate updates, product releases, and relevant news.

• Respond to support queries and user feedback.

• Conduct de-identified research and analytics.

• Ensure compliance with legal, ethical, and security requirements.

We process your information only when there is a lawful basis, including your consent, contractual necessity, legal obligation, or our legitimate interests (e.g., improving digital health systems).

 

5. Legal Bases for Processing (GDPR/UK GDPR)

We rely on one or more of the following:

• Consent: When you voluntarily submit information.

• Contract: When processing is necessary to provide a requested service.

• Legal obligation: When required by law or regulation.

• Legitimate interest: When processing helps operate, secure, and improve our Services.

You may withdraw your consent at any time by contacting us (see Section 18).

 

6. Managing and Deleting Your Information

You can access, correct, or request deletion of your information at any time by contacting privacy@jranalytics.com.
We may retain limited data as required for legal, contractual, or audit purposes under the Notifiable Data Breaches (NDB) scheme.

 

7. Disclosure of Information

We may share your information with:

• Service providers (cloud hosting, analytics, email services, customer support).

• Research or healthcare partners under approved data use agreements.

• Regulatory or legal authorities, when required by law.

We do not sell or rent personal data. Third parties are only granted access for legitimate business or legal purposes and must comply with confidentiality and security requirements.

 

8. Cross-Border Data Transfers

JR Analytics primarily stores data in Australia (AWS Sydney region).
However, data may be processed in other locations (e.g., Google Cloud, Singapore or EU) for redundancy and compliance with GDPR’s data adequacy requirements.
All transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs).

 

9. Data Retention

We retain personal information only for as long as necessary for:

• Service operation or contract fulfilment,

• Compliance with legal obligations, or

• Research archiving in de-identified form.

After the retention period, information is securely deleted or anonymised.

 

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and obtain a copy of your personal data.

• Request correction or deletion.

• Restrict or object to processing.

• Withdraw consent.

• Request data portability (GDPR).

• Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact privacy@jranalytics.com.

 

11. California and India Residents California (CCPA/CPRA)

Residents may request:

• Disclosure of collected personal information,

• Deletion or correction of personal information,

• Opt-out of personal data sale or sharing.
  We do not discriminate against users exercising these rights.

India (DPDP Act, 2023)

Indian residents may request correction, erasure, or consent withdrawal under the Digital Personal Data Protection Act, 2023.
JR Analytics will designate a grievance officer for India-based users if services are operated locally.

 

12. Cookies and Analytics

We use cookies and similar technologies to enhance functionality and analyse usage.
You may disable cookies in your browser, though this may affect certain features.
We use Google Analytics, AWS CloudWatch, and other tools in anonymised form and do not track users across third-party sites.

​

13. Data Security

We implement industry-standard administrative, physical, and technical safeguards to protect data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).

• Access control via role-based authentication.

• Regular security audits and vulnerability assessments.

No method of transmission over the internet is 100% secure, but we take all reasonable steps to protect information under our control.

​

14. Data Breach Response

Under the Notifiable Data Breaches (NDB) scheme, if a data breach occurs that is likely to cause serious harm, we will:

1. Promptly assess and contain the incident.

2. Notify affected individuals and the Office of the Australian Information Commissioner (OAIC).

3. Provide guidance to mitigate risks.

15. Social Media and Third-Party Links

Our Services may include links or integrations (e.g., Facebook, LinkedIn, X/Twitter).
Your interactions with these services are governed by their own privacy policies.
We are not responsible for external content or data practices.

​

16. Email Communications

We may send:

• Transactional emails (account notifications, system alerts).

• Marketing or newsletter emails (only with your consent).

You may unsubscribe at any time using the link in each message or by contacting us directly.

17. Contact Us

If you have questions, requests, or complaints regarding privacy or data protection, please contact:
JR Analytics Pty Ltd
📧  jaduromi@jranalytics.com
📍 Adelaide, South Australia

​

18. Changes to This Policy

We may update this Policy periodically.
When we do, we will:

• Update the “Last Updated” date above,

• Notify users by email or app notice, and

• Post the revised version on our website.

Continued use of our Services after changes take effect indicates your acceptance of the updated Policy.

✅ This Privacy Policy replaces the version last updated on May 26, 2022.
It reflects JR Analytics’ expanded digital health products, international partnerships, and current data protection obligations.