Website Privacy Policy

Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how delegatedOS ("we", "our", or "us") collects, uses, discloses, stores, and protects personal information when you use our website, tools, automations, GPTs, custom GPT Actions, and related services ("Services").

We are based in New Zealand and handle personal information in accordance with the New Zealand Privacy Act 2020. Where our Services process health information, we also take into account the Health Information Privacy Code 2020.

1. What Information We Collect

We may collect and process the following types of information:

Website and marketing information:

- Name and email address, where voluntarily submitted

- Technical information such as browser type, IP address, operating system, device information, and usage data

- Website analytics information, such as pages visited, time on site, and referral sources

Service and automation information:

- Information submitted by users when using our tools, GPTs, automations, forms, or integrations

- Account, organisation, workflow, configuration, and support information

- Logs and diagnostic data needed to operate, secure, troubleshoot, and improve our Services

Patient and health information:

Where a client uses our Services to connect to clinical systems such as Cliniko, we may process patient or health information submitted by an authorised user or retrieved from the connected system. This may include:

- Patient name, patient ID, date of birth, contact details, address, and demographic information

- Clinical notes, medical alerts, appointment-related information, custom fields, and other patient record details

- Emergency contact information

- Health, insurance, concession, Medicare, DVA, or other identifier information where present in the connected clinical system

We only process patient or health information where it is provided by an authorised user or retrieved through an authorised integration.

2. How We Collect Information

We collect information through:

- Website forms and subscription forms

- Cookies and similar tracking technologies

- Analytics tools

- Direct communications with us

- GPTs, custom GPT Actions, workflow automations, webhooks, APIs, and third-party integrations

- Connected systems authorised by our clients, such as Cliniko

When you use a custom GPT or GPT Action, information you provide in ChatGPT may be sent to our configured webhook or automation service so the requested action can be performed.

3. How We Use Information

We use personal information to:

- Provide, operate, and improve our Services

- Run automations, GPT Actions, API requests, and connected workflows

- Retrieve information from authorised third-party systems, such as Cliniko, when requested by an authorised user

- Return relevant information to the user for the intended workflow, such as patient lookup or letter-writing support

- Provide support, troubleshoot errors, monitor reliability, and maintain security

- Send requested resources, updates, or communications

- Analyse website and service usage

- Comply with legal, contractual, and regulatory obligations

We do not sell patient information or health information.

4. Authorised Use of Patient and Health Information

Our clinical workflow tools are intended only for authorised users who have a legitimate reason to access the relevant patient information.

Users are responsible for ensuring they have the right to search for, access, use, and disclose any patient or health information they request through our Services.

Our Services are not intended to replace clinical judgement, clinical recordkeeping systems, or professional obligations. Users should verify important information against the source clinical system where appropriate.

5. GPTs, ChatGPT, and Custom Actions

Some of our Services may be accessed through ChatGPT or a custom GPT.

When a user asks a GPT to perform an action, relevant information may be sent from ChatGPT to our configured action endpoint, such as an n8n webhook, and then to connected third-party systems such as Cliniko.

Information processed through ChatGPT is also subject to OpenAI’s applicable terms and privacy policy. Users should avoid entering information into ChatGPT unless they are authorised to do so and the information is necessary for the requested task.

6. Third-Party Services and Subprocessors

We may use trusted third-party platforms to provide our Services, including:

- n8n for workflow automation and webhooks

- Cliniko or other client-authorised clinical systems

- OpenAI / ChatGPT for GPT-based interfaces and custom actions

- Email delivery platforms, such as Mailchimp

- Analytics platforms, such as Google Analytics

- CRM, marketing automation, or operations platforms, such as GoHighLevel, Make.com, or similar tools

- Hosting, storage, security, monitoring, and support providers

These providers may process personal information only as needed to provide their services to us or to our clients, and they are subject to their own privacy and security obligations.

7. Disclosure of Information

We may disclose personal information:

- To third-party service providers who help us operate our Services

- To systems or integrations authorised by the relevant client or user

- To the organisation, clinic, or client account that authorised use of the Service

- Where required by law, regulation, court order, or a government authority

- Where necessary to protect security, prevent misuse, or investigate suspected unauthorised access

- With consent, or as otherwise permitted by applicable privacy law

We do not disclose patient or health information for marketing purposes.

8. Data Security

We take reasonable steps to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction.

Security measures may include access controls, authentication, encrypted connections, restricted system access, monitoring, and operational safeguards.

No method of transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

For workflow automations and GPT Actions:

- Some information may be processed transiently to complete the requested action

- Limited logs may be retained for troubleshooting, audit, reliability, and security purposes

- Source records, such as patient records in Cliniko, remain stored in the relevant source system according to that system’s settings and the client’s retention obligations

Where practical, we minimise the amount of patient or health information stored in automation logs.

10. International Processing

Some of our service providers may store or process information outside New Zealand.

Where personal information is disclosed or processed internationally, we take reasonable steps to ensure appropriate privacy and security protections are in place, consistent with applicable law.

11. Cookies and Tracking

Our website may use cookies and similar technologies to:

- Track visitor behaviour

- Remember user preferences

- Enable analytics and marketing integrations

- Improve website functionality

You can adjust your browser settings to decline cookies, although some website features may not work as intended.

12. Email Communications

If you provide your email address to access a resource, subscribe to updates, or contact us, we may use it to send relevant communications.

You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us.

13. Your Rights

Under New Zealand privacy law and other applicable laws, you may have rights to:

- Access personal information we hold about you

- Request correction of your personal information

- Request deletion of personal information where applicable

- Withdraw consent to marketing communications

- Ask questions or make a complaint about how your information is handled

To exercise these rights, contact us at:

[email protected]

If your request relates to patient information held by a clinic or healthcare provider, we may refer your request to the relevant clinic or organisation that controls the patient record.

14. Privacy Breaches

If we become aware of a privacy breach that has caused, or is likely to cause, serious harm, we will assess the breach and notify affected individuals and/or the New Zealand Privacy Commissioner where required by law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted with an updated "Last updated" date.

16. Contact Us

For questions about this Privacy Policy or how we handle personal information, contact:

delegatedOS

Email: [email protected]

Practical AI solutions for New Zealand businesses. Stop losing time to routine tasks.

Solutions

Get Started

Ready to see how AI can help your business? Let's chat.

Copyright 2026. DelegatedOS. All Rights Reserved.