Privacy Policy
Last Updated: April 20, 2026
1. About This Policy
This Privacy Policy explains how Care Connected Pty Limited, trading as Spectrum.Life (ABN 87 616 646 309) (“Spectrum.Life”, “we”, “our” or “us”), collects, holds, uses, discloses and otherwise handles personal information in connection with our digital wellbeing, mental health, employee assistance programme (EAP), clinical support and related platform services (the “Services”).
Spectrum.Life is committed to protecting the privacy and confidentiality of the personal information we collect and handle. We comply with the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”), and any applicable State or Territory health records legislation. Where our Services are provided to individuals in New Zealand, we also comply with the New Zealand Privacy Act 2020 and the New Zealand Information Privacy Principles.
This policy applies to all individuals who interact with our Services, including employees, contractors, volunteers and other beneficiaries (“End Users”) of organisations that engage Spectrum.Life (“Customers”), as well as visitors to our website and individuals who contact us directly.
2. Who We Are
Spectrum.Life is a global provider of digital wellbeing, mental health and EAP services. Our registered office in Australia is at Unit 526, 368 Sussex Street, Sydney NSW 2000. Spectrum.Life is part of a group of companies with operations in Ireland, the United Kingdom, Australia and New Zealand.
For the purposes of Australian Privacy Laws, Spectrum.Life is the entity responsible for the handling of your personal information in connection with the Services described in this policy.
3. What Personal Information We Collect
The types of personal information we collect depend on how you interact with us and which Services you access.
3.1 Identity and Contact Information
3.2 Employment and Eligibility Information
3.3 Health and Sensitive Information
Where you access clinical or counselling services through the Spectrum.Life Platform, we may collect sensitive information including health information within the meaning of the Privacy Act. This may include:
We collect health information where it is necessary to provide our clinical and wellbeing Services, in reliance on the permitted health situation exception under APP 3.4(c) and section 16B(1) of the Privacy Act. All personal information collected in the course of providing a health service is health information under the Privacy Act, including information that might otherwise fall into other sensitive information categories (such as racial or ethnic origin, or sexual orientation) where it is disclosed during a clinical interaction.
3.4 Usage and Technical Information
3.5 Communications
4. How We Collect Personal Information
We collect personal information in the following ways:
Where practicable, we collect personal information directly from you. Where we collect from a third party, we take reasonable steps to ensure you are made aware of this collection, as required by APP 5.
5. Why We Collect, Use and Disclose Personal Information
We collect, hold, use and disclose personal information for the following purposes:
We will not use or disclose your personal information for a purpose other than the primary purpose for which it was collected, a related secondary purpose you would reasonably expect, or as otherwise permitted or required by law (APP 6).
6. Sensitive Information and Health Information
Under the Privacy Act, sensitive information (including health information) is afforded a higher level of protection. Spectrum.Life collects and handles health information in reliance on the permitted health situation exception (APP 3.4(c) and section 16B(1) of the Privacy Act), not on the basis of consent. This exception permits an organisation to collect health information where the information is necessary to provide a health service to an individual, and the collection is in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality.
All personal information collected in the course of providing a health service is health information under the Privacy Act (section 6(1)), including information that might otherwise fall into other sensitive information categories where it is disclosed during a clinical interaction. This means the permitted health situation exception covers the full scope of sensitive information Spectrum.Life collects through its clinical and EAP services.
Where the collection of information is required or authorised by or under an Australian law or a court or tribunal order, we may also rely on the exception in APP 3.4(a).
6.1 AI Scribe
Where a clinical service includes the option to use an AI-assisted clinical scribe to transcribe your session, Spectrum.Life will seek your explicit consent before activating this feature. The AI scribe records and transcribes clinical sessions to support clinical note-taking and record accuracy. You are free to decline or withdraw your consent at any time, and declining will not affect your access to the clinical service itself. AI scribe transcriptions are processed in accordance with Spectrum.Life’s ISO 27001 certified information security controls and are treated as part of your clinical record.
In addition to the Privacy Act and APPs, Spectrum.Life complies with relevant State and Territory health records legislation when handling health information, including:
Your health information and clinical records are treated as strictly confidential. They are not disclosed to your employer, the Customer or any reseller, except in anonymised or de-identified aggregate form, or where disclosure is required by law (for example, mandatory reporting of an imminent risk of serious harm).
7. Disclosure of Personal Information
We may disclose your personal information to the following categories of recipients:
8. Cross-Border Disclosure of Personal Information
Spectrum.Life is a global organisation with operations in Australia, Ireland and the United Kingdom. In the course of delivering our Services, your personal information (including health information) may be disclosed to or accessed from jurisdictions outside Australia.
8.1 Clinical Services
To ensure continuity and availability of clinical services, Spectrum.Life operates a follow-the-sun clinical delivery model. Clinical services (including counselling, triage, risk assessment and crisis support) may be delivered to End Users by Spectrum.Life clinicians located in Ireland or the United Kingdom, in addition to clinicians located in Australia.
Where clinical services are delivered by clinicians located in Ireland or the United Kingdom, your personal information (including health information and sensitive information) will be collected, used and disclosed by those clinicians in the course of delivering those services. Such processing is undertaken in accordance with Spectrum.Life’s ISO 27001 certified information security management system and is subject to the confidentiality, security and data protection obligations set out in our agreements with Customers.
Spectrum.Life clinicians in Ireland and the United Kingdom are also subject to the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR) respectively, which ensures a high standard of data protection.
8.2 Technical Support
In circumstances requiring escalation to advanced technical support, Spectrum.Life engineers located in Ireland and the United Kingdom may access platforms, technology applications and personal information hosted in Australia for the purposes of troubleshooting and incident resolution. Such access occurs only where an issue cannot be resolved by Australia-based support personnel and is subject to Spectrum.Life’s ISO 27001 certified information security controls.
8.3 Compliance with APP 8
Before disclosing personal information to a recipient outside Australia, Spectrum.Life takes reasonable steps to ensure the overseas recipient does not breach the APPs in relation to the information, as required by APP 8. Our measures include:
The countries in which your personal information may be stored, accessed or disclosed are: Australia, Ireland and the United Kingdom. If these countries materially change, we will update this policy.
8.4 New Zealand
Where our Services are provided to individuals in New Zealand, Spectrum.Life also complies with the New Zealand Privacy Act 2020. Cross-border disclosures of New Zealand residents’ personal information are handled in accordance with that Act, including Information Privacy Principle 12 (disclosure of personal information outside New Zealand).
9. Cross-Border Disclosure of Personal Information
Spectrum.Life engages authorised sub-processors to assist in delivering the Services. Each is bound by written obligations no less protective of personal information than Spectrum.Life’s own obligations. Our current sub-processors are:
| Sub-Processor | Purpose | Primary Location |
| Amazon Web Services (AWS) | Platform hosting, compute and storage | Australia |
| Salesforce | Clinical record management | Australia |
| TelecomStack | 24/7 clinical telephone line | Australia |
| Heidi | AI clinical scribe | Australia |
| Posthog | Platform and web analytics | Australia |
This list will be updated as sub-processors change. We notify affected Customers in advance of any proposed engagement of a new sub-processor that will handle personal information.
10. Data Security
Spectrum.Life is committed to protecting personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure (APP 11). Our security measures include:
11. Data Retention
Spectrum.Life retains personal information only for as long as reasonably needed for the purposes for which it was collected, or as required by law. Our retention practices include:
Where personal information is no longer needed for any purpose for which it may be used or disclosed, Spectrum.Life takes reasonable steps to destroy or de-identify that information (APP 11.2).
12. Data Breaches
Spectrum.Life maintains an incident response procedure for managing data breaches. In the event of an eligible data breach under Part IIIC of the Privacy Act (Notifiable Data Breaches scheme), Spectrum.Life will:
Where Services are provided to individuals in New Zealand, we will also comply with the notification requirements under the New Zealand Privacy Act 2020, including notification to the New Zealand Privacy Commissioner where required.
13. Your Rights
Under the Privacy Act and the APPs, you have the following rights in relation to your personal information:
13.1 Access (APP 12)
You may request access to the personal information we hold about you. We will respond within a reasonable period. In some circumstances, we may refuse access where permitted by law (for example, where providing access would unreasonably impact the privacy of others).
13.2 Correction (APP 13)
You may request that we correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading. We will take reasonable steps to correct the information within a reasonable period.
13.3 Complaints
If you believe we have breached the APPs or this policy, you may lodge a complaint with us using the contact details in Section 16. We will acknowledge your complaint and investigate it within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with:
14. Cookies and Analytics
The Spectrum.Life Platform and website use cookies and similar technologies to improve functionality, analyse usage and enhance your experience. We use:
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality.
We do not use cookies to collect personal information for direct marketing purposes without your consent.
15. Direct Marketing
Spectrum.Life does not use or disclose personal information collected through the delivery of clinical or EAP services for direct marketing purposes.
Where we use personal information for direct marketing in connection with commercial or promotional activities (for example, newsletters or event invitations), we will only do so where we have your consent or where you would reasonably expect such communications, and we will always provide a simple means of opting out (APP 7).
16. How to Contact Us
If you have questions about this policy, wish to make an access or correction request, or wish to lodge a privacy complaint, please contact us:
| Entity | Care Connected Pty Limited T/A Spectrum.Life |
| ABN | 87 616 646 309 |
| Registered address | Unit 526, 368 Sussex Street, Sydney NSW 2000 |
| Privacy contact | Data Protection Officer |
| dpo@spectrum.life | |
| Website | https://www.spectrum.life/au/ |
Entity Care Connected Pty Limited T/A Spectrum.Life
ABN 87 616 646 309
Registered address Unit 526, 368 Sussex Street, Sydney NSW 2000
Privacy contact Data Protection Officer
Email dpo@spectrum.life
Website https://www.spectrum.life/au/
17. Changes to This Policy
Spectrum.Life may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable law. We will publish the updated policy on our website and, where practicable, notify affected individuals of material changes.
18. State and Territory Health Records Legislation
In addition to the Privacy Act and APPs, Spectrum.Life complies with applicable State and Territory health records legislation when handling health information in the course of delivering clinical services:
| Jurisdiction | Legislation |
| New South Wales | Health Records and Information Privacy Act 2002 (NSW) |
| Victoria | Health Records Act 2001 (Vic) |
| Australian Capital Territory | Health Records (Privacy and Access) Act 1997 (ACT) |
| Queensland | Privacy Act 1988 (Cth) applies (no separate health records legislation) |
| South Australia | Privacy Act 1988 (Cth) applies (no separate health records legislation) |
| Western Australia | Privacy Act 1988 (Cth) applies. Note: Western Australia Privacy and Information Sharing Act 2024 expected to commence 1 July 2026 |
| Tasmania | Privacy Act 1988 (Cth) applies (no separate health records legislation) |
| Northern Territory | Privacy Act 1988 (Cth) applies (no separate health records legislation) |
| New Zealand | Health Information Privacy Code 2020, issued under the NZ Privacy Act 2020 |
Where a State or Territory imposes additional requirements for handling health information beyond the APPs, Spectrum.Life will comply with those additional requirements.