Statura Care

Privacy Policy

Your privacy matters to us.

This policy explains how Statura Care collects, uses, stores, and protects your personal information.

Last updated: 26 March 2026

1. Introduction

Statura Operations Pty Ltd (ACN 696 303 269, ABN 70 696 303 269), trading as Statura Care ("we", "us", "our"), is committed to protecting your privacy and handling your personal information responsibly.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy describes how we collect, hold, use, and disclose personal information in connection with our website at statura.care, the Statura Care platform at app.statura.care, and the Statura Care Worker mobile application.

By using our website or platform, you acknowledge that you have read and understood this Privacy Policy.

2. Information we collect

We may collect the following types of personal information:

Personal information provided by you

  • Name, email address, phone number, organisation name, and job title — collected through contact forms, demo requests, and account creation.
  • Billing and payment information — processed through our payment provider and not stored directly by us.

Usage data collected automatically

  • Pages visited, features used, browser type, device type, and IP address.
  • This data is used to improve platform performance and user experience.

Aged care resident data (web platform)

On the web platform, customer organisations enter and manage their own resident and care recipient data within their organisation-scoped database instance. This data is isolated at the database level through row-level security policies and is not accessible to Statura Care staff.

2a. Mobile application data

The Statura Care Worker mobile application ("the App"), available on iOS and Android, collects additional data types specific to mobile care delivery. This data is collected on behalf of the care worker's employer (the aged care provider) who is the data controller.

Location data

We collect precise GPS location at the moment the care worker clocks in and out of shifts. This verifies the worker is at the correct client location for payroll accuracy and duty of care compliance. We do not continuously track location. Location is captured only at clock-in/out events and during home safety assessments.

Health information

In the course of delivering aged care services, care workers may record health information about care recipients, including:

  • Vital signs and clinical observations (blood pressure, heart rate, temperature, oxygen saturation, respiratory rate, consciousness)
  • Medication administration records (including Schedule 8 controlled drugs)
  • Wound assessments and clinical photographs
  • Incident reports (including SIRS reportable incidents)
  • Continence and nutrition records
  • Restrictive practice documentation
  • Progress notes and clinical handovers

This health information relates to care recipients, not to the care worker. It is collected as part of the employer's obligations under the Aged Care Act 2024 and the Aged Care Quality Standards.

Clinical photographs

Wound photographs and incident evidence photos are stored in the App's private storage area (not the device's camera roll). Photos are encrypted in transit and at rest. Consent must be obtained from the care recipient (or their decision-maker) before photographs are taken.

Authentication and device data

  • Biometric authentication — The App uses Face ID or fingerprint for quick re-authentication. Biometric data never leaves the device; we only receive a success/failure result from the operating system's secure enclave.
  • PIN — A 6-digit PIN is hashed with SHA-256 and stored in the device's hardware-backed keystore (iOS Keychain / Android Keystore). The raw PIN is never stored or transmitted.
  • Device identifier — A unique identifier generated at first app launch, used for audit trail integrity and session management.
  • App version — Collected for compatibility and support purposes.

Offline encrypted storage

The App stores clinical data in an encrypted local database (AES-256 via SQLCipher) to enable offline functionality. The encryption key is stored in the device's hardware-backed secure enclave and is not accessible to other apps. Locally cached data is automatically deleted 7 days after successful sync to the server.

Crash reports

We use Sentry (Functional Software Inc.) to collect crash reports and performance data. Screenshots are not attached to crash reports in production. User email addresses and personally identifying information are scrubbed from error payloads before transmission. Sentry's infrastructure is US-based; only non-identifying technical error metadata is transmitted.

Remote wipe

If a device is lost, stolen, or employment ends, the organisation administrator can remotely wipe all Statura data from the device. This deletes the encryption key (making the database unreadable), all cached data, all photos, and all authentication credentials.

3. How we use your information

We use the personal information we collect for the following purposes:

  • To provide, maintain, and improve the Statura Care platform and services.
  • To communicate with you about your account, service updates, and product announcements.
  • To respond to enquiries, demo requests, and support queries.
  • To comply with our legal obligations, including record-keeping and reporting requirements.
  • To detect, prevent, and address technical issues or security incidents.

We will not use your personal information for purposes other than those described in this policy without your consent, unless required or authorised by law.

4. Data storage and security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.

  • All data is hosted in Sydney, Australia on Australian infrastructure. Your data never leaves Australia.
  • Data is encrypted at rest and in transit using industry-standard encryption protocols (TLS 1.3).
  • Row-level security (RLS) ensures each organisation can only access their own data, enforced at the database layer.
  • Immutable audit trails log every action, including who did what, when, and from where.
  • Role-based access controls restrict data access to authorised personnel only.

For more information about our security practices, visit our Security page.

5. Third-party service providers

We do not sell, rent, or trade your personal information to third parties.

We may share limited personal information with the following categories of service providers who assist us in operating the platform:

  • Infrastructure providers — Supabase (database and authentication infrastructure), hosted in the Sydney region.
  • Hosting providers — Vercel (website and application hosting), with edge delivery from Australian nodes.
  • Payment processors — for processing subscription payments securely. We do not store credit card details.
  • Error monitoring — Sentry (Functional Software Inc.) for crash reporting in the mobile application. Only non-identifying technical error metadata is transmitted; personal information is scrubbed before transmission. Sentry infrastructure is US-based.

All third-party providers are bound by contractual privacy and data protection obligations. We take reasonable steps to ensure they handle your information consistently with this policy and the APPs.

6. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access — request access to the personal information we hold about you.
  • Correction — request correction of any personal information that is inaccurate, out of date, incomplete, or misleading.
  • Deletion — request deletion of your personal information, subject to any legal obligations we may have to retain certain records.

To exercise any of these rights, contact us at hello@statura.care. We will respond to your request within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

7. Cookies

We use essential cookies only. These cookies are necessary for the platform to function correctly, including session management and authentication.

We do not use third-party tracking cookies. We do not use advertising cookies. We do not participate in cross-site tracking or advertising networks.

You can configure your browser to refuse cookies, but this may affect your ability to use certain features of the platform.

8. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

If we make material changes to how we handle your personal information, we will notify you by email (if we have your email address) and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

9. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

Email: hello@statura.care

Website: statura.care/contact