ZentoBox Mobile Application — Last updated: 31 March 2026
Zento Group Pty Ltd (ABN 37 624 215 769) ("Zento", "we", "us", or "our") operates the Zentobox mobile application (the "App"). This Privacy Policy explains how we collect, use, store, share, and delete your personal information when you use our App.
By using the App you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.
When you register or log in we collect:
The App is designed for anaesthetic and medical billing professionals. In the course of using the App you may enter or access:
We automatically collect:
We use third-party analytics services to understand how the App is used:
If you enable biometric login (fingerprint or Face ID), authentication is handled entirely on your device by the operating system. We do not collect, transmit, or store your biometric data.
We use the information we collect to:
We may use artificial intelligence (AI) software tools to assist with administrative tasks related to your practice, such as billing, correspondence, and records management. These tools may include AI phone agents that triage inbound calls, automated systems that assist with data entry, and integrations with administrative AI services.
Where your information is processed using these tools, we use paid commercial services whose terms contractually prohibit the use of your information for AI model training or any purpose other than providing the requested service. Your information is not retained by these service providers beyond a limited safety monitoring period.
We do not use AI tools to make automated decisions about you that have legal or similarly significant effects without human oversight.
We do not sell your personal information. We share data only in these circumstances:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Your medical practice / organisation | Core service delivery | Patient records, billing data, and operational information as part of normal App use |
| Amazon Web Services (AWS) | Cloud hosting and file storage | Uploaded documents and images (stored in Australia — AWS Sydney region) |
| Google Firebase | Push notifications, analytics, crash reporting | Device tokens, usage events, crash logs |
| Microsoft Clarity | Behavioural analytics | Anonymised session interaction data |
| Google Places API | Address search and autocomplete | Search queries for locations |
| Medicare / DVA / Health Insurers | Claim verification (via Services Australia APIs) | Patient Medicare/DVA/insurance numbers for eligibility checks |
| AI administrative service providers | Automated processing of billing, correspondence, and scheduling data. Contractually prohibited from model training or secondary use. | Relevant administrative data only |
We may also disclose information where required by law, regulation, or court order.
Some service providers we use operate servers outside Australia, including in the United States and the Philippines. This includes AI administrative tools and other software services that support the App's functionality.
Where your information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle your personal information consistently with the Australian Privacy Principles, in accordance with Australian Privacy Principle 8 (Privacy Act 1988 (Cth)). This includes contractual obligations prohibiting use of your information for AI model training or secondary purposes.
We are subject to the Notifiable Data Breaches scheme under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner as soon as practicable.
Our notification will describe the nature of the breach, the information involved, and the steps we recommend you take in response.
How long we keep your data:
| Data Type | Retention Period |
|---|---|
| Account information | Retained while your account is active, and for up to 12 months after account deactivation to allow reactivation |
| Medical and patient records | Retained in accordance with Australian healthcare record-keeping requirements (generally a minimum of 7 years from the date of last entry, or until the patient reaches 25 years of age, whichever is longer) |
| Billing and insurance data | Retained for a minimum of 7 years for tax, audit, and regulatory compliance |
| Device and analytics data | Retained for up to 26 months, then automatically purged by analytics providers |
| Crash reports and error logs | Retained for up to 180 days |
| On-device cached data | Cleared when you log out, clear the App's cache, or uninstall the App |
When the retention period expires and no legal obligation requires further storage, data is securely deleted or de-identified.
How to request deletion of your data:
You can delete all locally stored data at any time by:
You may request the deletion of your personal data held on our servers by contacting us at support@zento.com.au with the subject line "Data Deletion Request". When we receive your request we will verify your identity, delete or de-identify your personal data within 30 days, and confirm completion by email.
Certain data may be retained beyond your request where we are legally required to do so, including medical records that must be kept under Australian healthcare legislation, financial and billing records required for tax and audit purposes, and data necessary to resolve disputes or enforce our agreements.
In these cases we will inform you of the specific data retained and the legal basis for retention. Once the legal obligation expires, the data will be deleted.
To deactivate your account, contact your organisation's administrator or email support@zento.com.au. Deactivated accounts are retained for 12 months (see Section 7) before permanent deletion, unless you request immediate deletion.
Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:
To exercise any of these rights, contact us at support@zento.com.au.
The App is designed for use by medical professionals and is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@zento.com.au and we will delete it promptly.
The App requests the following device permissions:
| Permission | Purpose |
|---|---|
| Camera | Capture surgical sticker photos and scan documents |
| Microphone | Required by the camera module for video capture capabilities |
| Biometric (Fingerprint / Face ID) | Optional quick login authentication |
| Phone | Direct-dial hospital or practice phone numbers from within the App |
| Photo Library (iOS) | View and select images from your device |
| Push Notifications | Receive workflow notifications (e.g. operation updates, approvals) |
All permissions are optional and requested at the time of use. The App functions without granting permissions, though certain features may be unavailable.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the App after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: