1. About this policy
OurTrial ("we", "us", "our") is an independent Australian digital platform that connects clinical trial coordinators, doctors and other clinicians, and research participants. We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, store, and disclose personal information. By using OurTrial, you agree to the practices described in this policy.
If you have questions about this policy, contact us at privacy@ourtrial.com.au.
2. Who we are
OurTrial is operated as an independent Australian platform. Our contact details are:
- Email: hello@ourtrial.com.au
- Privacy enquiries: privacy@ourtrial.com.au
- Website: ourtrial.com.au
3. What personal information we collect
We collect different information depending on your role on the platform.
3.1 Participants (research participants)
- Full name and preferred name
- Email address and phone number
- Date of birth and sex at birth
- Residential address (suburb, state, postcode)
- Pronouns (optional)
- Notes provided in expressions of interest
- Appointment and scheduling information
- Links to treating doctors (where authorised by you)
3.2 Doctors / Clinicians
- Full name, title, and professional credentials
- AHPRA registration number
- Email address and work phone number
- Primary and secondary workplace information
- Subspecialty interests
- Professional biography (optional)
- State of practice
3.3 Trial Coordinators
- Full name and position title
- Organisation name and type
- Work email address and phone number
- State of operation
3.4 All users
- Account credentials (email address and encrypted password)
- Login activity and session information
- Messages sent through the platform
- Files uploaded to the platform
- Notification preferences
- Feedback submitted through the platform
3.5 Information we do not collect
PsychTrial is not a medical records system. We do not collect or store clinical notes, diagnoses, treatment records, medication details, or any information that constitutes a "health record" under the Privacy Act 1988. Any health-adjacent information (such as a diagnosis disclosed voluntarily in an expression of interest note) is provided at your discretion and is treated with the same protections as sensitive information under the APPs.
4. How we collect personal information
We collect personal information:
- Directly from you when you create an account, complete your profile, or submit an expression of interest
- When you send messages or upload files through the platform
- When you contact us for support
- Automatically, through your use of the platform (including login times and page activity for security purposes)
We do not collect personal information from third parties without your knowledge and consent.
5. How we use your personal information
We use your personal information to:
- Create and manage your account
- Facilitate connections between trial coordinators, doctors, and participants
- Enable coordinators to assess participant eligibility for trials
- Send transactional emails (account confirmations, invitations, appointment notifications)
- Verify professional credentials for doctors and coordinators (AHPRA and organisation verification)
- Enable communication between users through the platform's messaging system
- Respond to support requests and feedback
- Maintain platform security and prevent fraud or abuse
- Comply with our legal obligations
We do not use your personal information for advertising, profiling, or any purpose unrelated to the operation of the platform.
6. How we share your personal information
We share personal information only as described below and only to the extent necessary.
6.1 Within the platform
When a participant submits an expression of interest for a trial, their name, email address, phone number, date of birth, and any notes they provide are shared with the trial coordinator managing that trial. Participants are informed of this before submission and provide explicit consent.
When a doctor refers a patient to a trial, the coordinator receives the patient's contact information as provided by the referring doctor. The referring doctor remains visible to the coordinator throughout the participant's journey.
Participant information is never shared between coordinators. Each coordinator can only access participants in their own trials.
6.2 Service providers
We use the following third-party services to operate the platform:
- Supabase — database and authentication infrastructure (data stored in Australia or the United States, subject to Supabase's data processing agreement)
- Vercel — hosting and content delivery
- Resend — transactional email delivery
- Cloudflare — security and bot protection (Turnstile)
These providers are engaged under data processing agreements and are not permitted to use your data for their own purposes.
6.3 Legal requirements
We may disclose personal information if required to do so by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to prevent harm.
6.4 What we never do
- We never sell personal information to any third party
- We never share information with advertisers
- We never share participant information with pharmaceutical companies or research sponsors without explicit consent
- We never use platform data for any commercial purpose beyond operating OurTrial
7. How we store and protect your information
Your personal information is stored in a secure database managed by Supabase. We apply the following security measures:
- Row-level security (RLS) — enforced at the database level, ensuring users can only access data they are authorised to see, even in the event of application-level errors
- Encrypted passwords — passwords are never stored in plain text
- Encrypted data in transit — all data transmitted between your browser and our servers is encrypted using TLS
- Signed file URLs — files stored on the platform are only accessible via time-limited signed URLs (1-hour expiry) and are never publicly accessible
- CAPTCHA protection — all signup and login forms are protected by Cloudflare Turnstile to prevent automated abuse
- Role-based access control — users are restricted to the data relevant to their role (participant, doctor, coordinator, or administrator)
Despite our best efforts, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.
8. Retention of personal information
We retain your personal information for as long as your account is active or as needed to provide our services. You may request deletion of your account and associated information at any time (see Section 10).
We may retain certain information after account deletion where required by law, or where it is necessary for legitimate purposes such as resolving disputes or maintaining audit logs of clinical trial activity.
A full data retention schedule will be published prior to public launch.
9. Cookies and tracking
PsychTrial uses minimal cookies necessary for the platform to function, including session cookies for authentication and security. We do not use advertising cookies, tracking pixels, or third-party analytics that profile your behaviour across other websites.
A full cookie policy will be published prior to public launch.
10. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your account and personal information (subject to legal obligations to retain certain records)
- Complaints — lodge a complaint about how we have handled your personal information
To exercise any of these rights, contact us at privacy@ourtrial.com.au. We will respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
11. Children's privacy
PsychTrial is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us immediately at privacy@ourtrial.com.au.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and update the "Last updated" date at the top of this document. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
13. Contact us
For any privacy-related enquiries, please contact:
- Email: privacy@ourtrial.com.au
- General enquiries: hello@ourtrial.com.au