Privacy Policy
Last updated 29 April 2026
1. Who We Are
Metrixcare Operations Pty Ltd (ACN 162 600 795, ABN 90 162 600 795), operating the Metrixview governance platform, is based in Adelaide, Australia, with the platform available at metrixview.com. In this policy, "we", "us", and "our" refer to Metrixcare Operations Pty Ltd.
For privacy enquiries, contact us at [email protected].
2. What Personal Information We Collect
We collect the following categories of information when you use our platform:
- Account information — name, email address, organisation name, and role, collected during sign-up and managed through our authentication provider (WorkOS).
- Organisation data — indicator values, metric history, annotations, rating scale configurations, and governance framework structures uploaded or entered by your organisation.
- Usage data — pages visited, features used, and technical information (browser type, IP address) collected automatically to improve the platform.
- Payment information — billing details are collected and processed by Stripe. We do not store credit card numbers on our servers.
- AI interaction data — queries submitted to AI features and the AI-generated responses. See Section 4 for details on AI data handling.
Metrixview is a governance and performance management platform. We process organisational performance data (population-level indicator aggregates, compliance metrics, quality indicators). We do not collect or process individual patient records, individual clinical data, or personnel records.
3. How We Use Personal Information
We use personal information for the following purposes:
- Platform operation — to provide, maintain, and improve the Metrixview governance platform, including user authentication, data storage, and feature delivery.
- Customer support — to respond to enquiries and provide technical assistance.
- Product improvement — to understand how the platform is used and to improve features, performance, and reliability.
- Security and compliance — to detect and prevent fraud, abuse, and security incidents.
- Communications — to send service-related notifications (e.g., maintenance windows, feature updates). We do not send unsolicited marketing emails.
4. AI-Specific Disclosure
Metrixview uses artificial intelligence to provide governance intelligence features. This section discloses how AI is used in accordance with the Australian Privacy Act APP1 requirements.
4.1 AI Systems in Metrixview
| AI System | Purpose | Data Accessed |
|---|---|---|
| AI Data Chat | Natural language governance analysis for quality managers and executives | Indicator tree structure, metric values, SPC summaries, annotations, facility context (organisation name, facility name, sector) |
| AI Onboarding Wizard | Assists new customers in defining their governance framework | User-provided input only: sector, organisation name, goals, challenges |
| AI Observations | Generates narrative summaries for prospect reports | Indicator tree, metric values, and SPC summaries for the selected facility |
4.2 How AI Processes Your Data
All AI features in Metrixview use Google Gemini (paid tier) as the underlying language model. Your organisation's data is sent to Google's API only when you actively use an AI feature (e.g., open the AI Data Chat or run the Onboarding Wizard).
Your data is not used for AI training. Under Google's paid-tier API Terms of Service, data submitted to the Gemini API is not used to train or improve Google's AI models.
4.3 What AI Does NOT Do
- Metrixview AI does not make automated decisions affecting individual rights.
- Metrixview AI does not access individual patient records, clinical patient data, personnel records, or financial systems.
- Metrixview AI does not trigger automated workflows, alerts, or data modifications without explicit user action.
All AI outputs are presented as non-binding governance intelligence. Users must independently review and verify AI outputs before taking action.
4.4 AI Conversation Data Retention
AI Data Chat conversation history is held in your browser session only and is not stored on Metrixview servers. Conversation history is lost when you close or reload the page. No AI conversation logs are persisted to our database.
4.5 Human Oversight
Every AI feature in Metrixview includes human oversight:
- AI Data Chat — all responses are suggestions in a chat interface. No automated actions result from AI analysis.
- AI Onboarding Wizard — generated governance frameworks require explicit user review and confirmation before being imported.
- AI Observations — narrative summaries are reviewed by staff before inclusion in any reports.
5. Data Storage and Security
Your data is stored and processed using the following infrastructure, all hosted in Australia:
- Application database — PostgreSQL hosted on DigitalOcean (Sydney region), with disk-level encryption at rest, no public network ingress, and TLS-encrypted connections.
- Application hosting — DigitalOcean droplet (Sydney region), TLS 1.2+ terminated at Apache reverse proxy with Let's Encrypt certificates.
- Secrets management — Doppler holds API credentials and encryption keys; secrets are never written to source code, container images, or browser bundles.
- CDN and DNS — Cloudflare provides content delivery and DNS management for our marketing website at metrixview.com.
- Error monitoring — Sentry captures application errors to maintain platform reliability. Error reports may include technical context but not indicator data.
- Log management — BetterStack (Logtail) receives structured application logs for operational monitoring.
We implement industry-standard security measures including encryption at rest (AES-256-GCM for sensitive token columns; disk-level encryption for the broader database) and in transit (TLS 1.2+), role-based access controls, immutable audit logging, and regular security assessments.
6. Third-Party Services
Metrixview uses the following third-party services to operate the platform:
| Service | Provider | Purpose |
|---|---|---|
| AI (Gemini API) | Google LLC | Powers AI Data Chat, Onboarding Wizard, and AI Observations |
| Authentication (AuthKit) | WorkOS Inc. | User authentication, SSO, and session management |
| Payments | Stripe Inc. | Subscription billing and payment processing |
| Error monitoring | Sentry (Functional Software Inc.) | Application error tracking and performance monitoring |
| Observability | BetterStack (Better Uptime s.r.o.) | Log aggregation and uptime monitoring |
| CDN / DNS | Cloudflare Inc. | Content delivery, DDoS protection, and DNS |
| Application hosting | DigitalOcean LLC | Australian-region (Sydney) hosting for application servers and database |
| Secrets management | Doppler Inc. | Storage of API credentials and encryption keys |
7. Integrations with Third-Party Services
Metrixview lets you connect your account to selected third-party services so you can move your data to where you need it. Each integration is opt-in — nothing connects unless you explicitly authorise it through Settings → Integrations, and you can disconnect at any time.
7.1 Available Integrations
| Service | Purpose | What we send | What we receive |
|---|---|---|---|
| Google Drive | Backup of generated PDFs (compliance reports, invoices, agreements) | The files you choose to back up | Drive folder identifier, so we know where to write next time |
| Microsoft OneDrive | Backup of generated PDFs (as above) | The files you choose to back up | OneDrive folder identifier |
| MYOB AccountRight Live / MYOB Business (Essentials) | Push your invoices into your MYOB company file as drafts so your accountant doesn't need to re-key them | The invoices you click "Push to MYOB" on, including line items, GST treatment, customer reference, and your invoice number | List of your MYOB company files, tax codes, and customers (read on demand only — we do not store this data); the MYOB invoice ID returned on each push, so we can update the same draft if you re-push |
| Xero | Push your invoices into your Xero organisation as drafts so your accountant doesn't need to re-key them | The invoices you click "Push to Xero" on (or all new invoices, if you enable Auto-push on the Practice tier), including line items, GST-free / GST tax mapping, the Xero contact you mapped on first push, and your invoice number | List of your Xero organisations, tax types, and contacts (read on demand only — we do not store this data); the Xero invoice ID returned on each push, so we can update the same draft if you re-push |
7.2 What Integrations Do NOT Do
- We do not pull invoices, payments, banking, payroll, or general-ledger data from MYOB or Xero into Metrixview.
- We do not modify or create customers, contacts, or accounts in your MYOB or Xero file. The first time you push an invoice for a client we open a picker so you choose the matching MYOB customer or Xero contact; we store only the chosen reference, not the contact details.
- We do not share your data with third parties other than the integration you explicitly connect to.
- We do not store copies of your MYOB or Xero customer/contact list, your MYOB or Xero invoices, or any MYOB or Xero data beyond the IDs we need to push the next invoice idempotently.
7.3 How We Secure the Connection
Each integration uses OAuth 2.0 — you authenticate directly with the service (e.g. MYOB), and the service issues us a refresh token on your behalf. We never see your password.
Refresh tokens are stored encrypted at rest in our Australian-hosted database using AES-256-GCM encryption. The encryption key is held in our secrets-management platform (Doppler) and is never written to source code, log files, or browser bundles.
When you disconnect an integration, the corresponding refresh token is marked revoked and the integration cannot push further data on your behalf without you re-authorising.
7.4 Your Rights Regarding Integrations
- Connect or disconnect at any time from Settings → Integrations.
- Request deletion of any data we hold related to an integration (for example, the local mapping between your Metrixview clients and your MYOB customers or Xero contacts) by contacting [email protected].
- Request a list of all active integrations on your account at any time.
Disconnecting from a third-party service in their interface (for example, revoking the connection from inside MYOB or Xero) will also stop our integration working; we recommend disconnecting from Metrixview as well so the connection record is removed from our database.
8. Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access — request access to the personal information we hold about you.
- Correction — request correction of inaccurate or incomplete personal information.
- Complaint — lodge a complaint about our handling of your personal information.
Organisation administrators can export their facility's indicator data at any time through the platform's export features. To request account deletion or a full data export, contact [email protected].
9. Contact
For privacy enquiries or to exercise your rights under the Privacy Act, contact:
Privacy Officer
Metrixcare Operations Pty Ltd (ACN 162 600 795)
Email: [email protected]
Adelaide, South Australia
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
See also: AI System Card | Terms of Service