Privacy Policy – Mojotech Holdings Pty Ltd.  

Effective Date: 9 May 2025
Last Updated: 11 May 2026

At Mojo Tech Holdings Pty Ltd (“we”, “our”, or “us”), your privacy is important to us. We are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Who We Are

Mojo Tech Holdings Pty Ltd (“Mojo”) is an Australian technology company that provides patient care management technology services. This Privacy Policy applies to all personal information collected by Mojo, including through our websites, products, and services.

2. What Information We Collect

We may collect and hold the following types of personal information:

• Identifiable Information — Full name, email address, phone number, business name, job title or position.
• Health and Clinical Information — Rehabilitation exercise data, movement and posture metrics (including head position and orientation captured via Apple TrueDepth camera), clinical session history, exercise performance records, and clinician-generated notes or assessments. This is sensitive information under the Privacy Act 1988 and is handled with a higher standard of care.
• Clinician and Provider Information — Where you access Mojo as a treating clinician or healthcare provider, we may collect your professional registration details, credentials, and account information.
• Technical Information — IP address, browser type and version, website usage data (via cookies or analytics tools), customer support communications, device model, operating system version, and other technical identifiers.
• Other — Any additional information you provide to us voluntarily, such as through contact forms, surveys, or account sign-ups.

3. How We Collect Your Information

We collect personal information in a variety of ways, including:

• When you contact us via our website, email, or phone
• When you sign up for services or an account
• When you use our products or services including during clinical exercise sessions via the Mojo app
• Through automated means such as cookies and analytics on our website
• When you interact with us on social media or third-party platforms

4. Why We Collect Your Information

We collect your personal information to:

• Deliver and maintain our services
• Communicate with you regarding your account or inquiries
• Process payments and manage transactions
• Improve our services and user experience
• Support clinical accuracy, exercise adherence, and rehabilitation outcomes
• Enable authorised clinicians to monitor and review patient progress
• Comply with legal and regulatory obligations
• Send you updates, marketing communications, or service notices (you can opt out at any time)

We will only send you marketing communications with your consent, in compliance with the Spam Act 2003 (Cth). You can opt out at any time by following the unsubscribe instructions in our emails.

5. Disclosure of Personal Information

We do not sell or rent your personal information. We may disclose your information in the following circumstances:

• To third-party service providers who assist us with our business operations (e.g., hosting, analytics, payment processing)
• To legal or regulatory authorities, when required by law
• To business partners or affiliates with your consent
• In the event of a business merger, acquisition, or sale

All third-party providers are required to handle your data in compliance with Australian privacy laws.

6. Cross-Border Disclosure

Some of our service providers and technology partners may store or process data outside of Australia. This may include jurisdictions such as the European Union and the United States. When cross-border disclosure occurs, we take reasonable steps to ensure your information is protected by privacy standards that are comparable to the Australian Privacy Principles, including through contractual arrangements with those parties.

In accordance with APP 8, we remain accountable for the handling of your personal information by overseas recipients.

If you would like further information about the countries in which your data may be processed, please contact us using the details in Section 14.

7. Security of Your Information

We take data protection seriously and implement reasonable administrative, technical, and physical safeguards to protect your personal information from loss, theft, unauthorised access, misuse, interference, modification, or disclosure. Our measures include:

• Encryption of data in transit using industry-standard protocols
• Encryption of data at rest
• Role-based access controls, ensuring that health and clinical data is accessible only to authorised personnel
• Operating under the group ISO/IEC 27001–certified information security governance framework

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we strive to use commercially acceptable means to protect your personal information.

8. Access and Correction

You have the right to:

• Access the personal information we hold about you
• Request corrections if your information is inaccurate, outdated, or incomplete

To make a request, please contact us using the details below. We may require verification of your identity before responding to your request.

9. Retention of Data

We retain personal information only as long as necessary to fulfil the purposes for which it was collected or to comply with legal, tax, or regulatory requirements. Our general retention practices are as follows:

• Health and clinical information: Retained for a minimum of 7 years from the date of last activity, consistent with applicable health records legislation across Australian states and territories. For records relating to minors, retention may extend until the individual reaches the age of 25.
• Account and identity information: Retained for the duration of your account and for a period of up to 3 years following account closure.
• Technical and usage data: Retained for up to 12 months unless required for longer for security or compliance purposes.

When data is no longer required, we securely anonymise it. You may request early deletion of your personal information (excluding health records subject to mandatory retention obligations) by contacting us using the details in Section 14. We will respond to all such requests within 30 days.

10. Facial Tracking Data – Use of Apple TrueDepth Camera

Mojo uses Apple’s TrueDepth camera API to collect real-time facial tracking data during rehabilitation exercise sessions. This data includes the face anchor transform matrix, which represents the user’s head position and orientation in space. No images or video footage or uniquely identifying data are captured or stored — only numeric head position tracking data.

1. We use this data to:
   • Analyse head movement patterns during guided exercises
   • Support clinical accuracy and adherence
   • Enable avatar-based replay functionality for user feedback and clinical review
   • Help users and clinicians gain insight into exercise performance and rehabilitation progress

• How We Handle This Data
  • The data is collected in real time during app use
  • It is transmitted securely to our servers using encryption protocols 
  • It is stored only for clinical replay and review functionality
  • It is not used for user identification or authentication
  • It is not shared with any third parties, advertisers, or analytics providers
  • Access is restricted to authorised clinical personnel and the user. 

Mojo does not use facial recognition, and we do not attempt to identify any user based on this data. We use facial tracking solely for clinical and rehabilitative purposes.

11. Use of Cookies and Analytics

Our website uses cookies and other tracking technologies to improve user experience and analyse traffic. You can choose to disable cookies in your browser settings, although this may affect website functionality.

12. Your Rights and Choices

Under the Privacy Act, you have the right to:

• Access: Request information about what personal data we hold about you, how it is used, and who it is shared with.
• Correction: Request that we correct personal information that is inaccurate, outdated, or incomplete.
• Opt out: Unsubscribe from marketing communications at any time.
• Complaint: Lodge a complaint if you believe we have mishandled your personal information.
• Deletion requests: Request deletion of your personal information where it is no longer required for the purpose it was collected and where no legal retention obligation applies. Note that health and clinical records may be subject to mandatory minimum retention periods under applicable legislation and cannot always be deleted on request.

The Privacy Act 1988 does not provide a general right to erasure equivalent to that under the GDPR. Where a deletion request cannot be fulfilled in full, we will explain the reasons and advise what we are able to do.

13. Complaints and Inquiries

If you have any concerns or complaints about how your personal information has been handled, please contact us first so we can resolve the issue promptly.

If you’re not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

Website: https://www.oaic.gov.au

Phone: 1300 363 992

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

Mojotech Holdings Pty Ltd
Level 6, 66 Clarence Street, Sydney NSW 2000
Email: privacy@mojohealthtech.com