Our Commitment to Your Privacy

Theramelo respects your right to privacy and is committed to safeguarding the privacy of our customers and users. We adhere to the Australian Privacy Principles (APPs) established by the Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme. This policy sets out how we collect, use, disclose, and manage your personal information.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

1. Collection of Personal Information

What Information We Collect

Theramelo may collect and store personal information you provide to us through our website and mobile application, including but not limited to:

• Basic contact information: name, email address, phone number, postal address
• Account information: username, password, profile preferences, therapeutic goals
• Health and wellness information: conditions being addressed, therapeutic preferences, progress tracking data
• Communication data: feedback, survey responses, customer support interactions
• Professional information: healthcare provider details, referral information (where applicable)
• Financial information: payment details, billing information (when processing transactions)
• Technical information: IP address, device information, browser type, app usage patterns
• Audio interaction data: session participation, response to therapeutic music (anonymized)
• Marketing preferences: subscription choices, communication preferences

When We Collect Information

We collect personal information when you:

• Register for an account or subscribe to our services
• Use the Theramelo app and interact with therapeutic content
• Schedule appointments with Registered Music Therapists (RMTs)
• Contact us through our website, email, or phone
• Participate in surveys, feedback forms, or research studies
• Subscribe to our newsletters or marketing communications
• Provide information about your therapeutic goals and preferences
• Participate in music therapy sessions through our platform

2. How We Collect Your Personal Information

Theramelo collects personal information through various methods:

• Directly from you: when you voluntarily provide information via our website forms, app interfaces, emails, phone calls, or during therapy sessions
• Automatically: through cookies, web beacons, and similar technologies when you use our website and app
• Healthcare providers: from referring professionals or therapists (with your consent)
• Third parties: from payment processors, service providers, or publicly available sources, where lawful and appropriate
• App analytics: usage patterns, session engagement, and therapeutic progress indicators (anonymized where possible)

When we receive personal information from third parties, we will handle it in accordance with this Privacy Policy and applicable privacy laws.

3. Use of Your Personal Information

Theramelo uses your personal information for the following purposes:

Primary Purposes

• Providing and improving our music therapy services
• Personalizing therapeutic content and recommendations
• Processing transactions and managing accounts
• Facilitating appointments with RMTs
• Tracking therapeutic progress and outcomes (with your consent)
• Communicating with you about our services
• Responding to inquiries and providing customer support
• Fulfilling legal and regulatory requirements

Secondary Purposes

• Sending you information about new therapeutic programs, services, and opportunities (with your consent)
• Conducting research and analytics to improve our therapeutic offerings
• Personalizing your app and website experience
• Detecting and preventing fraud or unauthorized access
• Maintaining app security and functionality
• Developing new music therapy interventions and content

Research and Development

With your explicit consent, we may use anonymized data to:

• Conduct research on music therapy effectiveness
• Improve our therapeutic algorithms and recommendations
• Contribute to academic research in music therapy (data will be de-identified)

Marketing Communications

We may contact you via email, SMS, phone, or mail for marketing purposes only if you have consented or where permitted by law. You can opt-out of marketing communications at any time.

4. Disclosure of Your Personal Information

Theramelo may disclose your personal information in the following circumstances:

Service Providers

We may share your information with trusted third parties who assist us in:

• App hosting and maintenance
• Payment processing
• Communication and appointment scheduling services
• Analytics and therapeutic outcome measurement
• Legal and professional advisory services
• Cloud storage and data backup services

Healthcare Professionals

With your explicit consent, we may share relevant information with:

• Your referring healthcare provider
• Registered Music Therapists providing your care
• Other members of your healthcare team (as authorized by you)

Legal Requirements

We may disclose personal information when required or authorized by law, including:

• Compliance with court orders, subpoenas, or legal processes
• Cooperation with law enforcement agencies
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities
• Mandatory reporting requirements under healthcare regulations

Business Transactions

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the new entity, subject to the same privacy protections.

International Transfers

Information may be stored, processed, or transferred to countries outside Australia. When this occurs, we ensure appropriate safeguards are in place to protect your personal information in accordance with Australian privacy laws.

5. Data Security

Theramelo is committed to protecting your personal information through:

• Implementation of appropriate technical and organizational security measures
• Encryption of sensitive health and personal data
• Regular security assessments and updates
• Staff training on privacy and security protocols
• Secure data transmission and storage practices
• Multi-factor authentication for sensitive account access

Data Breach Notification

While we implement robust security measures, no system is completely secure. In the unlikely event of a data breach that may result in serious harm, we will:

• Take immediate steps to contain the breach
• Assess the risk and notify the Office of the Australian Information Commissioner (OAIC) within 72 hours if required
• Notify affected individuals if the breach is likely to result in serious harm
• Take remedial action to prevent future breaches

6. Your Rights and Choices

Under Australian privacy law, you have the right to:

Access and Correction

• Request access to personal information we hold about you
• Request correction of inaccurate, out-of-date, incomplete, or misleading information
• Receive information in a readily accessible format
• Access your therapeutic progress data and session history

Opt-Out Rights

• Unsubscribe from marketing communications
• Opt-out of certain data collection practices
• Request deletion of your personal information (subject to legal requirements)
• Withdraw consent for research participation
• Limit sharing of information with healthcare providers

How to Exercise Your Rights

To exercise these rights, contact us at: Email: info@theramelo.com

A reasonable administrative fee may apply for access requests. We will respond to your request within 28 days.

7. Cookies and App Analytics

Cookies

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and user behavior
• Provide personalized therapeutic content
• Enhance website and app functionality and security

You can control cookie settings through your browser, though some website features may not function properly if cookies are disabled.

App Analytics

Our mobile app collects analytics data to:

• Understand how users interact with therapeutic content
• Improve app performance and user experience
• Measure therapeutic engagement and outcomes
• Identify technical issues and optimize functionality

This information is collected in aggregate form and does not identify individual users unless you have provided personal information for therapeutic purposes

8. Third-Party Links and Services

Our website and app may contain links to external websites and services not controlled by Theramelo. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any external sites you visit.

Social Media Integration

If you choose to interact with us through social media platforms, please be aware that information shared on these platforms may be publicly visible and subject to the privacy policies of those platforms.

Integration with Healthcare Systems

Where you authorize integration with other healthcare apps or systems, data sharing will be governed by this policy and the privacy practices of those systems.

9. Health Information and Sensitive Data

Therapeutic Data Protection

We recognize that information about your therapeutic goals, mental health, and wellness is highly sensitive. We:

• Collect health information only with your explicit consent
• Use health information solely for therapeutic purposes and service improvement
• Implement additional security measures for health-related data
• Limit access to health information to authorized personnel only
• Comply with applicable health information privacy laws

Children's Privacy and Therapeutic Use

If our services are used by or for children, we are committed to protecting their privacy:

• We do not knowingly collect personal information from children under 13 years of age without appropriate parental consent
• If we become aware that personal information has been collected from a child under 13 without appropriate consent, we will take steps to delete such information promptly
• Parents or guardians must provide consent before children can access our therapeutic services
• Any personal information collected about children will be used solely for providing therapeutic services and will not be used for marketing to children

Family and Caregiver Access

Where children or individuals with disabilities use our services:

• Parents, guardians, or authorized caregivers may access relevant account information
• Therapeutic progress may be shared with authorized family members
• We require appropriate consent and authorization for such access

10. Retention of Personal Information

We retain personal information only as long as necessary for the purposes outlined in this policy or as required by law. Specifically:

• Account information is retained while your account is active and for 7 years after closure
• Therapeutic progress data may be retained longer for continuity of care purposes
• Research data (when anonymized) may be retained indefinitely for research purposes
• Communication records are retained for 2 years

When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it.

11. Privacy Complaints

If you have concerns about our privacy practices, you can lodge a complaint by contacting us at: Email: info@theramelo.com

We will:

• Acknowledge receipt of your complaint within 7 days
• Investigate the matter thoroughly
• Respond with our findings and any remedial action within 30 days

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on our website and in our app
• Notify you of significant changes via email or app notification
• Include the effective date of any changes

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Theramelo

Privacy Officer

Email: info@theramelo.com

Website: www.theramelo.com

Effective Date: 10 October 2025

By using the Theramelo website and mobile application, you acknowledge that you have read, understood, and agree to this Privacy Policy.